Feature

Hydra Brute Force Utility

Hydra is a powerful, multi-protocol brute force attack tool. Brute force attacks involve guessing authentication credentials in an attempt to gain access to a system. Brute force is, over time, the most successful way to break simple authentication. The main disadvantages of brute force attacks are the time required to try username and password combinations, and the fact that these types of attacks are extremely noisy. Noise, in this instance, means that brute force attacks generate a lot of traffic, and potentially quite a bit of evidence of the attack. It is even possible to perform a denial of service attack using brute force tools. By attempting authentication repetitively over periods of time it may be possible to tie up system resources to such an extent that legitimate users cannot access the resource.

Read more
Past Features
Editorial

Thinking Security

Security vulnerability in code may be a permanent reality. Given the average number of bugs in software, and the moving state of security, it may be impossible to produce secure software. Added to this crisis is the fact that software is deployed on systems that are increasingly permanently connected to the network. This constant connection means a persistent, global threat. Traditional defences such as firewalls are increasingly proving useless at mitigating this threat. This situation leads us to question whether current security paradigms are working. What can the information security community do to combat a persistent, and growing, problem of vulnerable software being exposed to attack?

Read more
How To

Monitoring Drupal with OSSEC

Drupal 6 provides the syslog module by default which allows Drupal to write some log entries directly to the system log. OSSEC open source host based intrusion detection system is a perfect system for monitoring events in a system log. By implementing a custom decoder and a few rules you can easily modify your OSSEC installation to monitor your Drupal site for common attacks, including brute force attacks or other malicious activity.

Read more

Top Articles

  1. Installing Nikto on Windows
  2. SSHatter SSH Brute Forcer
  3. PHP Arbitrary File Include
  4. Hardening PHP from php.ini
  5. Web Hacking Lesson 4 - File Include Vulnerabilities
  6. Madirish Tutorial 11 (Brute Forcing)
  7. Using the Google Safe Browsing API from PHP
  8. Beginners Guide to PHP
  9. JavaScript Single/Double Quote Killer
  10. Using Soundex with MySQL

Tags

advisory, apache, authentication, brute force, c, certification, cms, computers, database, development, disclosure, drupal, editorial, email, encryption, exploit, feature, firewall, hardening, hardware, honeypot, how-to, incident response, intrusion detection, java, javascript, linux, malware, microsoft, mysql, networking, open source, oracle, ossec, perl, phishing, php, privacy, review, rootkits, security, social engineering, sql injection, ssh, tools, virtualization, virus, vulnerability, website, wireless, xml, xsrf, xss

Blog Articles

Advisories