Winson Digital Techniques

Most attackers are aware of IDSs and use evasive techniques to dodge them. These evasive techniques include flooding, fragmentation, encryption, and obfuscation. Flooding IDSs depend on resources such as memory and processor power to effectively capture packets, analyze traffic, and report malicious attacks. By flooding a network with noise traffic, an attacker can cause the IDS to exhaust its resources examining harmless traffic. In the meantime, while the IDS is distracted and occupied by the volume of noise traffic, the attacker can target its system with little or no intervention from the IDS. Fragmentation Because different network media allow variable maximum transmission units (MTUs), you must allow for the fragmentation of these transmission units into differently sized packets or cells. Hackers can take advantage of this fragmentation by dividing attacking packets into smaller and smaller portions that evade the IDS but cause an attack when reassembled by a target host. Encryp...

Web Server Attack Tools are now familiar with the methodology that an attacker uses to hack an internet server. This section will introduce web server hacking took that an attacker may use within the web server hacking methodology described in the previous section. These tools extract critical information during the hacking process. Web Server Attack Tool: Metasploit The Metasploit Framework may be a penetration-testing toolkit, exploit development platform, and research tool that has hundreds of working remote exploits for a spread of platforms. It supports fully automated exploitation of web servers   by abusing known vulnerabilities and leveraging weak passwords via Telnet, H, HTTP, and SNM. The features of Metasploit that an attacker may use to perform web server attack 1)  Closed-loop Vulnerability Validation 2)  Phishing Simulations 3)   Social Engineering 4)  Manual Brute Forcing 5)   Manual Exploitation 6)  Evade-leading defensive solution...

App-based mobile threats Applications are often the root of mobile device vulnerabilities. These types of attacks can occur when users download malicious apps or grant apps permission to access device data without checking whether or not it’s safe to do so Web-based mobile threats A web-based mobile attack is usually achieved through phishing  or spoofing. Attackers will send an email, text, or another instant message that looks as if it was from a trusted source—but the message contains a malicious link or attachment. When users click through or provide personal information, the bad actor can then gain unauthorized access to their mobile device or steal credentials to spoof identities Network threats This type of mobile attack occurs when bad actors target unsecured or free-to-use public WiFi connections. In some cases, hackers may even set up a fake WiFi network (known as network spoofing) in an attempt to trick users. Spoofed networks will ask users to create an account with a u...

       Web Server Types of Attacks 1) Scanning – Tools, such as Nmap and SuperScan, can be used. 2) Banner grabbing – Identifies the server and version. Netcat and Telnet are useful here. 3) Attacking the web server – The script kiddies’ dream would be to find unpatched servers or discover a recently discussed vulnerability that hasn’t been patched yet. 4) Surveying the application – Because it’s more advanced than a direct web server attack, attacking the application could go unnoticed. 5) Attacking authentication – Weak forms of authentication might allow the attacker to beat authentication or guess commonly used passwords. 6) Exploiting the database – A tempting target for hackers looking to make a profit in identity or credit card theft. The web browser sends HTTP requests to the Web server. The firewall captures this traffic and, typically, concentrates on analyzing the communication parameters of the traffic. It checks the destination port, the source and desti...