Foro de elhacker.net

Seguridad Informática => Nivel Web => Mensaje iniciado por: T0rete en 22 Enero 2010, 12:13 pm


Título: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: T0rete en 22 Enero 2010, 12:13 pm
Leo en el blog "Infomático y segurata"  (http://informaticoysegurata.blogspot.com/2010/01/las-10-mejores-tecnicas-de-hacking-web.html)una anotación sobre el "Top Ten Web hacking techniques of 2009" (http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html) de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Eduardo Vela, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.

Os pongo el top ten aqui pero en la anotacion original hay 82 y 3 son de sirdarckcat.

Citar
Top Ten Web Hacking Techniques of 2009! (http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html)

1. Creating a rogue CA certificate (http://www.phreedom.org/research/rogue-ca/)
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

2. HTTP Parameter Pollution (HPP) (http://blog.mindedsecurity.com/2009/05/http-parameter-pollution-new-web-attack.html)
Luca Carettoni, Stefano diPaola

3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack) (http://netifera.com/research/)
Thai Duong and Juliano Rizzo

4. Cross-domain search timing (http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html)
Chris Evans

5. Slowloris HTTP DoS (http://ha.ckers.org/blog/20090617/slowloris-http-dos/)
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu (http://www.securityfocus.com/archive/1/456339/30/0/threaded) & Ivan Ristic - “Programming Model Attacks” section of Apache Security (http://www.apachesecurity.net/about/table-of-contents.html) for describing the attack, but did not produce a tool)

6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug) (http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf)
Soroush Dalili

7. Exploiting unexploitable XSS (http://stephensclafani.com/2009/05/26/exploiting-unexploitable-xss/)
Stephen Sclafani

8. Our Favorite XSS Filters and how to Attack them (http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html)
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

9. RFC1918 Caching Security Issues (http://www.sectheory.com/rfc1918-security-issues.htm)
Robert Hansen

10. DNS Rebinding (3-part series Persistent Cookies (http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/), Scraping & Spammin (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/)g (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/), and Session Fixation (http://ha.ckers.org/blog/20091116/session-fixation-via-dns-rebinding/))
Robert Hansen
Espero que disfuteis con la lectura.

 (http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html)

