Blog Category


What is ARP Spoofing?

The Address Resolution Protocol (ARP) Spoofing attack, also called ARP Cache Poisoning or ARP Poison Routing, is a technique by which an attacker sends spoofed ARP messages onto a Local Area Network (LAN). It is used to allow the attacker access to incoming internet traffic on a LAN by having their Media Access Control (MAC) Address be linked to the Internet Protocol (IP) Address of another host (usually, the default gateway). Through this, they’re able to receive incoming traffic intended for that IP Address which allows them to intercept the data, modify traffic, or even stop all traffic on the network. Because of this, the technique is often used to open up the possibility of other attacks such as a Denial of Service (DoS) attack, a man in the middle attack, and a session hijacking attack. The success of the attack depends heavily on the attacker gaining direct success to the targeted local network segment and it can only be used on networks which use ARP.

What is LDAP Injection?

The Lightweight Directory Access Protocol (LDAP) is a standard application layer protocol in the Internet Protocol (IP) Suite used for accessing and maintaining distributed directory information services over a network. This is achieved by the protocol's methods to query and manipulate these directory services. Directory services are integral in setting up an Intranet and internet applications through allowing the sharing of the user, system, network, service, and application information on the network. For example, a corporate email for an organization and a telephone directory are both only achievable through directory services. As such, these records are always stored in an organized and often hierarchical structure.

What is Cache Poisoning?

Cache Poisoning (or DNS Spoofing) is an attack technique where corrupted Domain Name Server (DNS) data is stored into the DNS Resolver’s cache and causes it to return an incorrect Internet Protocol (IP) Address. As a result of this, the network traffic is then redirected to the attacker’s (or any other) computer instead of the intended recipient. From here, the attacker could use this to supplement other types of attacks such as a Denial of Service (DoS) attack or a man-in-the-middle attack. It can even be used in aiding them to spread computer worms and other malware or even redirecting users to a malicious site owned by the attacker (this method can be used in phishing attacks).

Keystroke logging, also called keylogging or keyboard capturing, is the action of recording and saving each keystroke on a keyboard over sometime, usually covertly. This is so that the person who enters the information onto to the keyboard remains unaware of having their information be monitored. The action is done through a logging program which is called a keylogger and it can be either software or hardware.

A man-in-the-middle (MITM) attack is a special type of attack in which an attacker covertly relays and potentially alters data between two parties on a network. These parties are usually oblivious to this attack and believe their connection and communication between each other is secured and their messages have integrity; however, that is not the case. The basis of the attack is to circumvent mutual authentication between the two parties and it can only be considered successful if the attacker can successfully impersonate the involved parties to each other. That is to say, the attacker must appear like Person A to Person B and like Person B to Person A. While it is a very common form of attack, most protocols do provide some kind of endpoint verification process to prevent MITM attacks; such as Transport Layer Security (TLS) which can authenticate both parties via a mutually trusted certificate authority.

What is a Botnet?

The most recent news of huge cyber-attacks using “Zombies” and “Bots” will not be alarming. This will not create this enthusiast think, even for a second, that the digital world has been taken by the living dead creatures or yet alien armies. But one thing will come to realize the "Botnets".

What are cyber threats?

Ransomware is a type of malware that locks users from accessing their data in their computer or any mobile device. To unlock their data, the users must pay a certain amount of ransom, this is mainly done by the payment method which uses Bitcoin. Although paying is an option in recovering your data, it is recommended not to pay because we cannot guarantee the promise of the attackers.

Learn about the stealthy threat of Cross-Site Request Forgery (CSRF) attacks and how they exploit web application authentication. Discover how CSRF vulnerabilities can be identified and safeguarded with unique tokens, protecting critical user data in online banking, social media, and beyond.

Carriage Return and Line Feed (CRLF) are special character elements typically embedded in Hypertext Transfer Protocol (HTTP) headers and some other software code. The inclusion of these character elements is to denote an End of Line (EOL) marker. These character elements are actually very common as many protocols of the Internet Protocol (IP) Suite, such as HTTP, MIME, and NNTP, use them to discretely split the text into elements. As such, CRLF injection is when an attacker can inject a sequence of CRLF into one of these protocols or software applications; such as an HTTP stream. This is one of the attacks most common uses and as such, has the alternative names of HTTP Response Splitting and Neutralization of CRLF Sequences in HTTP Headers.

What is buffer overflow?

Firstly, we must define what a buffer is. A buffer is an allocated section of memory which can hold anything from a string of characters to an array of integers. That being the case, a buffer overflow (or overrun) is what happens a buffer with a fixed-length receives more data than what it can handle. In this case, the extra data has to be stored somewhere and spills over into an adjacent space in memory which can corrupt or overwrite the data stored there. These overflows usually result in a system crash; however, they also create opportunities for an attacker to run some malicious code or manipulate coding errors. The success of these attacks are very high as most programming languages, such as C, C++, and Fortran are vulnerable to these types of attacks.