• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 11: SQL Injection

Steam Video Game curation API

November 11, 2018 by Steve Pote Leave a Comment

Hacking an API endpoint is the web request sibling of SQL injection. It is a place where SQL Injection best practices  – parameterization and sanitization of input can be bypassed by directly interacting with a server in JSON or XML (or whatever vernacular your endpoint may spit out)

This would have interested me also…partner.steamgames.com/partnercdkeys/assignkeys/

This (and another more ~classic~ SQL injection attack) were discovered by a HackerOne guy who received bounties for his efforts and the full disclosure to the Steam company.

https://www.zdnet.com/article/steam-bug-could-have-given-you-access-to-all-the-cd-keys-of-any-game/

https://hackerone.com/reports/383127

https://partner.steamgames.com/

https://partner.steampowered.com/login/?goto=%2F

Phishing Attacks up by 297 Percent in Q3 2018

November 8, 2018 by Connor Fairman 2 Comments

Despite the fact that phishing is not by any means a new phenomenon, people are still falling victim to phishing attacks, and in greater numbers. According to this articles, phishing attacks are up by 297 percent in Q3 2018. Mainly, these attacks are being used to trick customers into revealing their credit card and login information to perpetrators. According to the article, fake apps and fake social media profiles are also on the rise by almost 500%. These sources can also be used to trick and deceive consumers into revealing personal information. One thing that really jumps out to me is that Phishing attacks aren’t really technically sophisticated. They don’t require you to hack into hardware or even use the command line. You just need to convince someone that you are someone else and not a bad guy.

https://www.securitymagazine.com/articles/89512-phishing-attacks-up-by-297-percent-in-q3-2018

Fired Chicago Schools Employee Causes Data Breach

November 8, 2018 by Connor Fairman 1 Comment

A fired Chicago Schools employee copied a database containing the personal information of around 70,000 people involved with CPS before she left her office for the last time. It is believed that she did this in retaliation for being fired. Thankfully, it doesn’t seem as if the information was used or disseminated in any way, but the potential damage that could be accomplished with that amount of personal information is extremely substantial. People with criminal records could be blackmailed, for example, under threat that their record would be released in a public place. It seems as if the Chicago Schools has a very reliable system in place for detecting these breaches because the former employee only had possession of the information for 24 hours before they were arrested. Companies should be aware that this is a very real and dangerous threat.

https://www.securitymagazine.com/articles/89553-fired-chicago-schools-employee-causes-data-breach

Election hacking: Why cybersecurity experts think we should trust midterm election results

November 8, 2018 by Connor Fairman 1 Comment

This is kind of a related post but I’ve been very interested in the ways hackers can interfere in an election, so I’m going to write about it from another angle. Security experts were very optimistic about this year’s voting systems’ integrity. When asked why, an expert from IBM explained that Russian interference in the 2016 elections were actually not very technically sophisticated, but consisted of spear phishing, which we have covered in class. Spear Phishing involves sending an email from what appears to be a trusted sender in order to induce the victim to respond with highly confidential information. This actually has nothing to do with hacking a voting machine. Thus, perceivably, the solution to this spear phishing actually doesn’t involve these machines, but improved employee training, so that people don’t fall for these kinds of attacks in the future.

https://www.cbsnews.com/news/midterm-election-hacking-cybersecurity-experts-think-we-should-trust-results/

Election night: Why Utah’s cybersecurity team was on high alert

November 8, 2018 by Connor Fairman Leave a Comment

There were tons of people worrying about cyber hacking in this recent midterm election cycle. Concerns about Russian, Chinese, and even North Korean hacking dominated the concerns of voting organizers. However, remarkably, no serious attempts at hacking the election/voting mechanisms were detected, at least according to major news reports about the matter. This article focuses on the state of Utah, which has highly prioritized cyber security in its elections. In fact, they were one of the first states to coordinate with DHS and the FBI to ensure the integrity of their voting systems. Perhaps the fact that more states took serious measures to protect themselves deterred would-be hackers?

https://www.deseretnews.com/article/900040705/election-night-why-utahs-cybersecurity-team-was-on-high-alert.html

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in