Las 10 mejores ténicas de hacking web 2009 (Jeremiah Grossman vía des)

T0rete · 22 Enero 2010, 12:13 PM

Leo en el blog "Infomático y segurata" una anotación sobre el "Top Ten Web hacking techniques of 2009" de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Eduardo Vela, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.

Os pongo el top ten aqui pero en la anotacion original hay 82 y 3 son de sirdarckcat.

CitarTop Ten Web Hacking Techniques of 2009!

1. Creating a rogue CA certificate
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

2. HTTP Parameter Pollution (HPP)
Luca Carettoni, Stefano diPaola

3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack)
Thai Duong and Juliano Rizzo

4. Cross-domain search timing
Chris Evans

5. Slowloris HTTP DoS
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - "Programming Model Attacks" section of Apache Security for describing the attack, but did not produce a tool)

6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
Soroush Dalili

7. Exploiting unexploitable XSS
Stephen Sclafani

8. Our Favorite XSS Filters and how to Attack them
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

9. RFC1918 Caching Security Issues
Robert Hansen

10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
Robert Hansen

Espero que disfuteis con la lectura.

CitarThe Complete List
Persistent Cookies and DNS Rebinding Redux
iPhone SSL Warning and Safari Phishing
RFC 1918 Blues
Slowloris HTTP DoS
CSRF And Ignoring Basic/Digest Auth
Hash Information Disclosure Via Collisions - The Hard Way
Socket Capable Browser Plugins Result In Transparent Proxy Abuse
XMLHTTPReqest "Ping" Sweeping in Firefox 3.5+
Session Fixation Via DNS Rebinding
Quicky Firefox DoS
DNS Rebinding for Credential Brute Force
SMBEnum
DNS Rebinding for Scraping and Spamming
SMB Decloaking
De-cloaking in IE7.0 Via Windows Variables
itms Decloaking
Flash Origin Policy Issues
Cross-subdomain Cookie Attacks
HTTP Parameter Pollution (HPP)
How to use Google Analytics to DoS a client from some website.
Our Favorite XSS Filters and how to Attack them
Location based XSS attacks
PHPIDS bypass
I know what your friends did last summer
Detecting IE in 12 bytes
Detecting browsers ‭‬javascript hacks
Inline UTF-7 E4X ‭‬javascript hijacking
HTML5 XSS
Opera XSS vectors
New PHPIDS vector
Bypassing CSP for fun, no profit
Twitter misidentifying context
Ping pong obfuscation
HTML5 new XSS vectors
About CSS Attacks
Web pages Detecting Virtualized Browsers and other tricks
Results, Unicode Left/Right Pointing Double Angel Quotation Mark
Detecting Private Browsing Mode
Cross-domain search timing
Bonus Safari XXE (only affecting Safari 4 Beta)
Apple's Safari 4 also fixes cross-domain XML theft
Apple's Safari 4 fixes local file theft attack
A more plausible E4X attack
A brief description of how to become a CA
Creating a rogue CA certificate
Browser scheme/slash quirks
Cross-protocol XSS with non-standard service ports
Forget sidejacking, clickjacking, and carjacking: enter "Formjacking"
MD5 extension attack
Attack - PDF Silent HTTP Form Repurposing Attacks
XSS Relocation Attacks through Word Hyperlinking
Hacking CSRF Tokens using CSS History Hack
Hijacking Opera's Native Page using malicious RSS payloads
Millions of PDF invisibly embedded with your internal disk paths
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
Pwning Opera Unite with Inferno's Eleven
Using Blended Browser Threats involving Chrome to steal files on your computer
Bypassing OWASP ESAPI XSS Protection inside ‭‬javascript
Hijacking Safari 4 Top Sites with Phish Bombs
Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
IE8 Link Spoofing - Broken Status Bar Integrity
Blind SQL Injection: Inference thourgh Underflow exception
Exploiting Unexploitable XSS
Clickjacking & OAuth
Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
Active Man in the Middle Attacks
Cross-Site Identification (XSid)
Microsoft IIS with Metasploit evil.asp;.jpg
MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
Generic cross-browser cross-domain theft
Popup & Focus URL Hijacking
Advanced SQL injection to operating system full control (whitepaper)
Expanding the control over the operating system from the database
HTML+TIME XSS attacks
Enumerating logins via Abuse of Functionality vulnerabilities
Hellfire for redirectors
DoS attacks via Abuse of Functionality vulnerabilities
URL Spoofing vulnerability in bots of search engines (#2)
URL Hiding - new method of URL Spoofing attacks
Exploiting Facebook Application XSS Holes to Make API Requests
Unauthorized TinyURL URL Enumeration Vulnerability

http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html

sirdarckcat · 22 Enero 2010, 12:21 PM

CitarLeo en el blog "Infomático y segurata" una anotación sobre el "Top Ten Web hacking techniques of 2009" de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.

tambien el mio xD

T0rete · 22 Enero 2010, 12:42 PM

Sí, ya he corregido la lista que pone des en su blog

Veo enlaces a tus maravillosas anotaciones en estas, si me falta alguna añadela

20 How to use Google Analytics to DoS a client from some website.
http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html

21 Our Favorite XSS Filters and how to Attack them
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html

35 About CSS Attacks
http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html

sirdarckcat · 22 Enero 2010, 13:19 PM

yo soy el 8...

T0rete · 22 Enero 2010, 13:21 PM

Vale, vale, lo que pasa es que luego en la lista general cambian el orden

Novlucker · 22 Enero 2010, 13:24 PM

Eso iba a decir!

Estas en el 8 en el top 10, y en el 21 en la general XD, igual la que vale es la de arriba, ... tiene letras más grandes XD

Saludos

AlbertoBSD · 22 Enero 2010, 13:43 PM

Tengo un libro de historias hackers y en uno de esos habla de HD Moore, Cando lo vi en la misma lista a sdc dije "aaa no mam.... neta!!"

Eso es todo sdc sigue asi.

Saludos

T0rete · 22 Enero 2010, 13:53 PM

sdc, ¿Y el libro sobre "Advanced Web Attacks Evasion & Obfuscation" cuando lo vais a publicar?

WHK · 22 Enero 2010, 17:57 PM

Muy buena documentación en general, hay mucho por leer y aprender

sirdarckcat · 23 Enero 2010, 07:32 AM

@t0rete en junio/julio/agosto