Buffer Overflow

The ability to remain stealth during a penetration exercise is what separates a sophisticated hacker from a script kitty. The phrase “The Quieter You Become, The More You Are Able to Hear” holds true, especially in the field of hacking. Being able to perform Ani-forensics and avoid detection is critical to the success of hacking and penetration testing and understanding these methods is beneficial, even for white hat hackers, as there will be times in a penetration where the system is already compromised. In such cases, understanding what the attacker is doing in order to cover their tracks can help determine the sophistication of the attack or bring prosecution to the attacker. All hacks begin with system enumeration and nmap is one of the best tools to use during this discovery phase. However, as I explained in Scanning With nmap blog, port scanning a bunch of IP Addresses or every port on a target system is noisy and can cause denial of service conditions (very bad if you are ...

It should be no surprise that the cloud can be just as vulnerable as in-house servers; after all the cloud is just data centers with servers connected to the internet. Cloud data centers such as Amazon, Microsoft, and Google do have top notch security such as physical controls like concrete barriers and utilize the most recent and secure network protocols such as IPv6. However, this does not stop users of the cloud from poorly implementing security configurations or writing bad code for the sites a cloud may host. Even more interesting, it has been found that the cloud vendors themselves have vulnerabilities.  Let’s delve into some of these issues and how they may be addressed. 0day vulnerabilities in the cloud vendors themselves do exist. Azure, in example, did have a 0day Cross-Site Scripting (XSS) vulnerability. Chris Dale, a penetration tester, found a command injection flaw that allowed him to set environment variables of a process using an XSS payload. The command injec...