• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Interesting Article Describing Identifying a Vulnerability

September 7, 2018 by Wade Mackey 2 Comments

https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

Filed Under: Week 02: TCP/IP and Network Architecture Tagged With:

Reader Interactions

Comments

  1. Connor Fairman says

    September 7, 2018 at 9:57 pm

    I hope this is the right place to post responses to the articles.

    I was reading this article and a lot of the author’s explanation included the use of relatively complex topics, such as asynchronous processing, piping, namespace, hexadecimal representation of data, etc. These all kind of fall under the umbrella of IPC, or interprocess communication. These are things I remember learning as a CS student in my computer systems class and even back then I found them quite challenging to fully understand. The author then jumps into what looks to be a python program, which continually appends hexadecimal strings to a final large string, which then seems to be cast as a byte array. My impression is that at the end, the program uses the write access that the user has obtained to write some data input as a command line argument into a named pipe. I guess my question is: how important is it for someone in this field to have a serious in-depth understanding of computer systems, operating systems, assembly language, bytecode, and these kinds of things? By understanding computer systems and OS, I mean really understand things like scheduling, blocking, threading, piping, socket programming, registers, static and dynamic (sometimes global?) memory, memory addressing, virtual memory vs. physical memory, etc. Scheduling and threading are relevant to the article because the code snippets contain methods that perform asynchronous tasks, such as:

    this.DoRunAsync(token);

    Log in to Reply
  2. Manogna Alahari says

    September 10, 2018 at 2:48 pm

    https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/

    I read an article titled – Browser Extensions: Are They Worth the Risk.

    The author states, cyber criminals hacked browser extension of a popular file site- Mega.n, for google chrome so that usernames and passwords submitted through the browser were copied and forwarded to some scamp server in Ukraine. To avoid these kind of scenarios, limit the exposure to these attacks by getting rid of extensions that are no longer useful or actively maintained by developers since browser extensions can systematically fall into wrong hands. Browser extensions can be especially handy and useful, but negotiated extensions can give attackers access to all data on your computer and the websites we visit. In this case, the extension gets negotiated when someone with legitimate rights to alter its code gets phished or hacked which can be nightmares for users. If using multiple extensions, adopt a risk-based approach or limiting one’s reliance on third-party browser extensions reduces the risk significantly.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in