We stick to basics thereby reiterating the hidden elements of security from this complex systems. We respect the researchers and hackers who work effortlessly to support community at par. We believe in hunting core to deface the reality of this machine world. The Niche of Security lockdown.
Optimized Derivative of Complex Security
PUBLICATIONS
1. All the ELSEVIER publications are available on sciencedirect.com
2. Debugging magazines are available on Amazon.
[Perfect Paperback]Debugging Experts Journal - Artifacts of Inline User Mode Heap Analysis.
This paper sheds light on the prerequisites for performing efficient user mode heap analysis. The paper derives the internal concepts to analyze user mode heaps in an appropriate manner irrespective of any component dependencies. For performing inline user mode heap analysis, a detailed subset of component based knowledge related to system functionality is required.
OnlineAmazon
Hakin9 January 2010 - Behavioral Analysis of Unwise_.exe Malware!
A widely distributed malware which nowadays stealthily installs itself onto the system and performs backend
functionality is known as unwise_.exe. The unwise_.exe executable runs as a system process. There is not enough
information present on this malware. Most of the protection measures revolve around the generic downloading of
anti viruses and scanning of your system to find the installed malware binaries.
Check
Haking through Wild Cards.
This paper sheds light on the usage of wild characters that lead
to hacking. The wild characters are used effectively in a different
sphere. The inappropriate use of wild characters can lead to
misconfiguration of parameters thereby resulting in a number of
attacks.
http://hakin9.org/magazine/885-my-erp-got-hacked
From Vulnerability to Patch - Window of Exposure (WOE)
http://www.elsevierscitech.com/nl/ns/home.asp
Mapping HTTP Interface Embedded Devices
This paper discusses the generic approach of detecting the HTTP interface of embedded devices. These devices perform a number of different functions based on the infrastructural need.
http://hakin9.org/magazine/810-the-real-world-clickjacking
Hacking IM Memory Encryption Flaws
This paper sheds a light on encryption problems in Instant Messaging client’s primary memory which lead to hacking. The IM clients have been used extensively all over the world to exchange messages between different parties.
http://hakin9.org/magazine/795-hacking-instant-messenger
Auditing Oracle Applications in Production Environment
This paper is based on real penetration testing of Oracle servers on HP-UX systems and the way the auditor has to follow to combat the
stringencies that come in a way. We will dissect the errors and the way to bypass them to conduct the tests.
http://hakin9.org/magazine/766-haking-wifi
Scrutinizing business logic - the enemy of the ebusiness world
Do you really think you are secure? Well the answer to this question is somewhat complex when it comes to information security realm in cyberspace. With the ever increasing amount of attacks and vulnerabilities in software and applications, it is hard to track the security element.
http://www.bcs.org/server.php?show=conWebDoc.24009
Audtiting Rich Internet Applications
This research deals with insecurities in designing FLEX based applications from a developer perspective.
The application's behavior depends on code written at the backend. It has been noticed that most of an
application's flaws are the outcome of insecure or bad code..
http://hakin9.org/magazine/729-kernel-hacking
Insecurities in Implementing RSS Feeds - Hacking RSS
This paper sheds light on the insecure coding practices that affect RSS based web applications and also on their flexibility.
The advent of Web 2.0 has enhanced the mobility of content. The inclusion of content has become the sole basis for the
inter-working of websites.RSS feeds are used extensively. This serves as an interdependent working platform. But during
penetration testing sessions, PHP based RSS applications show vulnerable behavior due to insecure coding. As a result of
this, web application robustness is affected.
http://hakin9.org/magazine/689-file-inclusion-attacks
Breaking in Malware Addons
This article covers the working functionality of Malware Add-ons. It presents the practical techniques which will help to understand Malwares effectively.
http://hakin9.org/magazine/643-ldap-cracking
Hacking 802.11 Protocol Insecurities.
Security and Privacy are two critical entities of any communication protocol. Security itself is a
prerequisite for robust implementation of networks. In this article,I dissect the 802.11 [1] protocol
attacks possible because of persistent problems in wireless networks. Before going into the attack
patterns against the protocol, I will briefly describe how 802.11 works by splitting frames into
functional objects.
[Usenix ;login]
Reverse Engineering Binaries.
This paper describes a Level 2 practical analysis of a window binary. It covers the methodical approach
to reverse engineer an executable. The binary can be a console program or GUI based. The point of this
talk is to understand a hierarchical layout to reverse an application within specific time limits.
http://hakin9.org/magazine/530-voip-abuse
Insecurities in Designing XML Digital Signatures.
This article encompasses the practical problems in designing XML signatures through the use of APIs.
XML signatures are used to provide security to data of any kind whether XML or binary. The confidentiality,
integrity, and authenticity of the message has to be preserved when designing a SOAP request for communication.
XML API functionality is very versatile but at the same time protection measures have to be included to prevent
loss of data.
[Usenix ;login]
Demystifying Windows PE Caveats
The use of reverse engineering is very useful in application testing. The article will take
you from peripheral concepts to the core of applied methods to govern the reverse analysis of
windows executable. This sets a realm to reverse engineer an application based on the dynamic
code execution. Basically,learning to traverse objects in a program is the prime aim of this article.
[Hakin9 Edition] .
Zmbscap : Anti DDos Leaflet.
The network is full of complexities. I think we can hardly find any network which is free from attack
jargon. The network is not monotonous in its context but rather segregated into complex objects. These
objects get exploited in every sense. Why? Because the cold war of attacks and prevention is on the way.
Attackers or Worm writers do everything to own a box. The networks always get swamped.
[Hakin9 Edition]