Hacking The Art Of Exploitation 2nd Edition
Ronna Bordelon
Chapter 1, Introduction, sets the expectations for the rest of the book. It introduces the complex, low-level workings of computers in a way that most high level users are likely to find quite illuminating.
Chapter 3 might be said to be the real meat of the text. It introduces all types of hacking exploits from stack and heap buffer overflows, denial of service attack, TCP/IP hijacking, port scanning and more. If these are vague concepts to you, they certainly will no longer be once you finished this book.
I found the approach of the book, starting with basic explanations of flaws and exploits, moving through programming and then centering on specific exploitation techniques to be very effective. Some older exploits (like the ping of death) might no longer be cause for concern, but the historical implications of flaws once exploited and eventually thwarted may help the reader to understand how systems and firewalls have evolved as a result. The dissections of hacking techniques are nothing short of excellent.
You can learn such things as how to corrupt system memory and run arbitrary code via buffer overflows and format strings. You will see how to go about outsmarting common security measures used with intrusion detection systems. You will learn how to use a debugger to read processor registers and memory contents. You might even learn to crack certain encryption protocols. Whether you are a sysadmin or a programmer, you are likely to leave this book with a renewed sense of the importance of defensive coding techniques.
Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.
Mit einem Klick auf "Externe Inhalte von podigee.com anzeigen" erklre ich mich damit einverstanden, dass mir der Inhalt angezeigt wird. Dadurch knnen personenbezogene Daten an podigee.com und andere Drittanbieter bermittelt werden. Mehr Informationen dazu finden Sie in unserer Datenschutzerklrung und unter
Mit einem Klick auf "Externe Inhalte von reddit.com anzeigen" erklre ich mich damit einverstanden, dass mir der Inhalt angezeigt wird. Dadurch knnen personenbezogene Daten an reddit.com und andere Drittanbieter bermittelt werden. Mehr Informationen dazu finden Sie in unserer Datenschutzerklrung und unter =de.
Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems.
"The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as CVE-2023-38831," Cluster25 said in a report published last week.
The archive contains a booby-trapped PDF file that, when clicked, causes a Windows Batch script to be executed, which launches PowerShell commands to open a reverse shell that gives the attacker remote access to the targeted host.
Also deployed is a PowerShell script that steals data, including login credentials, from the Google Chrome and Microsoft Edge browsers. The captured information is exfiltrated via a legitimate web service webhook[.]site.
CVE-2023-38831 refers to a high-severity flaw in WinRAR that allows attackers to execute arbitrary code upon attempting to view a benign file within a ZIP archive. Findings from Group-IB in August 2023 disclosed that the bug had been weaponized as a zero-day since April 2023 in attacks targeting traders.
The development comes as Google-owned Mandiant charted Russian nation-state actor APT29's "rapidly evolving" phishing operations targeting diplomatic entities amid an uptick in tempo and an emphasis on Ukraine in the first half of 2023.
The substantial changes in APT29's tooling and tradecraft are "likely designed to support the increased frequency and scope of operations and hinder forensic analysis," the company said, and that it has "used various infection chains simultaneously across different operations."
APT29, which has also been linked to cloud-focused exploitation, is one of the many activity clusters originating from Russia that have singled out Ukraine following the onset of the war early last year.
In July 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) implicated Turla in attacks deploying the Capibar malware and Kazuar backdoor for espionage attacks on Ukrainian defensive assets.
"The Turla group is a persistent adversary with a long history of activities. Their origins, tactics, and targets all indicate a well-funded operation with highly skilled operatives," Trend Micro disclosed in a recent report. "Turla has continuously developed its tools and techniques over years and will likely keep on refining them."
Ukrainian cybersecurity agencies, in a report last month, also revealed that Kremlin-backed threat actors targeted domestic law enforcement entities to collect information about Ukrainian investigations into war crimes committed by Russian soldiers.
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year.
This year, in response to our call for nominations the community submitted a record 68 entries, and cast votes to select 15 finalists. The finalists were then analysed over two weeks and voted on by an expert panel of researchers Nicolas Grgoire, Soroush Dalili, Filedescriptor, and myself to select the top ten new web hacking techniques of 2023! As usual, we haven't excluded our own research, but panellists can't vote for anything they're affiliated with.
The standard of competition has once again been extremely fierce, with many posts I personally rate failing to even survive the community vote. I highly recommend that everyone with time to spare peruse the entire nomination list, and we've added AI-generated summaries for every entry to help you evaluate which ones to dive into.
In tenth place, we have a beautiful insight into some overlooked and incredibly valuable attack-surface. In can I speak to your manager? hacking root EPP servers to take control of zones, Sam Curry, Brett Buerhaus, Rhys Elsmore, and Shubham Shah give us a timeless lesson that critical internet infrastructure can be shockingly fragile, and the easiest route to hack something might be many layers away.
In ninth, Cookie Crumbles: Breaking and Fixing Web Session Integrity takes a harsh look at the state of web cookies from numerous angles. One standout technique is CSRF token fixation - a cousin of session fixation, which they use to exploit numerous authentication libraries, notably including popular PHP framework Symfony. If you want to perform a CSRF attack in 2024, read this paper. Excellent work from Marco Squarcina, Pedro Ado, Lorenzo Veronese and Matteo Maffei.
In eighth place, From Akamai to F5 to NTLM... with love offers proof that HTTP Desync Attacks still haunt the internet. D3d's deadvolvo's work stands out thanks to a rich exploration of the research thought process, sharing the whole journey and capturing the sheer scope and impact of this bug class. Both vulnerable server vendors refuse to pay bounties, and instead rely on their exposed customers paying out bounties to incentivize this kind of research, which creates some interesting dynamics. Best not to think about it.
How I Hacked Microsoft Teams takes you through the conception and development of a $150,000 exploit chain. This presentation by Masato Kinugawa is meticulously crafted to let the reader rediscover the exploit themselves, so I won't spoil it by describing the techniques involved. Rather than introducing a novel class of attack, it's a holistic insight into his innovative approach to bypassing protections. I'd recommend everyone read it, but it's particularly worth reading if you want to find non-trivial bugs in Electron applications.
It's easy to under-estimate the scope of HTTP Request Splitting because frankly, it shouldn't exist in any mainstream server in 2023. However, nginx apparently thinks otherwise, making this vulnerability a common and high-impact goldmine for hackers. In HTTP Request Splitting vulnerabilities exploitation, Sergey Bobrov provides a broad range of case-studies showing creative pathways to maximum impact. You can expect this to remain valuable until nginx changes their position, or HTTP/1.1 fades out of existence. I'll write them an email.
In fifth place, Exploiting HTTP Parsers Inconsistencies by Rafael da Costa Santos takes familiar parser confusion techniques and reapplies them in new contexts, discovering ACL bypasses, SSRF, cache poisoning, and of course WAF bypasses. It takes serious skill to make research look this easy.
In 2022, hash_kitten invented an extremely creative technique to leak the contents of files by repeatedly using PHP filters to trigger conditional out-of-memory exceptions, but the community struggled to replicate it and the technique largely escaped attention. In PHP filter chains: file read from error-based oracle, Rmi Matasse gives this amazing technique the in-depth explanation, optimisations, and accompanying toolkit that it so badly deserves. This technique is fascinating and we're intrigued to see if it gets taken further in PHP or other languages.
In well-earned third place comes SMTP Smuggling - Spoofing E-Mails Worldwide by Timo Longin. This research continues the parser discrepancy storm by adapting HTTP request smuggling techniques to exploit SMTP instead. It contains all the hallmarks of outstanding research: innovative ideas, high-impact case-studies targeting well-known software, in-depth explanations, tools, and ample potential for further research. We think it could serve as a solid foundation for identifying smuggling issues in different protocols or even for discovering additional techniques within SMTP itself. It also offers a clear lesson; if you're using a text-based protocol with multiple parsers, beware!
c80f0f1006