Friday, July 21st, 2017
An old favorite amongst the hacker community and becoming increasingly popular amongst Phishers, key-loggers and screen-grabbers can be used to observe confidential customer data as it is entered into a web-based application. This information is collected locally and typically retrieved through by attacker through the following different methods:
• Continuous streaming of data (i.e. data is sent as soon as it is generated) using a custom data sender/receiver pair. To do this, the attacker must often keep a connection open to the customer’s computer.
• Local collection and batching of information for upload to the attacker’s server. This may be done through protocols such as FTP, HTTP, SMTP, etc.
• Backdoor collection by the attacker. The observation software allows the attacker to connect remotely to the customer’s machine and pull back the data as and when required.
Read the rest of this entry »
Friday, June 30th, 2017
Cross-site scripting attacks (commonly referred to as CSS or XSS)
make use of custom URL or code injection into a valid web-based application URL or imbedded data field. In general, these CSS techniques are the result of poor web-application development processes.
While there are numerous vectors for carrying out a CSS attack, Phishers must make use of URL formatted attacks. Typical formats for CSS injection into valid URL’s include:
• Full HTML substitution such as: http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm Read the rest of this entry »
Saturday, June 17th, 2017
For a Phishing attack to be successful, it must use a number of methods to trick the customer into doing something with their server and/or supplied page content. There are an ever increasing number of ways to do this. The most common methods are explained in detail below, will include:
• URL Obfuscation Attacks
• Cross-site Scripting Attacks
• Preset Session Attacks
• Observing Customer Data
• Client-side Vulnerability Exploitation
I will go into more deatil about others in anouther post but today we are going to learn how to do Man-in-the-Middle attack
Man-in-the-middle Attacks One of the most successful vectors for gaining control of customer information and resources is through man-in-the-middle attacks. In this class of attack, the attacker situates themselves between the customer and the real web-based application, and proxies all communications between the systems. From this vantage point, the attacker can observe and record all transactions. This form of attack is successful for both HTTP and HTTPS communications. The customer connects to the attackers server as if it was the real site, while the attackers server makes a simultaneous connection to the real site. The attackers server then proxies all communications between the customer and the real web-based application server – typically in real-time. In the case of secure HTTPS communications, an SSL connection is established between the customer and the attackers proxy (hence the attackers system can record all traffic in an unencrypted state), while the attackers proxy creates its own SSL connection between itself and the real server.
Read the rest of this entry »