Here are the top 10 hacking techniques discovered in 2016In continuation of the same series we today bring out the 10 top hacking techniques used by hackers in 2016.
HackingHacking was a term that originated in 1990s and is associated with the unauthorized use of computer and network resources. By definition, hacking is the practice of altering the features of a system, to accomplish a goal which is not in scope of the purpose of its creation.
Hacking is more commonly used in context of “Computer Hacking” where threat is posed to security of the computer and other resources. In addition, hacking has few other forms which are less known and talked about .e.g. brain hacking, phone hacking etc.
“Hacker” was a term used to denote a skilled programmer who had competency in machine code and operating systems. Such individuals were proficient in solving unsatisfactory problems and often interpreted competitors’ code to work as intelligence agents for small software companies.
There are three types of hackers, white hat or ethical hackers, grey hat hackers and black hat hackers. You can read about the different types of hackers here. We dont usually have to worry about ethical hackers but need to keep an out for the grey hat and black hat hackers who are usually cyber criminals.
In 2015, there were a dozen big time vulnerabilities discovered by researchers. However, a few of those were actually exploited in the wild.
Here are the top 10 hacking techniques discovered in 2015 :
#1 FREAK Attack
#2 LOGJAM vulnerability
#3 Web Timing Attacks
#4 Evading All* WAF XSS FiltersSecurity researcher Mazin Ahmed discovered that it is it is possible to evade cross-site scripting filters of all popular web-application firewalls. Once exploited the hackers can do pretty much anything they want.
The research paper can be read here.
#5 Abusing CDN’s with SSRF Flash and DNS
#7 Exploiting XXE in File Parsing Functionality
#8 Abusing XLSTThe vulnerability in XLST was known for a long time but security researcher Fernando Arnaboldi demonstrated it for the first time at the Black Hat conference.
Research and proof-of-concept attacks highlighted at Black Hat that show how XSLT can be leveraged to undermine the integrity and confidentiality of user information.
#9 Magic HashesSecurity researchers, Robert Hansen and Jeremi M. Gosney discovered a vulnerability in the way PHP handles hash comparisons.
Looks into a weakness in the way PHP handles hashed strings in certain instances to make it possible to compromise authentication systems and other functions that use hash comparisons in PHP.
You can get further information about magic hashes here.