Citar
The Complete List
  • Persistent Cookies and DNS Rebinding Redux (http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/)
  • iPhone SSL Warning and Safari Phishing (http://ha.ckers.org/blog/20090329/iphone-ssl-warning-and-safari-phishing/)
  • RFC 1918 Blues (http://ha.ckers.org/blog/20090608/rfc1918-blues/)
  • Slowloris HTTP DoS (http://ha.ckers.org/blog/20090617/slowloris-http-dos/)
  • CSRF And Ignoring Basic/Digest Auth (http://ha.ckers.org/blog/20090630/csrf-and-ignoring-basicdigest-auth/)
  • Hash Information Disclosure Via Collisions - The Hard Way (http://ha.ckers.org/blog/20090713/hash-information-disclosure-via-collisions-the-hard-way/)
  • Socket Capable Browser Plugins Result In Transparent Proxy Abuse (http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html)
  • XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+ (http://ha.ckers.org/blog/20090720/xmlhttpreqest-ping-sweeping-in-firefox-35/)
  • Session Fixation Via DNS Rebinding (http://ha.ckers.org/blog/20091116/session-fixation-via-dns-rebinding/)
  • Quicky Firefox DoS (http://ha.ckers.org/blog/20090727/quicky-firefox-dos/)
  • DNS Rebinding for Credential Brute Force (http://ha.ckers.org/blog/20091117/dns-rebinding-for-credential-brute-force/)
  • SMBEnum (http://ha.ckers.org/blog/20090809/smbenum/)
  • DNS Rebinding for Scraping and Spamming (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/)
  • SMB Decloaking (http://ha.ckers.org/blog/20090811/smb-decloaking/)
  • De-cloaking in IE7.0 Via Windows Variables (http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/)
  • itms Decloaking (http://ha.ckers.org/blog/20090819/itms-decloaking/)
  • Flash Origin Policy Issues (http://foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html)
  • Cross-subdomain Cookie Attacks (http://skeptikal.org/2009/11/cross-subdomain-cookie-attacks.html)
  • HTTP Parameter Pollution (HPP) (http://blog.mindedsecurity.com/2009/05/http-parameter-pollution-new-web-attack.html)
  • How to use Google Analytics to DoS a client from some website. (http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html)
  • Our Favorite XSS Filters and how to Attack them (http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html)
  • Location based XSS attacks (http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/)
  • PHPIDS bypass (http://www.thespanner.co.uk/2009/01/04/phpids-bypass/)
  • I know what your friends did last summer (http://www.thespanner.co.uk/2009/01/07/i-know-what-your-friends-did-last-summer/)
  • Detecting IE in 12 bytes (http://www.thespanner.co.uk/2009/01/28/detecting-ie-in-12-bytes/)
  • Detecting browsers ‭‬javascript hacks (http://www.thespanner.co.uk/2009/01/29/detecting-browsers-‭‬javascript-hacks/)
  • Inline UTF-7 E4X ‭‬javascript hijacking (http://www.thespanner.co.uk/2009/02/24/inline-utf-7-e4x-‭‬javascript-hijacking/)
  • HTML5 XSS (http://www.thespanner.co.uk/2009/03/20/html5-xss/)
  • Opera XSS vectors (http://www.thespanner.co.uk/2009/05/08/opera-xss-vectors/)
  • New PHPIDS vector (http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/)
  • Bypassing CSP for fun, no profit (http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/)
  • Twitter misidentifying context (http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/)
  • Ping pong obfuscation (http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/)
  • HTML5 new XSS vectors (http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/)
  • About CSS Attacks (http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html)
  • Web pages Detecting Virtualized Browsers and other tricks  (http://jeremiahgrossman.blogspot.com/2009/08/web-pages-detecting-virtualized.html)
  • Results, Unicode Left/Right Pointing Double Angel Quotation Mark  (http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html)
  • Detecting Private Browsing Mode  (http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html)
  • Cross-domain search timing (http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html)
  • Bonus Safari XXE (only affecting Safari 4 Beta) (http://scarybeastsecurity.blogspot.com/2009/06/bonus-safari-xxe-only-affecting-safari.html)
  • Apple's Safari 4 also fixes cross-domain XML theft (http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-also-fixes-cross-domain.html)
  • Apple's Safari 4 fixes local file theft attack (http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html)
  • A more plausible E4X attack (http://scarybeastsecurity.blogspot.com/2009/05/more-plausible-e4x-attack.html)
  • A brief description of how to become a CA (http://schmoil.blogspot.com/2009/01/brief-description-of-how-to-become-ca.html)
  • Creating a rogue CA certificate (http://www.phreedom.org/research/rogue-ca/)
  • Browser scheme/slash quirks  (http://i8jesus.com/?p=37)
  • Cross-protocol XSS with non-standard service ports (http://i8jesus.com/?p=75)
  • Forget sidejacking, clickjacking, and carjacking: enter “Formjacking” (http://i8jesus.com/?p=48)
  • MD5 extension attack (http://netifera.com/research)
  • Attack - PDF Silent HTTP Form Repurposing Attacks (http://www.secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf)
  • XSS Relocation Attacks through Word Hyperlinking (http://www.secniche.org/papers/SNS_09_01_Evad_Xss_Filter_Msword.pdf)
  • Hacking CSRF Tokens using CSS History Hack (http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/)
  • Hijacking Opera’s Native Page using malicious RSS payloads (http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/)
  • Millions of PDF invisibly embedded with your internal disk paths (http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/)
  • Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection (http://securethoughts.com/2009/05/exploiting-ie8-utf-7-xss-vulnerability-using-local-redirection/)
  • Pwning Opera Unite with Inferno’s Eleven (http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/)
  • Using Blended Browser Threats involving Chrome to steal files on your computer (http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/)
  • Bypassing OWASP ESAPI XSS Protection inside ‭‬javascript (http://securethoughts.com/2009/08/bypassing-owasp-esapi-xss-protection-inside-‭‬javascript/)
  • Hijacking Safari 4 Top Sites with Phish Bombs (http://securethoughts.com/2009/08/hijacking-safari-4-top-sites-with-phish-bombs/)
  • Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency (http://zeroknock.blogspot.com/2009/12/yahoo-babelfish-possible-inline-iframe.html)
  • Gmail - Google Docs Cookie Hijacking through PDF Repurposing (http://secniche.org/gmd_hijack/gc_hijack.xhtml) & PDF (http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf)
  • IE8 Link Spoofing - Broken Status Bar Integrity (http://secniche.org/ie_spoof_myth/)
  • Blind SQL Injection: Inference thourgh Underflow exception  (http://dbellucci.blogspot.com/2009/12/blind-sql-injection-inference-through.html)
  • Exploiting Unexploitable XSS (http://stephensclafani.com/2009/05/26/exploiting-unexploitable-xss/)
  • Clickjacking & OAuth (http://stephensclafani.com/2009/05/04/clickjacking-oauth/)
  • Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk (http://zeroknock.blogspot.com/2009/12/google-translate-google-user-content.html)
  • Active Man in the Middle Attacks (http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html)
  • Cross-Site Identification (XSid)
     (http://blog.quaji.com/2009/12/out-of-context-information-disclosure.html)
  • Microsoft IIS with Metasploit evil.asp;.jpg (http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx)
  • MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency (http://zeroknock.blogspot.com/2009/12/google-chrome-webkit-msword-scripting.html)
  • Generic cross-browser cross-domain theft (http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html)
  • Popup & Focus URL Hijacking (http://ha.ckers.org/blog/20091228/popup-focus-url-hijacking/)
  • Advanced SQL injection to operating system full control (http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-slides.pdf) (whitepaper (http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-whitepaper.pdf))
  • Expanding the control over the operating system from the database (http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database)
  • HTML+TIME XSS attacks (http://pastebin.com/f7ac1cced)
  • Enumerating logins via Abuse of Functionality vulnerabilities (http://websecurity.com.ua/2840/)
  • Hellfire for redirectors (http://websecurity.com.ua/2854/)
  • DoS attacks via Abuse of Functionality vulnerabilities (http://websecurity.com.ua/2981/)
  • URL Spoofing vulnerability in bots of search engines (http://www.webappsec.org/lists/websecurity/archive/2009-04/msg00047.html) (#2 (http://www.webappsec.org/lists/websecurity/archive/2009-04/msg00056.html))
  • URL Hiding - new method of URL Spoofing attacks (http://websecurity.com.ua/3383/)
  • Exploiting Facebook Application XSS Holes to Make API Requests (http://theharmonyguy.com/2009/10/09/the-month-of-facebook-bugs-report/)
  • Unauthorized TinyURL URL Enumeration Vulnerability (http://securethoughts.com/2009/02/unauthorized-tinyurl-url-enumeration-vulnerability/)

