August 15, 2018

New Methods of Attack?

Back in the late 90’s, we saw methodologies of exploitation that relied heavily upon poor programming practices within core services on computers. One example of that is the FTP PASV vulnerability, which allowed a hacker to dump the password hashes for all users contained in the /etc/shadow file, simply by following a series of steps, and causing a segmentation fault. The resulting “core” file would contain a full memory dump of the system, including the shadow file, if it had recently been pulled into memory. As time progressed, hackers became obsessed with other methods of attack, such as buffer and heap…