• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • About
  • Structure
  • Schedule
    • First Half of the Semester
      • Week 1: Overview of Course
      • Week 2: TCP/IP and Network Architecture
      • Week 3: Reconnaissance
      • Week 4: Vulnerability scanning
      • Week 5: System and User enumeration
      • Week 6: Sniffers
      • Week 7: NetCat, Hellcat
    • Second Half of the Semester
      • Week 8: Social Engineering, Encoding, and Encryption
      • Week 9: Malware
      • Week 10: Web application hacking, Intercepting Proxies, and URL Editing
      • Week 11: SQL injection
      • Week 12: Web Services
      • Week 13: Evasion Techniques
      • Week 14: Review of all topics and wrap up discussion
  • Assignments
    • Analysis Reports
    • Quizzes & Tests
  • Webex
  • Harvard Coursepack
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Burp Suite – Ookla.com

Burp Suite – Ookla.com

December 6, 2016 by Loi Van Tran 1 Comment

Executive Summary

PowerPoint

‘Frighteningly Easy’ Hack Guesses Full Credit Card Details in 6 Seconds.

December 5, 2016 by Mengqi He 2 Comments

Researchers from the UK’s Newcastle University have developed a so-called Distributed Guess Attack that essentially circumvents all security features for protecting online payments to steal card number, CVV and expiration date of any Visa card. The attack takes advantage of the manner that different online merchants request different types of information for processing a credit or debt card payment, even though most of them at a minimum require the card number or and expiry date. In addition, there is no mechanism currently in place to detect multiple invalid payment request made on the same card yet from different online merchant sites. Therefore, it is possible that a hacker to make unlimited times of guess on a card’s CVV or expiration date by spreading the guesses across multiple sites. Based on these two manners, an attacker can obtain full card details by automatically generating and verifying different combinations, and the process can be done through 1,060 and 60,000 attempts and takes only six seconds. The guessing attack worked only on Visa’s network. MasterCard’s network would quickly detect the guessing attack.

I was surprised that Visa would have such a great vulnerability in its credit and debt card payment process. As one of the world largest financial service corporation, Visa processed 100 billion transactions with a total volume of US $6.8 trillion. Over 1.5 billion credit cards are Visa cards. With such a large number of users and transaction volume, this vulnerability is an great challenge to Visa that it has to figure out an appropriate solution to improve this security issue and protect its customer information.

 

Link: http://www.darkreading.com/vulnerabilities—threats/frighteningly-easy-hack-guesses-full-credit-card-details-in-6-seconds/d/d-id/1327632

Burp Suite Analysis of CNN.com

December 4, 2016 by Josh Zenker 2 Comments

CNN.com has a reputation among my colleagues in IT for how long it takes to load its front page. I reasoned that it must be pulling in many resources from third party sites. Therefore I thought it would be an ideal target for the Burp Suite intercepting proxy.

  • Presentation [PDF]
  • Executive Summary [PDF]

Burp Suite Analysis-xfinity

December 3, 2016 by Noah J Berson Leave a Comment

Here is my analysis for you to look at and/or comment on. Thanks.

burp-suite-for-xfinity-noah-berson

burp-suite-xfinity-noah-berson

1- TalkTalk and Post Office customers hit by Mirai worm attack 2- Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System

December 3, 2016 by Mauchel Barthelemy 2 Comments

1- TalkTalk and Post Office customers hit by Mirai worm attack

It has been reported this week that 900,000 routers hit by huge Mirai worm cyber-attack. TalkTalk and Post Office customers were largely affected by this attack in United Kingdom. The good news is that TalkTalk has identified the source of the problem and rolled out a resolution to all customers. Also, a UK Post Office spokesperson confirmed that customers still experiencing problems should reboot their router as a solution. Luckily this was something that TalkTalk and the UK Post Office quickly addressed. Below is the article.

http://www.wired.co.uk/article/deutsche-telekom-cyber-attack-mirai

 

2- Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System

I know we already posted topics about ransomware on our class blogs, but I also found this article interesting as ransomware is becoming a more and more popular form of attack from hackers. This week, Forbes reported that hackers took control of the San Francisco transportation system and demanded 100 Bitcoin, worth roughly $70,000, to release Muni machines from their control. Ransomware should be one of the areas of focus for cyber security. Article is below.

http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#153e3e2754dd

Burp Proxy Analysis for Barnes & Noble

December 3, 2016 by Mengqi He 1 Comment

burp-proxy-analysis-for-barnes-noble-ppt

burp-proxy-analysis-for-barnes-noble-summary

Burp Suite Analysis

December 2, 2016 by Jimmy C. Jouthe 1 Comment

Burp Suite Analysis Slides

Burp Suite Analysis Executive Summary 

Burp Suite – Philly.com

December 2, 2016 by Arkadiy Kantor 2 Comments

My analysis was on Philly.com attached are my findings.

 

Summary

 

Presentation

Burp Suite Analysis

December 2, 2016 by Anthony Clayton Fecondo 1 Comment

Powerpoint: burp-suite-presentation-Fecondo

Write-up: burp-suite-report-fecondo

Burpe Suite Analysis #3–Groupon

December 1, 2016 by Mengxue Ni 1 Comment

Here are my Burpe Suite Analysis for Groupon:

Burpe Suite Analysis–Groupon (PPT)

Excutive Summary

  • « Go to Previous Page
  • Page 1
  • Page 2
  • Page 3
  • Page 4
  • Interim pages omitted …
  • Page 28
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (133)
  • Week 01: Overview (1)
  • Week 02: TCP/IP and Network Architecture (8)
  • Week 03: Reconnaisance (25)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (15)
  • Week 06: Sniffers (9)
  • Week 07: NetCat and HellCat (11)
  • Week 08: Social Engineering, Encoding and Encryption (12)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (12)
  • Week 11: SQL Injection (11)
  • Week 12: Web Services (10)
  • Week 13: Evasion Techniques (7)
  • Week 14: Review of all topics (5)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in