 http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html



Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: sirdarckcat en 22 Enero 2010, 12:21 pm
Citar
Leo en el blog "Infomático y segurata" una anotación sobre el "Top Ten Web hacking techniques of 2009" de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.
tambien el mio xD

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: T0rete en 22 Enero 2010, 12:42 pm
Sí, ya he corregido la lista que pone des en su blog :P

Veo enlaces a tus maravillosas anotaciones en estas, si me falta alguna añadela :xD

20 How to use Google Analytics to DoS a client from some website.
http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html

21 Our Favorite XSS Filters and how to Attack them
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html

35 About CSS Attacks
http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: sirdarckcat en 22 Enero 2010, 13:19 pm
yo soy el 8...

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: T0rete en 22 Enero 2010, 13:21 pm
Vale, vale, lo que pasa es que luego en la lista general cambian el orden :xD

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: Novlucker en 22 Enero 2010, 13:24 pm
Eso iba a decir!

Estas en el 8 en el top 10, y en el 21 en la general XD, igual la que vale es la de arriba, ... tiene letras más grandes XD

Saludos

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: AlbertoBSD en 22 Enero 2010, 13:43 pm
Tengo un libro de historias hackers y en uno de esos habla de HD Moore, Cando lo vi en la misma lista a sdc dije "aaa no mam.... neta!!"

Eso es todo sdc sigue asi.

Saludos

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: T0rete en 22 Enero 2010, 13:53 pm
sdc, ¿Y el libro sobre "Advanced Web Attacks Evasion & Obfuscation" cuando lo vais a publicar?

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: WHK en 22 Enero 2010, 17:57 pm
Muy buena documentación en general, hay mucho por leer y aprender

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: sirdarckcat en 23 Enero 2010, 07:32 am
@t0rete en junio/julio/agosto

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: Castg! en 26 Enero 2010, 08:18 am
sdc que estudios tenes? a que edad empezaste con todo esto de prgramacion? trabajaste engoogle?

Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: AlbertoBSD en 26 Enero 2010, 13:09 pm
Cita de: cɐstg en 26 Enero 2010, 08:18 am
sdc que estudios tenes? a que edad empezaste con todo esto de prgramacion? trabajaste engoogle?

 Si buscas por sirdarckcat vas a encontrar mucha info. Creo que sdc es de mi edad como 7 meses mas chico que yo xD.

La edad que el te la diga.

Saludos


Título: Re: Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)
Publicado por: Castg! en 26 Enero 2010, 18:54 pm
la edad la tiene en el perfil: 1337


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines