DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Buffer Overflows | The Basics - 2 For Programmers

Buffer Overflows | The Basics - 2 For Programmers


Hi and welcome back, it has been a long time I had actually written something for Devils Blog On Security. So first of all, to my regular reader I apologize on my behalf. In last post, we discussed basics of buffer overflows or in other words buffer overruns. Here we'll discus something more about basics, note that buffer overflow is one of the most complex, advanced and big topics in computer security world, so if you lack basic understanding of operating systems, computer networks and communication between them, programming and program execution, computing terms and analogy, and similar things, you'll get hard time understanding buffer overflows.

Buffer Overflow | The Basics

Buffer Overflow | The Basics



Hi, welcome back to Devils Blog On Security, in this post we'll discus some basics about buffer overflows also known as buffer overruns. So before we discus what is buffer overflow or buffer overrun is we will have a look on what exactly is buffer. Computer stores information in form of bits, for example if you want to store number 3 in computer's memory it will be stored in its binary form which is 11, as you can see 11 will require 2 bits to get stored in memory that indirectly means the number 3 will require 2 bits of computer memory or 2 bits of buffer. In simple words buffer is amount of memory allocated for particular variable or element.

To All Visitors Of Devils Blog Please Read This

To All Visitors Of Devils Blog Please Read This



After long time I yesterday I posted a new article on Devils Blog. It has been nearly one year this blog is live and since the time it is live I got several suggestions and recommendations by people on how to improve its over all quality. Following are some complaints and suggestions that I received from the time this blog is live,

Must Read Before You Buy Spyware

Must Read Before You Buy Spyware


Hello visitor, if you are here then surely you are planning to buy spyware and you stopped by just to to know what I want to tell you before you buy one. First of all if you are too lazy to read this article completely because it is little lengthy or you don't want to waste your half second rolling your finger on your mouse and scroll down then please close this window and leave immediately because reading this article incomplete would be good enough to not reading it.

There are different reasons for which different people buy spywares. Following are some of them,

SSL And TLS Attacks | SSL Man In The Middle

SSL And TLS Attacks | SSL Man In The Middle


In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL encrypted data transfer. The attack uses SSL strip developed by Moxie Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack can be exclusively performed from UNIX and Linux based platforms hence I suggest you to use Dsniff. Practically SSL strip was developed to demonstrate how an attacker can lead visitors to visit his/her site from legitimate site. The attack used misinterpretation of null characters vulnerability which existed in several certificates during 2009.

Working On SEO

Working On SEO



All dear visitors of Devil's Blog On Security. I'll be spending this week on optimizing my site to appear on Google search results in order to increase my blog visitors by SEO (Search Engine Optimization). I'll make small changes several times on my blog template to test results. In this due course you might face several irregularities on templates and blog posts. I urge you to not to bother about them till this week I assure you soon you'll not face such problem.

SSL And TLS Attacks | Weak Ciphers

SSL And TLS Attacks | Weak Ciphers


Both SSL and TLS protocols works on the basis of Public Key Infrastructure (PKI) and commonly includes key exchange algorithm to handle security. Apart from just CA authority the strength of SSL cipher depends on length of key, encryption algorithm used to encipher data and Message Authentication Code (also known as SSL MAC). In this post we will have our look on how key length could effect on cipher strength. So depending on the length of initial key generated for data exchange during SSL and TLS communication, ciphers can be divided into following categories.

Discount Coupon Codes For All Host Gator Hosting and Resller Plans

Discount Coupon Codes For All Host Gator Hosting and Resller Plans


9.94% discount on any Web Hosting Plan.
Coupon code: AFFILIATEK


20.00% discount on any Web Hosting Plan.
Coupon Code: SPRING (will not stay valid for long)


24.94% discount on any Web Hosting Plan.
Coupon Code: THEAFFKING best discount coupon on hosting plan.

Server Certificate Model

Server Certificate Model


In this post we will discus a little about server certificate model. Yes you are right we will discus here something about CA certificates and SSL. So lets start from CA certificate. Full form of CA is certificate authority or certification authority its main task is to provide digital signatures which are known as CA certificates. The digital signatures/certificates certifies the ownership of a public key. There are several CA that provide digital certificates some are free while some are paid. The very common use of CA certificates can be found in SSL or TSL. The introduction of SSL in HTTP protocol has made possible data transfer via network in encrypted form. Due to introduction of SSL in HTTP the three way handshake is also slightly affected to support data transfer in encrypted form.

JSON XSRF Attacks Countermeasurs

JSON XSRF Attacks Countermeasurs


In our previous posts we discussed XSRF, its types then JSON XSRF and attacking methodology. Following is our last post on XSRF in which we will cover preventive measures against JSON XSRF attacks. Following are preventive measures that can be taken against XSRF attacks.

  • First of all the application must implement all kinds of basic XSRF attacks.
  • Always use unpredictable parameter for JSON objects.
  • As told in previous posts JSON XSRF attacks are possible because application can send XMLHttpRequest to retrieve JSON data it can only retrieve data by using GET method, so its better to implement only POST method as an countermeasure against JSON XSRF.

I hope you enjoyed learning XSRF in our next post we will cover some other topic in detail, if you have any problem understanding anything or just in case you need any revise, please check out Web Application Security Page on this blog. For now we end XSRF here, thanks for reading, have a nice time and keep visiting.

