This repository has been archived by the owner on Mar 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
153 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,44 @@ | ||
# Execution of malicious files | ||
# 🔒 Execution of Malicious Files | ||
|
||
## Definition | ||
## 📖 Definition | ||
|
||
👾 Execution of malicious files involves running unauthorized or harmful software, known as malware, on a computer system. This includes a variety of threats like viruses, worms, trojans, ransomware, and spyware. | ||
|
||
## 🔄 How It Works | ||
|
||
## How It Works | ||
1. **🔓 Infiltration**: Malicious files sneak into a system via email attachments, compromised websites, or downloads. | ||
2. **🔔 Activation**: The malware springs into action when the file is executed. | ||
3. **🌐 Propagation**: Some malware can replicate and spread to other systems. | ||
4. **💥 Execution**: The malware carries out its damaging activities. | ||
|
||
... | ||
## 🔍 Detection | ||
|
||
## Detection | ||
1. **🛡️ Antivirus Software**: Employs signatures and heuristics to spot malware. | ||
2. **🌍 Network Monitoring**: Watches for unusual network activity signaling malware. | ||
3. **🔎 Behavior Analysis**: Identifies odd system behavior that suggests malicious actions. | ||
4. **📁 File Integrity Monitoring**: Verifies for unsanctioned changes in files. | ||
|
||
... | ||
## 🛡️ Prevention | ||
|
||
## Prevention | ||
1. **🔄 Regular Software Updates**: Ensures all software, including security programs, are current. | ||
2. **👥 Employee Training**: Teaches how to recognize dubious files and phishing attempts. | ||
3. **🔥 Firewalls**: Restricts network traffic based on security guidelines. | ||
4. **🌐 Safe Browsing Practices**: Avoids risky websites and untrusted downloads. | ||
|
||
... | ||
## 🎭 Example Scenarios | ||
|
||
## Example Scenarios | ||
1. **💰 Ransomware Attack**: Data gets encrypted and held for ransom. | ||
2. **🐴 Trojan Horse**: Malicious code hidden inside seemingly legitimate software. | ||
3. **📧 Email Phishing**: System infection through malicious email attachments. | ||
|
||
... | ||
## 📖 References | ||
|
||
## References | ||
1. [MITRE ATT&CK Framework](https://attack.mitre.org/) | ||
2. [Cybersecurity & Infrastructure Security Agency (CISA) Publications](https://www.cisa.gov/publication-library) | ||
3. [National Institute of Standards and Technology (NIST) Cybersecurity Framework](https://www.nist.gov/cyberframework) | ||
|
||
... | ||
## 🛠️ How to do it? | ||
|
||
## How to do it ? | ||
|
||
... | ||
1. **🏗️ Set Up a Safe Environment**: Use a controlled setting like a virtual machine. | ||
2. **🔬 Obtain Test Malware Samples**: From sources like [TheZoo](https://github.com/ytisf/theZoo) or [VirusShare](https://virusshare.com/). | ||
3. **🧪 Run and Monitor**: Execute the malware and observe with security tools. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,50 @@ | ||
# RAFI (Remote File Inclusion) | ||
# 🌐 RAFI (Remote File Inclusion) | ||
|
||
## Definition | ||
## 📖 Definition | ||
|
||
Remote File Inclusion (RAFI) exploits scripts to include files located on remote servers. | ||
🔍 Remote File Inclusion (RAFI) exploits scripts to include files located on remote servers, leading to potential security breaches in web applications. | ||
|
||
## How It Works | ||
## 🔄 How It Works | ||
|
||
... | ||
RAFI occurs when an application includes external files or scripts without proper validation. Attackers manipulate these vulnerabilities to execute malicious code or disrupt services. This is typically achieved by altering URL parameters or request data to include remote files. | ||
|
||
## Detection | ||
## 🔍 Detection | ||
|
||
... | ||
👀 Detecting RAFI involves monitoring for unusual web traffic patterns, such as requests to external domains. Web application firewalls (WAFs) 🔒 and intrusion detection systems (IDS) 🚨 can be configured to detect and alert on potential RAFI patterns. | ||
|
||
## Prevention | ||
## 🛡️ Prevention | ||
|
||
... | ||
🛡️ To prevent RAFI: | ||
|
||
