Questions tagged [attacks]
An attempt to exploit a weakness in a system, either for nefarious or research reasons. Questions with this tag should be about designing, carrying out, or defending against the attack itself, rather than about the underlying weakness.
1,270 questions
1vote
1answer
119views
Root takeover attack on Kubernetes host despite Vault agent
HashiCorp Vault Agent creates a sidecar that talks to the Vault server and injects secrets as files into containers, where the files are located under /vault/secrets/. "render all defined ...
- 111
1vote
0answers
65views
Practical examples of SSL and TLS vulnerabilities
As we all know, SSL protocols as well as TLS 1.0 and TLS 1.1 are vulnerable to various types of attacks, such as BEAST, Padding Oracle Attack, Sweet32, Downgrade Attack, and others. But have you ever ...
0votes
0answers
72views
I am being inindated by what seems to be a hacker site. 3171 attempts since 9:41 AM - 11:57AM. How do I stop it?
Each day I check the Log file on my UDMPRO for threats (Triggers), and everyday I have the same Public IP addresses being denied access. Currently I have firewall rules setup to block them. I also ...
3votes
2answers
4kviews
Why must an attack tree be a tree?
Is there a reason why an attack tree must be a tree (i.e. a graph with no loops) rather than joining repeated nodes (representing the same events) together? Have variants of the geometry (not being ...
- 141
1vote
1answer
544views
remotely triggering a firmware download
Is it possible for an attacker to trigger a firmware download to another device by sending a malicious network packet that initiates a malicious download of a file that contains attacker controlled ...
1vote
0answers
182views
Massive Increase in Phony Access Attempts from Microsoft IPs – What Kind of Attack Is This? [duplicate]
Over the past few weeks, I've observed a massive spike in suspicious traffic from IP addresses belonging to Microsoft servers in Ireland. These accesses are blocked due to attempts to reach specific, ...
- 11
4votes
1answer
1kviews
(How) is it possible to let portable communication devices detonate via software? [closed]
A recent attack in the Middle East turned pagers into weapons; apparently, the attacker was able to let them detonate without physical access to the devices, at least not after the victims obtained ...
5votes
1answer
2kviews
Subdomain takeover with A record
I friend of mine has had a subdomain takeover occur. I've taken a look at his DNS and he had some dangling entries, but they were A records, not CNAMEs. The subdomain was pointing to an IP address on ...
- 163
2votes
0answers
51views
What could this partially nonsense URL request to my site be? [duplicate]
Url requested: https://site.azurewebsites.net/fky_7143_tczf_ohced.aspx?group=CON&branch=A&[email protected]&page=stocks/Bep_EQ32_agepbb_abfgjc_ctkdcem.aspx?veBjt=09983&...
0votes
0answers
151views
bin/sh in return-to-libc attacks
Return-to-libc is an attack where the attacker, in most cases, returns to the system function, which it uses to execute shell commands. However, I am confused about two things: The command that the ...
1vote
0answers
287views
My reCAPTCHA for registering got bypassed
I implemented reCaptcha on my react native app to stop bots from creating accounts. However this reCAPTCHA got bypassed. and the hacker was able to create 10-20 thousand accounts in like a week. I ...
- 73
4votes
1answer
197views
Why does this malicious code work? (Lua, FFI)
Below is a sandboxed Lua script that uses FFI to execute malicious C code. A fixed memory address is used to load a windows function GetProcAddress which is subsequently used to run a powershell ...
2votes
0answers
113views
Getting reverse shell as another user
I'm performing Overpass the hash attack @ TryHackMe > CompTIA Pentest+ > Attacks and Exploits > Lateral Movement and Pivoting > Task 3 > Let's Get to Work! I dumped Key of my target ...
- 85
1vote
0answers
51views
Laser pulse/injection attacks, Xray inspection, Test-based(like JTAG scan chain) attacks, Microprobing attacks... are these invasive or non-invasive?
Laser pulse/injection attacks, Xray inspection, Test-based(like JTAG scan chain) attacks, Microprobing attacks... are these invasive or non-invasive? Just curiosity. I don't know how to categorize. My ...
- 325
0votes
1answer
777views
Is polyfill.io still an immediate threat?
Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6 https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-...
- 111
