Hackersidea

     Supplying multiple HTTP parameters with the same name may cause an application to interpret values in unanticipated ways. By exploiting these effects, an attacker may be able to bypass input validation, trigger application errors or modify internal variables values. As HTTP Parameter Pollution (in short HPP ) affects a building block of all web technologies, server and client side attacks exist. Current HTTP standards do not include guidance on how to interpret multiple input parameters with the same name. For instance, RFC 3986 simply defines the term Query String as a series of field-value pairs and RFC 2396 defines classes of reversed and unreserved query string characters. Without a standard in place, web application components handle this edge case in a variety of ways (see the table below for details). By itself, this is not necessarily an indication of vulnerability. However, if the developer is not aware of the problem, the presence of du

          Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 47,000 in total (as of June 2016). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).     Architecture Overview The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateles

                    CUPP is powerful tool that creates a wordlist, specifically for a person. CUPP is cross platform and written in Python. CUPP asks you questions about the target (name, wife’s name, pet’s name, phone number…) and then creates a password based on the keywords you entered. How to install CUPP in Kali linux 1) Out first step is to start Kali, our beloved hacking system. Once we have Kali up and running, we need to make a directory to store our CUPP files in our home directory. Enter this command:                           mkdir CUPP 2) Then, navigate to that directory                           cd CUPP 3) Once inside the CUPP directory, go ahead and enter the following line into your terminal:                          git clone https://github.com/Mebus/cupp.git 4) If git doesn’t work, you probably don’t have it installed. if so, enter this command:                         apt-get update &&

Virtual Private Network, or VPN for short, is a secure network connection through which you can safely connect your device to public networks. It is widely used by large corporations, educational institutions and government agencies. It is also used by individuals who care about staying anonymous on the internet for various reasons. In countries where governments are blocking access to certain websites, people use a VPN to get around these walls of censorship. Another reason people use VPN’s is to gain access to web content restricted to certain countries; this is particularly the case with some YouTube channels, like Vevo and similar. In countries where downloading torrents is heavily monitored, like the USA for example, people use VPN to hide their internet activity and IP address from ISPs and from the torrent source. This is similarly the case for streaming, the use of streaming services like Kodi is exploding lately and the movie studios are

Researchers uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection. We named this technique AtomBombing based on the name of the underlying mechanism that this technique exploits. AtomBombing affects all Windows version. In particular, we tested this against Windows 10. Unfortunately, this issue cannot be patched since it doesn’t rely on broken or flawed code – rather on how these operating system mechanisms are designed. Code Injection 101  The issue revealed presents a way for threat actors to inject code. Attackers use code injection to add malicious code into legitimate processes, making it easier to bypass security products, hide from the user, and extract sensitive information that would otherwise be unattainable. For