We stick to basics thereby reiterating the hidden elements of security from this complex systems. We respect the researchers and hackers who work effortlessly to support community at par. We believe in hunting core to deface the reality of this machine world. The Niche of Security lockdown.
Optimized Derivative of Complex Security
WHITEPAPERS - [2009] - [2008] - [2007] - [2006]
Whitepaper Released - PDF Silent HTTP Form Repurposing Attacks
This paper sheds light on the modified approach to trigger web attacks
through JavaScript protocol handler in the context of browser when a PDF is opened
in it. As we have seen, the kind of security mechanism implemented by Adobe in order
to remove the insecurities that originate directly from the standalone PDF document
in order to circumvent cross domain access. The attack is targeted on the web applications
that allow PDF documents to be uploaded on the web server.
PAPER
Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications
This paper sheds light on the hyper linking issues observed during penetration testing of web based enterprise
applications. This concept can be used to bypass standard XSS filters by creating a malicious Microsoft word document.
The inline hyper linking with malicious code subverts the enterprise web application XSS filters (while conversion mechanism)
when rendering is done in the context of browsers. As the code base is structured in a hierarchical manner, we will be laying
stress on the vendor based applications.
[PDF]
Paranaormal Fallacy - SE Automated Scanning Anomaly
This paper will discuss the anomaly behavior of Google search engine that affects the working of automated scanning tools.
This anomaly can be considered as a security mechanism implemented by Google to prevent number of search queries to be executed
by a single host within a specific time limit. Due to this factor the scanning functionality of number of tools is disrupted.
[PDF]
Information Prone LDAP Garbage Dumps. [Reviewed]
The LDAP garbage dump that remains on web server results in information disclosure.Security of LDAP may be compromised,
if for instance a search engine crawls through untamed directories on the web server and finds information through the
ldap.xml file. This type of harvesting attack is also termed static information leveraging attack.This article
provides methods for dealing with this type of attack and clarifying how to secure LDAP.The ldap.xml file, often remains
on the server due to either misconfiguration or improper server administration.
[PDF]
Paradox of Web Leeching : Semantics
This paper delineates the anti circumventory paradox of Leeching. This matrix co-persists with the attackers and protectors.
Leech computing is a concept that is based on distributed functionality. Actually in technology terms, the leech computing
relates to a hidden program on a client computer and user is not aware of it.
[PDF]
The Anatomy of Third Party Pop Up Attacks.
This article deals with the latest third party popup attacks that are performed by an attacker from the rogue
and vulnerable links of the web sites to circumvent the normal functioning on the web. The target website
always seems to be the liable web provider from where the popup attacks are possible. It also discusses other
problems related with Pop Ups.
[PDF]
Rogue XML Specifications.
This article solely comprise of the insecurities that remain in the XML schema defined for any web
application. .It is actually centered on the web.xml file as the xml specification act as an interface
to server objects. This xml file is significant because the specifications provided in it are dynamically
traversed during execution of the server objects. The interface being provided by the xml schema directly
configures the server on the fly which is dependent on the specific service providing servlet
[PDF]
Binary JSON : Insecurity in Serialization.
The article describes serialization attack based on binary Javascript Object Notation. The infection
vector encompasses the manipulation of objects like arrays. The binary JSON enhances the
working functionality of Javascript request-response mechanism by speeding up processing. The
binary JSON is designed to handle serializing operations in an efficient manner. The JSON
provides centralized concept of designing server request handling. All the data is undertaken as a
string in serialization concept. The point of talk is the serialization base is vulnerable to web
attacks. It is possible through object infection.
[PDF]
JNLP Security Convergence.
This protocol has made the web very versatile for Java application. This article will
let you know how the security parameters get converged and the sandbox technique is exploited
on web against Java applications.
[PDF]
Double Trap XSS Injection.
The paper demonstrate the double trap XSS injection.It clearly show the how the infection vector
is traversed and leads to XSS injection.
[PDF]
End Point Malfeasance.
This article shows the advancement in the flaw that occur in the end point technology ie
client/server transactions.In this the emphasis laid on the HTTP/HTTPS for undertaking rogue
issues which become the further base of attacking on the network or protocol infeasibility.
The issue discussed are of much importance when ever network problems are concerned.
[PDF]
Infection Vector in JUMP..
This article clearly explain the infection vectors in the JSON Uniform Messaging Protocol. As
we know definitively that JUMP uses mainly HTTP and a lightweight JSONrecord to edit number of
web pages. This article explain the attack vectors in the protocol implementation where the infection
can be occurred.
[PDF]
Exploiting JSON : 7 Attack Shots.
This article define the layout of the exploiting factors of web attacks ie where the JSON
framework is compromised. The article is consistent in explaining the pros of the web attack
related to JSON.
[PDF]
Ambiguity In Ajax Lockdown Framework.
The framework is based on the concept of fusing ajax applications with direct web remoting.
The stress is laid on the client server communication and the main point of talk is encrypting
the client data and decrypting on the server side.The algorithm blowfish is used and the security is
defined on that part.The main point that kept in mind is the traffic intruding ,the support for protocol
like HTTP/HTTPS is also there with TLS.The security mechanism is bit elaborated on the basis of user
data privacy.The concept that is undertaken is the encryption towards the user defined data in the web
form mainly where user data privacy is concerned.
[PDF]
Cognitive Cause Of Metacharacter Spamdexing Bug.
This paper consist of the defined cause for the Meta character spamdexing bug.The bug in my previous
paper has been fully described and the way it proliferates.I was undertaking this issue and try to
analyse the real cause ie where the search engine actually get error prone in the context in which
it is coded and modularised.This bug is considered to be as anomaly in real sense if the working of
search engine is concernd.But the class of this specific bug should be understood in clear layout.Lets
see where the bug comes to play.
[PDF]
Google Metacharacter [*] SpamDexxing Bug.
This analysis is based on the search engine bugs and anomalies. The anomaly is an occurrence of
undesired result that originates due to some core problems persist in an search engine or the
applied algorithms.This is due to the defective layout in search engine which causes anomaly or
bug to occur. The empirical basis of working relies on the context in which is applied.
[PDF]
Ebay Online Attack Jargon..
This article relates to various online attacks that occurs through ebay and gets to core how the things
are manipulated by the hackers to get work done of their own choice. This includes redirection attacks ,
phishing attacks and bypassing login attacks which are usually run on the net now a days
[PDF]
Infection through Extension functions.
This brief layout will throw light on the new way of attacking with the intermixing of XML converted
XSLT code in PHP pages.Actually in this , a generic stylesheet is constructed by the attacker with the
extension functions defined.These functions are the standard functions that are called by the XSL
specifications during the designing of XSLT stylesheet.
[PDF]
Hacking ISA Servers [Case Study of a Company].
This case study is entirely based on my hacking experiences with Microsoft ISA Servers.It gives you
people with the way to get related to the ISA server and how to exploit and manipulate it according to
your usage.This experience comes in my way when i was working for some professional organisation
where security is implemented with this server. I cant tell you the name of the organisation but the
response of the target i provide you is original and worth.
[PDF]
Detecting Vmwares Remotely.
We know vmwares are the best choice of hackers and security professionals now a days. Its very
necessary to hit a difference between a normal operating system or a VMware Machine. Its very
crucial to emanicipate the barriers between the Real Operating systems and virtual ones. Here I
am presenting you with a way out to remotely distinguish between machines.
[PDF]
Breaching Front End Security [FrontEnd Insecurities]
This article is driven on the basis of security. This will throw light on the fact that how the hackers
exploit the front end security with the minimum efforts. We know firewalls and antiviruses are on
the way and the pace is getting very fast. This is because internet leads to false positives that
result in havoc.
[PDF]
Perimeter Router Security.
When one connect its enterprise network to internet ,one is connecting its network to the
thousands of network that are unknown thus giving millions of people an opportunity to access
your assets. As such it leads to information sharing as the assets are being used by various
people in the different organizations and places. This Paper describes the Technologies that are
used to minimize the threat of potential intruders to the enterprise and its assets.
[PDF]