Power Of Portable Firefox Makes It Hacker Safe

Power Of Portable Firefox Makes It Hacker Safe


In our previous posts we discussed XSRF, its types then JSON XSRF and attacking methodology. Following is our last post on XSRF in which we will cover preventive measures against JSON XSRF attacks. Following are preventive measures that can be taken against XSRF attacks.

  • First of all the application must implement all kinds of basic XSRF attacks.
  • Always use unpredictable parameter for JSON objects.
  • As told in previous posts JSON XSRF attacks are possible because application can send XMLHttpRequest to retrieve JSON data it can only retrieve data by using GET method, so its better to implement only POST method as an countermeasure against JSON XSRF.

I hope you enjoyed learning XSRF in our next post we will cover some other topic in detail, if you have any problem understanding anything or just in case you need any revise, please check out Web Application Security Page on this blog. For now we end XSRF here, thanks for reading, have a nice time and keep visiting.

JSON XSRF Attacks

JSON XSRF Attacks



In our last post on JSON XSRF attacks we saw some basics about XSRF attacks. So now in this section we will have our look on how to find and exploit JSON vulnerability for attack. As told in previous post JSON vulnerability exists when JSON data transfer format is used instead of standard XML data transfer format and that happens only in AJAX based web applications so following are your steps to find out whether a site is vulnerable or not.

JSON XSRF Attacks

JSON XSRF Attacks


Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly XSRF attacks can be called as derivative obtained by adding and integrating Session Management Attacks, Frame Injection Flaws and Cross Site Scripting whereas the case is little different in JSON XSRF attacks. Many professionals even object inclusion of JSON attack as XSRF attack but we have nothing to do with it. So lets see how JSON XSRF attacks are different from other XSRF attacks.

Must Read For All Who Are In Desparate Need Of Web Traffic

Must Read For All Who Are In Desparate Need Of Web Traffic



Are you a website or blog owner working hard to generate traffic to your website or you are an internet marketer who is struggling to generate traffic to his/her web page so that his/her online venture should turn into money making game. Then here is a system that guarantees you hits and conversions from your online ventures. And the best part of its 100% free. I joined this system 7 days ago and I was able to pull out 922 page-views with with 441 unique page hits in just 7 days to my brand new website. Believe me that's not joke at all pulling out 922 hits in just 7 days. I personally recommend you to join this system and see results all by your own eyes I guarantee you it does works and the best part about it is its free. You don't need credit card or Paypal account to join this system registration is just clicks away.

XSRF Countermeasure

XSRF Countermeasure



Welcome back to Devil's Blog On Security. Today we'll cover countermeasures against XSRF attacks. From our previous posts on XSRF attacks it is quite clear that XSRF vulnerabilities arise mostly due to automatic submission of cookies therefore one of the best things you can opt as an countermeasure is not to rely completely on HTTP cookies.
Avoid use of hidden variables in HTML pages for critical applications better use any other alternative.
A protected session management can even avoid XSRF attacks that can be executed using session hacking.
Don't ever rely on HTTP for HTTP Referrer header since it can be spoofed.
Keep all plug-ins of your web browser updated.

Hacked Session XSRF Attack

Hacked Session XSRF Attack



In our last post we discussed countermeasures against session hacking. Here we gonna discus one more attack that can be done if session is not protected. Hacked session XSRF attack is combination of session hacking and cross site request forgery(XSRF). Hacked session XSRF vulnerabilities arise where HTTP cookies are used to transmit session tokens. That means once HTTP cookie is set in browser it'll automatically submit that cookie back to application for every request.

Free Ebook Download | The Compelete NetBIOS Enumeration Tutorial

Free Ebook Download | The Compelete NetBIOS Enumeration Tutorial



Following ebook on NetBIOS enumeration covers everything you want to and you need to know about enumerating NetBIOS. This ebook covers NetBIOS enumeration with basics to using tools to enumerate it in possible details and in short simple form. Download and have fun.

Session Management Attacks Countermeasure

Session Management Attacks Countermeasure



From last few posts we are discussing session hacking or we can say attacks against session management. So after having a small look over session hacking and some of its regular types its time to have a look on its countermeasures. Same as any other web application countermeasures session hacking countermeasures also depend upon type of application and its implementation or you can say type of vulnerability a web application can suffer from. In this following post we will discuss some preventive measures which can be practically implemented over any web application against session hacking.

Comments And Contact Me Form Closed

Comments And Contact Me Form Closed




Hi guys I was quite busy last few days due to which I was unable to pay attention to my blog for nearly 4-5 days. Day before yesterday when I checked my e-mails I was shocked to see 96 mails from contact me form. As days are passing number of emails are increasing and most of them contain silly and same questions whose answers were already posted on blog. Please note that I am not a kid nor a newbie in hacking I am a Computer and Network Security Professional and I really try my best to keep things as simple as possible but when I see questions from people I see lack in basics and sometimes incredible stupidity.

Attacks Against Mishandling Of Tokens

Attacks Against Mishandling Of Tokens



In last post to session hacking series we saw how to attack weak token generation methods. In this post we will see how session tokens are mishandled and how they are attacked for mishandling. An important point that you must note that no matter how much secure coding you implement while creating session tokens if they are mishandled there's no way you can protect session from getting hacked. Next thing that you should keep in mind is that implementation of SSL doesn't guarantee 100% security against session hacking. Implementation of SSL helps in protecting tokens if implemented properly but honestly speaking there are many websites which does not really implement SSL properly thus leaving even SSL open to attack.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security