It has been long time since my last post, I have been really busy these days. But I hope this nice post would compensate for days I didn't post anything. So this post has a back story, but again, I can not go in detail, can not name any particular application or company. So I won't be disclosing any information regarding the case, but I will do my best to explain the situation.
Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that it's possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things. So to summarize, this tiny app:
- Enumerates following APIs:
Hi again! In my previous post, I demonastrated how to use RFID cards to add extra layer of security for logging into Linux systems using PAM modules. In this post, I'm going to show you how I managed to do same thing for Windows.
When you learn that a company web server compromised because of a small programming mistake in PHP and it was possible to stop the attack by calling a function, you will want to learn more about all those "function calls".
Basically, in this post, I'll talk about possible attacks to web applications and how to stop them.
When you talk to enterprise companies with several years of experience, possibly they know very well how important web security is. In case they haven't experienced any security breach, at least they have heard about other companies experiencing data leaks and security breaches. So I'm not talking to them in this post, they should have already learnt importance of IT security.
But when it comes to startup companies, they don't even know about IT security. A lot of them don't care about it, they never take it serious, you would hear responses like: