content top

Heap Spraying – Active X Controls Under Attack

Heap Spraying – Active X Controls Under Attack

4Introduction   An ActiveX control is essentially a simple OLE object that supports the IUnknown interface. It was introduced in 1996 by Microsoft as a development of its Component Object Model (COM) and Object Linking and Embedding (OLE) technologies and is commonly used in its Windows Operating System.   ActiveX controls are highly portable COM objects, used extensively throughout Microsoft Windows platforms and, especially, in...

Read More

Shellcode Of Death

Shellcode Of Death

17Introduction   Recently, I had been working on a shellcode project that we named as “Shellcode Of Death“. “Shellcode of Death” is designed to run on Windows x86 platforms like Windows XP/Vista/7/8/Server 2003/2008.   What this shellcode does?     Well, this shellcode has been designed to format all the available drive on Windows. Weird? Huh!!! Yes, I know you may be thinking this is weird and...

Read More

Damn Vulnerable Web App – Local File Inclusion (LFI)

Damn Vulnerable Web App – Local File Inclusion (LFI)

2Introduction   In the first part of Damn Vulnerable Web App (DVWA) series, we have seen how we can install Damn Vulnerable Web Application (DVWA) on BackTrack 5 R1.   If you have not read the first part, here is the link: http://hacksys.vfreaks.com/pen-testing/damn-vulnerable-web-app-sql-injection.html   Now, we will test another attack vector known as Local File Inclusion (LFI).   Local File Inclusion (LFI) is a...

Read More

Art Of Exploit Writing – null Security Meet

Art Of Exploit Writing – null Security Meet

2Introduction   It’s was my pleasure to be with fantastic security minds of Bangalore. The event was null Bangalore which held @ThoughtWorks.   Topics and Schedules   09:30 – 10:00: Web App Basics – Insecure Direct Object Reference – Himanshu Das 10:00 – 10:15: Introductions 10:15 – 10:35: Newsbytes – Apurva 10:35 – 11:05: Vulnerability Disclosure – Nikhil Kulkarni 11:05...

Read More

Penetration Testing Report – Web Application

Penetration Testing Report – Web Application

13Introduction   Penetration Testing is a critical security testing of a network infrastructure, application, web application. Penetration testing is not going to be worth anything if there are no reports to detail what has been done and what needs to be fixed or corrected.   Penetration Test report lay down the base foundation that determines how good or bad a network, web applications and Internet security performs.   But...

Read More
content top