The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.
146
votes
3answers
32k views
CRIME - How to beat the BEAST successor?
With the advent of CRIME, BEASTs successor, what is possible protection is available for an individual and / or system owner in order to protect themselves and their users against this new attack on ...
65
votes
13answers
5k views
What “hacking” competitions/challenges exist?
I have always enjoyed trying to gain access to things I'm not really supposed to play around with. I found Hack This Site a long time ago and I learned a lot from it. The issue I have with HTS is that ...
46
votes
7answers
33k views
Can webcams be turned on without the indicator light?
I want to know how secure I am.
I've made a series of pentests in my network and one of the things I've tried was to record webcam and microphone.
Recording an end-user's microphone seems to be a ...
23
votes
6answers
1k views
Is there a difference between GET and POST for web application security?
I have 2 choices in sending data between 2 web applications.
I encode the data in Base64 and append to the URL and retrieve these parameters at my destination application and decode the parameters.
...
21
votes
2answers
2k views
How do ASLR and DEP work?
How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?
19
votes
2answers
301 views
Aviation security - Lessons to learn from PlaneSploit
A somewhat related question has already been asked (What would one need to do in order to hijack a satellite?), only at a more abstract level.
Now we have a presentation by Hugo Teso from n.runs AG ...
16
votes
7answers
785 views
How would you exploit this vulnerability in order to cause max damage
I've found a whole lot of SQL injection exploits in some systems I maintain. I know how to prevent the injection, but I would like to demonstrate to my CEO and CTO how dangerous it is if we don't have ...
15
votes
4answers
821 views
What is the easiest way to search massive, leaked databases for persons and personal information?
This may seem like a rather nefarious question, however, my motivations are quite the opposite-- I want to know how at risk I might be!
A while ago a very MASSIVE database was leaked that contained ...
15
votes
2answers
4k views
Can A Powered Down Cell Phone be Turned On Remotely?
I know this is tin-foil hat fodder, but at least one judicial opinion (http://www.politechbot.com/docs/fbi.ardito.roving.bug.opinion.120106.txt) referenced a bug that could track/listen in on the ...
13
votes
4answers
1k views
What is the corrupted image vulnerability? How does it work?
What exactly happens when someone injects malicious binary code into an image file (on Windows)? How is that done?
12
votes
3answers
712 views
Bypassing Address Space Layout Randomization
How effective is ASLR in preventing arbitrary code execution in a buffer overflow type exploit? How hard is it for an attacker to bypass this without simply guessing where the addresses are?
12
votes
3answers
3k views
Stack Overflows - Defeating Canaries, ASLR, DEP, NX
To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an ...
11
votes
3answers
618 views
What is the difference between Exploit and Payload?
In computer security, we know that weak points in software are called vulnerabilities (if related to security). And once the vulnerability is found, theoretically it requires a piece of code as proof ...
11
votes
5answers
438 views
What is the potential impact of the alleged OpenBSD IPSEC attack?
Recently there is a bit of concern over encryption back doors in IPsec and while the status of this has not been confirmed, I don't know what impact something like this might have.
For instance, does ...
11
votes
6answers
2k views
Vulnerable OS's?
Which vulnerable OS's like for example DVL would you recommend for someone to use for the purpose of pentest/exploitation learning?
