- Malware Understanding Computer Attack and Defense Techniques
Modern attacks combine social engineering to bypass technical defenses, client-side exploits targeting browsers and add-ons, web application vulnerabilities like SQL injection, and persistent...
- Web Security Researching Malicious Websites: A Few Tips
Malicious sites evade researchers by checking User-Agent and Referer headers, computing redirects via JavaScript, using nonces, and denylisting IPs. Bypass these defenses by faking browser headers,...
- Tools Mitigating Attacks on the Web Browser and Add-Ons
Drive-by exploits target vulnerabilities in browsers and add-ons like Java, Adobe Reader, and Flash. Defense involves sandboxing (Chrome, IE, Adobe Reader X), tightening settings via Group Policy,...
- Web Security Mitigating Attacks on Web Applications Through the Browser
Attackers use browsers as gateways to attack web applications via XSS (executing malicious JavaScript in app context), CSRF (tricking browsers into submitting crafted requests), clickjacking...
- Web Security Three Web Attack Vectors Using the Browser
Three browser attack vectors cause most web-based attacks: social engineering (phishing, fake software installs), attacking web applications through the browser (XSS, CSRF, clickjacking), and...
- Web Security Cross-Side Scripting Demystified