Ethical Hacking
Session hijacking at the application level focuses on gaining access to a host by obtaining legitimate session IDs from the victim. Essentially, a session ID is an identifier that is applied to a user’s session that allows the server or web resource to identify the “conversation” it is having with the client. So, for example, … Read more
You can categorize a session hijacking attack as either an active attack or a passive attack. Let’s look at both. Active Attack A session hijacking attack is considered active when the attacker assumes the session as their own, thereby taking over the legitimate client’s connection to the resource. In an active attack the attacker is … Read more
you should know that spoofing and hijacking are two distinctly different acts. Spoofing is when an attacking party pretends to be something or someone else, such as a user or computer. The attacker does not take over any session. In hijacking, the attacker takes over an existing active session. In this process, the attacker waits … Read more
Session hijacking is synonymous with a stolen session, in which an attacker intercepts and takes over a legitimately established session between a user and a host. The user-host relationship can apply to access of any authenticated resource, such as a web server, Telnet session, or other TCP-based connection. Attackers place themselves between the user and … Read more
When you’re pen testing for DoS vulnerabilities, a major area of concern is taking down integral resources during the testing phase. The ripple effect of taking out a file server or web resource can be pretty far reaching, especially if bringing the system back online proves challenging after a successful DoS test attack. As with … Read more
Let’s look at some DoS defensive strategies: Disabling Unnecessary Services You can help protect against DoS and DDoS attacks by hardening individual systems and by implementing network measures that protect against such attacks. Using Anti-Malware Real-time virus protection can help prevent bot installations by reducing Trojan infections with bot payloads. This has the effect of … Read more
DoS attacks come in many flavors, each of which is critical to your understanding of the nature of the DoS attack class. Service Request Floods In this form of DoS attack, a service such as a web server or web application is flooded with requests until all resources are used up. This would be the … Read more
DoS attacks result in a multitude of consequences. Let’s look at some common examples of what is seen in the real world, and what you’ll most likely see on the exam: Web Server Compromise A successful DoS attack and subsequent compromise of a web server constitutes the widest public exposure against a specific target. What … Read more
Denial of service is an attack that aims at preventing normal communication with a resource by disabling the resource itself, or by disabling an infrastructure device providing connectivity to it. The disabled resource could be in the form of customer data, website resources, or a specific service, to name a few. The most common form … Read more
social networking has exploded in popularity so quickly, companies and individuals have not had much time to deal with the problems the technology has brought to bear. Surveys taken in recent years have found that many companies either do not have a policy in place regarding social networking or are unaware of the risks. Recently, … Read more