A few days ago, KrebsOnSecurity published a very well written article discussing a new 0-day Java vulnerability, and its effect on the Bit9 Hack. now lets be honest – Java Vulnerabilities are the hottest thing in security news right now.. if a week goes by without a new 0-day, someone is slipping or sleeping. I [...]
This morning, an outline article defining AppDoS that I wrote, was published on Imperva’s Blog, have a read would you ? Link here. The article explores the differences between classic Denial of Service, and Application Oriented Denial of Service in a simplified manner.
The one thing that kept me thinking on a flight the other day was the latest new about LinkedIn’s 6.5 million password breach, and the followup lawsuit against it for violating its own privacy user agreement ensuring the security of one’s identity. and not specifically the story itself, but some of the aftermath that came [...]
For the past couple of weeks, i have been away visiting Family in a country far far away, with an excellent internet connection and boring midnight hours, when I decided to play some games to help myself go to sleep. now, since this was quite an interest for me, I started looking in different sources [...]
It was great to see how much attention the Hulk tool got over a short period of time, and even considered a malware by some folks who didnt read the fine print of “educational experiment” labeling. got tons of questions and improvement suggestions while some missed the main idea behind this.. its not meant to avoid a [...]
Introducing HULK (Http Unbearable Load King). In my line of work, I get to see tons of different nifty hacking tools, and traffic generation tools that are meant to either break and steal information off a system, or exhaust its resource pool, rendering the service dead and putting the system under a denial of service. [...]
Background To establish common ground, I would like to start by explaining some theory behind DoS attacks on the HTTP attack vector. An HTTP DoS attack is usually not based on a vulnerability or known flaw in a web server or a service, instead – its the attempt to bring a server down by using [...]
I had some time finally to play around with Refref ( originally written for Anonymous ), and i really liked it. for those of you who are unfamiliar with Refref, it is an application denial of service tool, which uses an interesting vector of attack making it very effective. to my knowledge it exists as [...]