Latest Cybersecurity Threats and Flaws in Access Control and Injection Techniques

Explore the latest cybersecurity threats, vulnerabilities, and flaws in access control systems, injection techniques like command injection and SQL Injection, phishing attacks, and more. Stay informed about potential risks and best practices to strengthen your organization's security posture.

• Cybersecurity
• Threats
• Access Control
• Injection Techniques
• Phishing

abdulwa Follow

Uploaded on Mar 03, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. MIS 5212.001 Week 9 Site: http://community.mis.temple.edu/mis5212sec001s16/

2. In the news Last Presentations WebGoat Issues Ettercap Next Week MIS 5212.001 2

3. MIS 5212.001 3

4. Submitted http://krebsonsecurity.com/2016/03/seagate-phish- exposes-all-employee-w-2s/ http://www.cnet.com/news/not-in-my-house-amazons- unencrypted-devices-a-sitting-target-cybersecurity- experts-say/ http://thehackernews.com/2016/03/subgraph-secure- operating-system.html http://www.bbc.com/news/technology-31042477 (Chips under skin) http://www.philly.com/philly/news/20160226_Apple_f ights_FBI_s_iPhone_demand_as__oppressive_.html http://www.bbc.com/news/uk-35750127 (GCHQ on Apple) MIS 5212.001 4

5. Submitted http://www.homelandsecuritynewswire.com/dr2016020 4-vulnerability-found-in-in-twofactor- authentication?page=0,1 http://www.afr.com/technology/web/security/pwc- creates-cyber-security-game-to-let-board-members-play- as-hackers-20160229-gn713x http://n4bb.com/amazon-shocks-cybersecurity-experts- disables-fire-os-5-encryption-update-promises-reverse/ http://thehackernews.com/2016/03/mac-os-x- ransomware.html http://techcrunch.com/2016/03/07/apple-has-shut- down-the-first-fully-functional-mac-os-x-ransomware/ MIS 5212.001 5

6. What I noted http://www.latimes.com/business/technology/la- fi-tn-snapchat-phishing-attack-20160228-story.html http://www.cnbc.com/2016/03/06/reuters- america-apple-users-targeted-in-first-known-mac- ransomware-campaign.html http://www.pcworld.com/article/3041115/security /mits-new-5-atom-quantum-computer-could- transform-encryption.html#tk.rss_all http://datagenetics.com/blog/september32012/ind ex.html (Pin Guessing) MIS 5212.001 6

7. MIS 5212.001 7

8. Access Control Flaws Stage 1 Stage 3 Authentication Flaws Cross-Site Scripting Phishing Stage 1 Stage 5 Reflected XSS Attacks Improper Error Handling Fail Open Authentication Scheme MIS 5212.001 8

9. Injection Flaws: Command Injection: " & netstat -ant & ifconfig Numerical SQL Injection: or 1=1 Log Spoofing XPATH Injection String SQL Injection Modifying Data with SQL Injection Adding Data with SQL Injection Blind Numeric SQL Injection Blind String SQL Injection MIS 5212.001 9

10. Intercepting traffic Source: http://www.valencynetworks.com/articles/cyber-attacks-explained- man-in-the-middle-attack.html MIS 5212.001 10

11. Ettercap supports active and passive dissection of many protocols (including ciphered ones). Ettercap offers four modes of operation: IP-based: packets are filtered based on IP source and destination. MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway. ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex). PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half- duplex). MIS 5212.001 11

12. Other Features: Character injection SSH1 support: the sniffing of a username and password HTTPS support: the sniffing of HTTP SSL secured data even Remote traffic through a GRE tunnel Plug-in support Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half- Life, Quake 3, MSN, YMSG Packet filtering/dropping OS fingerprinting Kill a connection Passive scanning of the LAN Hijacking of DNS requests MIS 5212.001 12

13. A tool for performing man in the middle attacks Pre-installed in Kali MIS 5212.001 13

14. After Launch: MIS 5212.001 14

15. Click Unified Sniffing MIS 5212.001 15

16. Select Your Network Connection (May not be same) MIS 5212.001 16

17. Now we will see who is out there: MIS 5212.001 17

18. Available Hosts, Im going after the last one! MIS 5212.001 18

19. Setup to ARP Poison MIS 5212.001 19

20. Doesnt Work in a VM You will need real machines on a switch to get this fully functioning A good walkthrough is http://www.thegeekstuff.com/2012/05/ettercap- tutorial/ MIS 5212.001 20

21. In the news Intro to Wireless MIS 5212.001 21

22. ? MIS 5212.001 22