一蓑烟雨

摘要： Application Exploits, Part III CROSS-SITE SCRIPTING(XSS) Injection attack in which an attacker sends malicious code(client-side script) to a web appli 阅读全文

摘要： Application Exploits, Part II AUTHENTICATION EXPLOITS Credential brute forcing Offline cracking(Hydra) Session hijacking Intercepting and using a sess 阅读全文

摘要： SQL Injection Demo Tools: Kali Linux Target Application: DVWA(Damn Vulnerable Web App) Login the DVWA website:http://10.0.0.20/dvwa/login.php Set the 阅读全文

摘要： Application Exploits, Part I APPLICATION-BASED EXPLOITS Injection attack Inserting additional data into application beyond what is expected SQL (Struc 阅读全文

摘要： Wireless Exploits WIRELESS AND RF VULNERABILITIES Wireless and RF vulnerabilities Broadcast is wide open aircrack-ng Evil twin - rogue WAP used to eav 阅读全文

摘要： Man in the middle exploits ADDITIONAL NETWORK EXPLOITS Man-in-the-middle Family of attacks where the attack intercepts messages between a sender and r 阅读全文

摘要： FTP Exploit Demo Use Nmap to find the vulnerability. nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV -p 21 10.0.0.19 Use metasploit-fr 阅读全文

摘要： Network-Based Exploits NAME RESOLUTION EXPLOITS NETBIOS name service(NBNS) Part of NetBIOS-over-TCP Similar functionality to DNS LLMNR(Link-local Mult 阅读全文

摘要： In-Person Social Engineering MORE ATTACKS AND EXPLOITS Elicitation Gathering info about a system from authorized users Interrogation Informal intervie 阅读全文

摘要： Remote Social Engineering SOCIAL ENGNEERING Tricking or coercing people into violating security policy Depends on willingness to be helpful Human weak 阅读全文