http://forkb0mb.org/content/ Still Watching Bits in a Terabyte World en Serendipity 1.4.1 - http://www.s9y.org/ http://forkb0mb.org/content/index.php?/archives/265-Wikipedia-Articles-in-Regards-to-Various-Types-of-Exploits.html Assembly Buffer Overflow C Development Exploits Firewall Format String IDS/IPS Networking Network Security Operating Systems Programming Race Conditions SQL Injection Systems Security Vulnerabilities XSS http://forkb0mb.org/content/index.php?/archives/265-Wikipedia-Articles-in-Regards-to-Various-Types-of-Exploits.html#comments http://forkb0mb.org/content/wfwcomment.php?cid=265 0 http://forkb0mb.org/content/rss.php?version=2.0&type=comments&cid=265 nospam@example.com (TJE) <strong>Wikipedia Articles in Regards to Various Types of Exploits</strong><br /> <br /> /*<br /> First, there is the Wiki page detailing exactly what an <a href="http://en.wikipedia.org/wiki/Exploit_%28computer_science%29" title="http://en.wikipedia.org/wiki/Exploit_%28computer_science%29">exploit</a> is. This is a very good read and should acquaint anyone with what an exploit is and can be capable of.<br /> <br /> Second, there are Wiki pages detailing several types of exploits and detailed information as to how they work. Below, you'll find some great examples of exploits ranging from low-risk web browser information disclosure on up to full system-level compromises.<br /> <ul><br /> <li> <a href="http://en.wikipedia.org/wiki/Buffer_overflow" title="http://en.wikipedia.org/wiki/Buffer_overflow">Buffer Overflow</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Heap_overflow" title="http://en.wikipedia.org/wiki/Heap_overflow">Heap Overflow</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Stack_buffer_overflow" title="http://en.wikipedia.org/wiki/Stack_buffer_overflow">Stack Buffer Overflow</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Integer_overflow" title="http://en.wikipedia.org/wiki/Integer_overflow">Integer Overflow</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Return-to-libc_attack" title="http://en.wikipedia.org/wiki/Return-to-libc_attack">Return-to-libc Attack</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Format_string_attack" title="http://en.wikipedia.org/wiki/Format_string_attack">Format String Attack</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Race_condition" title="http://en.wikipedia.org/wiki/Race_condition">Race Condition</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Code_injection" title="http://en.wikipedia.org/wiki/Code_injection">Code Injection</a><br /> <li> <a href="http://en.wikipedia.org/wiki/SQL_injection" title="http://en.wikipedia.org/wiki/SQL_injection">SQL Injection</a><br /> <li> <a href="http://en.wikipedia.org/wiki/Cross-site_scripting" title="http://en.wikipedia.org/wiki/Cross-site_scripting">Cross-Site Scripting</a> (XSS)<br /> <li> <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery" title="http://en.wikipedia.org/wiki/Cross-site_request_forgery">Cross-Site Request Forgery</a> (CSRF)<br /> </ul><br /> Some of these methods were even new to me. The Sea-Surf (CSRF - Cross-Site Request Forgery) method is something I had at least considered as possible, but I had no idea that the method had a name and was actively in use in-the-wild.<br /> <br /> Some of these methods require some social engineering to trick the end-user (target) into activating the payload; whereas others require no interaction by the target, and they are often unaware that they have been or are being compromised.<br /> <br /> There are many other interesting documents covering everything from <a href="http://en.wikipedia.org/wiki/Shellcode" title="http://en.wikipedia.org/wiki/Shellcode">shellcode</a> to <a href="http://en.wikipedia.org/wiki/Polymorphic_code" title="http://en.wikipedia.org/wiki/Polymorphic_code">polymorphic code</a> to a <a href="http://en.wikipedia.org/wiki/NOP" title="http://en.wikipedia.org/wiki/NOP">NOP</a> (Null OPeration) to <a href="http://en.wikipedia.org/wiki/NOP_slide" title="http://en.wikipedia.org/wiki/NOP_slide">NOP Sleds</a>.<br /> <br /> Happy hacking!<br /> */ Sun, 13 Jan 2008 00:19:56 -0500 http://forkb0mb.org/content/index.php?/archives/265-guid.html