Questions tagged [exploit-kits]
16 questions
20
votes
5 answers
Where can I find a solid BURP tutorial?
I'm looking for a good resource for learning/configuring BURP. I understand the concepts behind using the framework, and have read the docs on the site, but if anyone has a solid tutorial link I would love to see it. I would've made this a wiki…
mrnap
- 1,308
- 9
- 15
14
votes
1 answer
Why do exploit kits use droppers?
I've been looking into the structure of the online criminal underground, which consists of exploit kits, droppers, and malware payloads.
What is the function of the dropper in this pipeline? Why aren't payloads deployed directly by the exploit kit?
Fred Concklin
- 821
- 8
- 15
13
votes
1 answer
SCADA / PLC exploit code was released in metasploit. Now what?
Wired reports that there are many security issues with Programmable Logic Controllers (PLCs) and now there is an easy to use tool to scan and detect vulnerabilities.
They say it's so easy, the update for Metasploit make it analogous to Firesheep…
makerofthings7
- 50,090
- 54
- 250
- 536
12
votes
3 answers
How do you defend specifically against attackers utilizing any or all of the commercial exploit kits?
There are several commercial exploit kits available containing 0day vulnerabilities:
White Phosphorus Exploit Pack http://www.immunityinc.com/products-whitephosphorus.shtml
Agora Exploit Pack http://gleg.net/agora.shtml
VulnDisco Exploit Pack…
Tate Hansen
- 13,714
- 3
- 40
- 83
10
votes
2 answers
How do exploit kits enumerate or fingerprint their targets?
My current understanding is that an exploit kit will fingerprint (gather information on) a system, check those details against a database of vulnerabilities and then attempt to use the relevant exploits.
I can see simple ways of checking for things…
Arlix
- 1,459
- 3
- 13
- 22
7
votes
1 answer
Realistic: Exploiting a computer on BIOS/ hardware level in less than an hour? (Infinite preparation time)
I wonder how hard it it to infect a laptop or netbook in 60 minutes or less in a way the victim cannot easily clean their machine by wiping hard disk drives.
Let's assume the following:
The attacker has physical access to the machine. I.e. they…
ALittleBitOfParanoia
- 71
- 1
4
votes
2 answers
known public exploits for vsftpd 2.0.1/2.0.5
I somehow noticed that there were numerous reports of security vulnerabilities of vsftpd 2.0.1~2.0.5; however, there just seems to be no public exploits.
The server I am working on has vsftpd 2.0.5 (set up by my supervisor-head administrator), and I…
Leo Zacchov
- 41
- 1
- 1
- 2
4
votes
2 answers
How to mitigate evil twin WIFI social engineering attack?
I just come across this article: Capturing WPA Passwords by Targeting Users with a Fluxion Attack.
Although WIFI Evil Twin attack and WIFI de-authentication attacks is known for a long time, a mature ease of use WIFI toolkit such as Luxion will…
mootmoot
- 2,387
- 10
- 16
3
votes
2 answers
Proof of concepts for published exploits
Do industry pros have VM's or various workstations setup to go through known exploits after they've been patched or is that less beneficial for learning than i'm imagining?
I'm thinking, how can you understand the buffer overflow attack, or another…
inbinder
- 155
- 5
2
votes
3 answers
Browser as Honey-Pot, is there?
I'm watching all this movement around Metasploit project, the great number of different exploitation plugins, and thousands of exploit packs. Now, it is real truth, anyone could configure his own black-hole in the network. Moreover, any admin of any…
anonymous
- 21
- 3
1
vote
1 answer
Can website exploit kits contain bootkits?
Can a website exploit kit theoretically contain a bootkit (it flashes your UEFI/BIOS)?
Sir Muffington
- 1,447
- 2
- 9
- 22
1
vote
1 answer
Wireless Exploit Project
I've been given a task of doing research for some tools/methods of accomplishing the following goals:
The engineers will scan the 802.11-based signal cloud around your network testing for ways that outsiders could eavesdrop on your wireless…
xpkiro
- 11
- 3
1
vote
1 answer
Ad-Banner Rendering Sites Serve with malicious content - how to respond?
We've received a random email, which was of-course by the way it looks might be a marketing attempt - however, one always needs for a verification to be done. The email read the following:
We have identified that the website http://example.com/ is…
Shritam Bhowmick
- 1,602
- 14
- 28
0
votes
1 answer
Automatic exploit searches
How to automatically search and download exploits which matches for example with kernel release ?
Is there for example a public REST web service which provide data in XML or JSON format to a client program ?
Thanks in advance !
EDIT :
Solution 1 :…
TMR_OS
- 208
- 2
- 10
-1
votes
1 answer
Shortened links and social media
I've been into IT-sec for a few years now and I have recently gotten in to the whole reddit/r/netsec, twitter, security.stackexchange thing, to get more involved with the community. What surprises me alot is that people are posting shortened links…
Memorem
- 11
- 2