Gopal's Blog

TDL4 (TDSS family) Rootkit

2011-06-30T20:09:00.005+05:30

TDL4 (TDSS family) Rootkit: Q1 2011 was the most active first quarter in malware history. One of the dangerous one is TDL4, it's claimed to support all versions of Microsoft Windows, since XP including Windows 7 sp1, inclusive, and supports both x86 and AMD64 (EM64T).TDL4 (Alurion ???) is the fourth generation of the TDSS Rootkit which hides itself on a system by infecting system files/drivers

Replay Attack & Its Countermeasures

2009-07-30T17:48:00.002+05:30

Replay Attack: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution. This attack uses a simple method of exploiting a captured packet or packets,

Session hijacking: A method of taking over a user session

2009-06-25T15:53:00.000+05:30

Session hijacking:Session hijacking is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed, the attacker can masquerade as that user and do anything the user is authorized to do. Session hijacking works by taking advantage of the fact that most communications are protected with

Security Considerations for File Upload

2008-10-31T13:47:00.003+05:30

Security Considerations for File Upload: Web applications are all about communicating with an end-user to abstract what information you need to from them depending on the service offered and responding with the data required. In many cases with Web application pages, it is usually simply textual data that is collected and stored. However, there are many cases where web applications need more than

Disabling unnecessary services: Part Two

2008-08-12T15:35:00.006+05:30

Disabling unnecessary and potentially dangerous services: Part TwoServices: ABCDEFGHIJKLMNOPQRSTUVWXYZ<>NTopService Name: NetlogonShort Name: NetlogonProcess Name: lsass.exeDepends on: WorkstationComponents depend on this: NonePurpose: It allows pass-through authentication to take place between a client and a domain controller or between domain controllers; required for domain

Disabling Unnecessary Services: Part One

2008-07-25T17:56:00.000+05:30

Disabling unnecessary and potentially dangerous services:Services: ABCDEFGHIJKLMNOPQRSTUVWXYZ<>Well, nowadays organizations are focusing on application security with growing number of attacks on applications. This is really good news to the end users who actually benefit from it however Organizations also benefit from the same by which their reputation can be increased. Securing only

Fundamentals of WCF Security (Part Two)

2008-06-09T16:56:00.000+05:30

<> Fundamental Security Concepts (Continued): The below are some of the available security settings in Windows Communication Foundation (WCF) Security Settings in WCF:Security modeProtection levelClient and service credentialsImpersonationCredential negotiationSecure sessionsAuthentication and authorization behaviorsThe first step to securing a WCF service is defining the “Security

Fundamentals of WCF Security (Part One)

2008-05-06T13:10:00.005+05:30

<>Fundamentals of WCF Security (Part One):Building distributed applications has never been easy. As the applications that we write satisfy more complex business requirements, it’s traditionally meant that the distributed applications we build get more complex themselves. It was the below types of development challenges in building distributed applications that drove the design goals of

Mass Web Server Hack through SQL Injection

2008-04-30T15:18:00.000+05:30

Mass Web Server Hack through SQL Injection:There's another round of mass SQL injections going on which has infected hundreds of thousands of websites, what happens after a site is infected is well understood; when a visitor reaches one of the hacked sites, malicious JavaScript loads an IFrame from a malware-hosting server and the IFrame redirects the browser to a different page, also hosted on

Strong Naming and Delay Signing Of Assemblies: Part Three

2008-03-05T16:19:00.000+05:30

<> <>Protecting Secrets with Delay Signing or Partial Signing:Strong names are secure only when the strong name private key is kept secure. Strong names do not have any revocation mechanism that can be used if the private key is compromised and they don’t have any expire date. So, it is very important to keep your private key as private! That is keeping your organization’s

Strong Naming and Delay Signing Of Assemblies: Part Two

2008-02-01T16:44:00.000+05:30

<> <>Working with Strong Names:Strong-name signing is always a good idea for most of the applications, especially for the applications that are deployed over a network and not fully controlled by the deployer. The anti-spoofing and anti-tampering benefits are quite valuable. Before moving into the details it is better to know the challenges involved with the strong naming.

Strong Naming and Delay Signing Of Assemblies: Part One

2008-01-25T16:27:00.000+05:30

<><> Strong Naming Of An Assembly:Strong naming of an assembly provides integrity; it prevents spoofing of your code by a third party. The .NET Framework uses strong names to identify assemblies and to protect them from tampering by verifying the signature either when loading the assembly or when installing it in the GAC. But strong name signatures do not contain any

Customize your Find in Files Results in Visual Studio

2007-12-11T17:47:00.000+05:30

Customize your Find in Files Results in Visual Studio :The default find in files results window of Visual Studio provides you only File name and line number with in the braces along with the code text. You can customize these results to show what you want to see and how you want to see it. If you spend a lot of your time in reformatting these results for any purpose then this tip might be helpful

An Overview of Cryptography

2007-11-01T16:32:00.000+05:30

Cryptography:There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography.Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, authentication, and

An Overview Of Buffer Overflows / Buffer Overruns

2007-10-20T15:57:00.000+05:30

Buffer Overflows (Buffer Overrun):A buffer overrun condition occurs when a process tries to copy more data into a buffer than the buffer intended to hold. Buffer overruns can occur on the stack memory or on the heap memory. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions that could, damage the user's files, corrupt or overwrite the valid data, or

One Of The Code Injection Attack: LDAP Injection

2007-10-17T17:22:00.000+05:30

LDAP Injection:LDAP Injection is an attack technique used to exploit web sites that construct LDAP statements from invalidated user supplied input. Using this attack, the attacker can execute arbitrary statements against the directory services. Simply, LDAP injection attack exploits vulnerabilities in input validation to run arbitrary LDAP statements against information directories. LDAP

Code Injection: XPath Injection

2007-10-10T12:27:00.000+05:30

XPath Injection: SQL is the most popular type of code injection attack, there are several others that can be just as dangerous to your applications and your data, including LDAP injection and XPath injection. An ‘XPath injection’ attack is similar to an SQL injection attack, but its target is an XML document rather than an SQL database. ‘XPath Injection’ is an attack technique used to exploit web

An Over View Of SQL Inection

2007-09-21T17:22:00.000+05:30

SQL Injection:A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. Your code is vulnerable to SQL injection attacks wherever it uses input parameters to construct SQL statements. A SQL injection attack occurs when un-trusted input / user controllable input can modify the logic of a SQL query in unexpected ways. It can also occur if your

The Cause of Cross-Site Scripting

2007-09-18T18:33:00.000+05:30

Cross-Site Scripting:Cross-site script (also known as XSS or CSS) vulnerabilities occur whenever one user input is passed back to the browser without adequate validation, sanitization or encoding. Simply XSS occurs when dynamically generated web pages display user input that is not properly validated, enabling an attacker to inject malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a

Assume all input is malicious until proven otherwise

2007-09-17T17:45:00.000+05:30

Input validation:Input validation is the most important ingredient of a secure application. Most major security holes today result from input validation flaws. This is something you can fix only by writing secure code; no settings or firewalls can save you here.Your application’s user input is the attacker’s primary weapon when targeting your application. Various attacks like Buffer overflow;