## Example Scenarios | ||
- Validate and sanitize all user inputs. | ||
- Avoid using user input directly in file inclusion functions. | ||
- Employ server-side input validation. | ||
- Update and patch applications and libraries regularly. | ||
|
||
... | ||
## 🎭 Example Scenarios | ||
|
||
## References | ||
1. **Dynamic Script Inclusion**: Attackers inject a URL pointing to a malicious script into a web application, leading to code execution or data theft. | ||
2. **Data Breach**: RAFI is used to include a file that exfiltrates sensitive data from the server. | ||
3. **Malware Spread**: Through RAFI, malicious files are included, spreading malware to users or other systems. | ||
|
||
... | ||
## 📚 References | ||
|
||
1. OWASP on RAFI: [Remote File Inclusion](https://owasp.org/www-chapter-namakkal/) 🌍 | ||
2. CWE-98 on PHP RFI: [Improper Control of Filename for Include/Require Statement in PHP Program](https://cwe.mitre.org/data/definitions/98.html) ⚠️ | ||
3. Remote File Inclusion: [Understanding and Preventing Web Application Vulnerabilities](https://en.wikipedia.org/wiki/File_inclusion_vulnerability) 📚 | ||
|
||
## 🛠️ How to do it? | ||
|
||
1. **🔬 Set Up a Safe Testing Environment**: | ||
- Utilize a controlled, isolated environment like a virtual machine. | ||
|
||
2. **🧪 Create and Test RAFI Scenarios**: | ||
- Simulate RAFI attacks by attempting to include remote files in your test environment. | ||
- Use test scripts to modify URL parameters or request data to point to external files. | ||
|
||
3. **🕵️♂️ Monitor and Analyze**: | ||
- Observe how the system responds to the inclusion of remote files. | ||
|
||
4. **🔍 Evaluate Security Measures**: | ||
- After testing, implement security measures like input validation and sanitization. | ||
- Re-test the same scenarios to ensure that the security measures effectively block RAFI attempts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,51 @@ | ||
# Remote File Insertion | ||
# 🚨 Remote File Insertion | ||
|
||
## Definition | ||
## 📖 Definition | ||
|
||
Remote File Insertion involves inserting malicious files into web applications. | ||
Remote File Insertion (RFI) involves inserting malicious files into web applications, leading to security breaches like unauthorized code execution, data theft, and system compromise. | ||
|
||
## How It Works | ||
## 🔄 How It Works | ||
|
||
... | ||
RFI exploits weaknesses in applications' file upload or management features. Attackers upload or insert malicious files (scripts, executables) into the server, facilitating unauthorized activities. This is often enabled by insufficient validation of file inputs and poor security configurations. | ||
|
||
## Detection | ||
## 🔍 Detection | ||
|
||
... | ||
Detecting RFI involves monitoring file upload activities and scrutinizing file execution patterns. Intrusion detection systems (IDS) 🛡️ and web application firewalls (WAFs) 🔥 help identify unusual file upload patterns or file executions. Regular security audits and server log monitoring are crucial for early detection. | ||
|
||
## Prevention | ||
## 🛡️ Prevention | ||
|
||
... | ||
🔒 To prevent RFI: | ||
|
||
## Example Scenarios | ||
- Implement strict file type and size restrictions for uploads 📁. | ||
- Use server-side file validation to process only legitimate files 📊. | ||
- Configure access controls to restrict unauthorized file execution 🔑. | ||
- Update and patch applications and server software regularly 🛠️. | ||
|
||
... | ||
## 🎭 Example Scenarios | ||
|
||
## References | ||
1. **Malicious Script Upload**: Attackers upload scripts disguised as legitimate files, executing them to gain access or steal data 💻. | ||
2. **Executable File Insertion**: Vulnerable upload functions are exploited to insert executables, compromising the server 🖥️. | ||
3. **Database Script Injection**: Malicious SQL script files are inserted, manipulating databases or exfiltrating data 📚. | ||
|
||
... | ||
## 📚 References | ||
|
||
1. OWASP Guide on File Upload Security: [File Upload Security](https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html) 🌐 | ||
2. CWE-434: [Unrestricted Upload of File with Dangerous Type](https://cwe.mitre.org/data/definitions/434.html) ⚠️ | ||
3. Remote File Injection: [Remote File Injection](https://fr.wikipedia.org/wiki/Remote_File_Inclusion) 📖 | ||
|
||
## 🛠️ How to do it? | ||
|
||
1. **🔬 Set Up a Controlled Testing Environment**: | ||
- Use a secure, isolated test environment, such as a sandbox or a virtual machine. | ||
- Ensure that the testing does not involve real user data or critical systems. | ||
|
||
2. **🧪 Simulate RFI Attacks**: | ||
- Attempt to upload or insert different types of malicious files into your test application. | ||
- Experiment with various file types, sizes, and formats to test the application's security measures. | ||
|
||
3. **📈 Monitor and Document the Impact**: | ||
- Observe how the application processes and reacts to the malicious file uploads. | ||
|
||
4. **🔐 Implement and Test Security Measures**: | ||
- After the initial tests, strengthen the application's file upload and management security. | ||
- Re-test with similar RFI techniques to verify the effectiveness of the new security measures. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,47 @@ | ||
# SQL Injection | ||
# 💉 SQL Injection | ||
|
||
## Definition | ||
## 📖 Definition | ||
|
||
SQL Injection involves inserting or "injecting" an SQL query via the input data from the client to the application. | ||
SQL Injection involves inserting or "injecting" an SQL query via the input data from the client to the application. This can lead to unauthorized access to database information, data manipulation, and other malicious activities. | ||
|
||
## How It Works | ||
## 🔄 How It Works | ||
|
||
... | ||
1. **💻 User Input**: The attacker inputs malicious SQL code into an application's input fields. | ||
2. **🔗 Exploiting Vulnerabilities**: The application, if vulnerable, processes this input as part of an SQL query. | ||
3. **📊 Database Manipulation**: This allows the attacker to manipulate the database, often retrieving, modifying, or deleting data. | ||
|
||
## Detection | ||
## 🔍 Detection | ||
|
||
... | ||
1. **🔎 Log Analysis**: Regularly review logs for unusual query patterns. | ||
2. **🛡️ Intrusion Detection Systems**: Use systems that can identify SQL injection patterns. | ||
3. **📡 Network Monitoring**: Monitor network traffic for unusual database requests. | ||
|
||
## Prevention | ||
## 🛡️ Prevention | ||
|
||
... | ||
1. **🔐 Use Prepared Statements**: With parameterized queries to prevent injection. | ||
2. **🧱 Employ Web Application Firewalls**: To filter out malicious data. | ||
3. **👩💻 Regular Code Reviews**: To identify and fix vulnerabilities. | ||
4. **📚 Educate Developers**: About secure coding practices. | ||
|
||
## Example Scenarios | ||
## 🎭 Example Scenarios | ||
|
||
... | ||
1. **💳 Data Theft**: An attacker retrieves sensitive customer data. | ||
2. **🔓 Unauthorized Access**: Gaining admin access by manipulating login queries. | ||
3. **💥 Data Corruption**: Deleting or altering records through malicious queries. | ||
|
||
## References | ||
## 📚 References | ||
|
||
1. [OWASP SQL Injection Guide](https://owasp.org/www-community/attacks/SQL_Injection) | ||
2. [CISA SQL Injection Tips](https://www.cisa.gov/uscert/ncas/tips/ST04-014) | ||
3. [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) | ||
|
||
## 🛠️ How to do it? | ||
|
||
1. **📝 Learn SQL Injection Techniques**: | ||
- Study different types of SQL injection attacks, such as tautologies, illegal/logically incorrect queries, union queries, and piggybacked queries. | ||
- Understand the basics of SQL queries and how they can be manipulated. | ||
|
||
2. **🧪 Craft and Test Malicious SQL Queries**: | ||
- Develop SQL queries that exploit known vulnerabilities in SQL databases, like input fields that don’t sanitize user input. | ||
- Test these queries against your test database to observe how SQL injection can manipulate or retrieve data. | ||
|
||
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters