Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Detecting Malice: Preface
User Disposition
Deducing Without Knowing
Book Overview
Who Should Read This Book?
Why Now?
A Note on Style
Working Without a Silver Bullet
Special Thanks
Chapter 1 - DNS and TCP: The Foundations of Application Security
In the Beginning Was DNS
Same-Origin Policy and DNS Rebinding
DNS Zone Transfers and Updates
DNS Enumeration
Spoofing and the Three-Way Handshake
Passive OS Fingerprinting with pOf
TCP Timing Analysis
Network DoS and DDoS Attacks
Attacks Against DNS
Low Bandwidth DoS
Using DoS As Self-Defense
Motives for DoS Attacks
DoS Conspiracies
Port Scanning
With That Out of the Way…
Chapter 2 - IP Address Forensics
What Can an IP Address Tell You?
Reverse DNS Resolution
WHOIS Database
Real-Time Block Lists and IP Address Reputation
Related IP Addresses
When IP Address Is A Server
Web Servers as Clients
Dealing with Virtual Hosts
Proxies and Their Impact on IP Address Forensics
Network-Level Proxies
HTTP Proxies
AOL Proxies
Anonymization Services
Tor Onion Routing
Obscure Ways to Hide IP Address
IP Address Forensics
To Block or Not?
Chapter 3 - Time
Traffic Patterns
Event Correlation
Daylight Savings
Forensics and Time Synchronization
Humans and Physical Limitations
Gold Farming
CAPTCHA Breaking
Holidays and Prime Time
Risk Mitigation Using Time Locks
The Future is a Fog
Chapter 4 - Request Methods and HTTP Protocols
Request Methods
Invalid Request Methods
Random Binary Request Methods
Lowercase Method Names
Extraneous White Space on the Request Line
HTTP Protocols
Missing Protocol Information
HTTP 1.0 vs. HTTP 1.1
Invalid Protocols and Version Numbers
Newlines and Carriage Returns
Third-Party Content Referring URL Disclosure
What Lurks in Your Logs
Referer and Search Engines
Language, Location, and the Politics That Comes With It
Links from Local Pages
Users’ Privacy Concerns
Determining Why Referer Isn’t There
Referer Reliability
Impact of Cross-Site Request Forgery
Is the Referring URL a Fake?
Referral Spam
Last thoughts
Chapter 6 - Request URL
What Does A Typical HTTP Request Look Like?
Watching For Things That Don’t Belong
Domain Name in the Request Field
Proxy Access Attempts
Anchor Identifiers
Common Request URL Attacks
Remote File Inclusion
SQL Injection
HTTP Response Splitting
NUL Byte Injection
Pipes and System Command Execution
Cross-Site Scripting
Web Server Fingerprinting
Invalid URL Encoding
Well-Known Server Files
Easter Eggs
Admin Directories
Automated Application Discovery
Well-Known Files
Google Sitemaps
Chapter 7 - User-Agent Identification
What is in a User-Agent Header?
Malware and Plugin Indicators
Software Versions and Patch Levels
User-Agent Spoofing
Cross Checking User-Agent against Other Headers
User-Agent Spam
Indirect Access Services
Google Translate
Traces of Application Security Tools
Common User-Agent Attacks
Search Engine Impersonation
Chapter 8 - Request Header Anomalies
Requests Missing Host Header
Mixed-Case Hostnames in Host and Referring URL Headers
Cookie Abuse
Cookie Fingerprinting
Cross Site Cooking
Assorted Request Header Anomalies
Expect Header XSS
Headers Sent by Application Vulnerability Scanners
Cache Control Headers
Accept CSRF Deterrent
Language and Character Set Headers
Dash Dash Dash
From Robot Identification
Content-Type Mistakes
Common Mobile Phone Request Headers
X-Moz Prefetching
Chapter 9 - Embedded Content
Embedded Styles
Detecting Robots
Detecting CSRF Attacks
Embedded JavaScript
Embedded Objects
Request Order
Cookie Stuffing
Impact of Content Delivery Networks on Security
Asset File Name Versioning
Chapter 10 - Attacks Against Site Functionality
Attacks Against Sign-In
Brute-Force Attacks Against Sign-In
Phishing Attacks
Username Choice
Brute Force Attacks Against Registration
Account Pharming
What to Learn from the Registration Data
Fun With Passwords
Forgot Password
Password DoS Attacks
Don’t Show Anyone Their Passwords
User to User Communication
Chapter 11 - History
Our Past
History Repeats Itself
JavaScript Database
Internet Explorer Persistence
Flash Cookies
CSS History
Same Page, Same IP, Different Headers
Breakout Fraud
Chapter 12 - Denial of Service
What Are Denial Of Service Attacks?
Distributed DoS Attacks
My First Denial of Service Lesson
Request Flooding
Identifying Reaction Strategies
Database DoS
Targeting Search Facilities
Unusual DoS Vectors
Banner Advertising DoS
Chargeback DoS
The Great Firewall of China
Email Blacklisting
Dealing With Denial Of Service Attacks
Chapter 13 - Rate of Movement
Timing Differences
Click Fraud
Warhol or Flash Worm
Samy Worm
Inverse Waterfall
Pornography Duration
Chapter 14 - Ports, Services, APIs, Protocols and 3rd
SSL and Man in the middle Attacks
Browser Detection
Black Dragon, Master Reconnaissance Tool and BeEF
Java Internal IP Address
MIME Encoding and MIME Sniffing
Windows Media Player “Super Cookie”
Virtual Machines, Machine Fingerprinting and Applications
Monkey See Browser Fingerprinting Software – Monkey Do Malware
Malware and Machine Fingerprinting Value
Unmasking Anonymous Users
Java Sockets
De-cloaking Techniques
Persistence, Cookies and Flash Cookies Redux
Additional Browser Fingerprinting Techniques
Chapter 16 - Uploaded Content
Image Watermarking
Image Stenography
EXIF Data In Images
GDI+ Exploit
Child Pornography
Copyrights and Nefarious Imagery
Sharm el Sheikh Case Study
Text Stenography
Blog and Comment Spam
Power of the Herd
Profane Language
Localization and Internationalization
Chapter 17 - Loss Prevention
Lessons From The Offline World
Subliminal Imagery
Security Badges
Prevention Through Fuzzy Matching
Manual Fraud Analysis
Chapter 18 - Wrapup
Mood Ring
Blocking and the 4th Wall Problem
Booby Trapping Your Application
Heuristics Age
Know Thy Enemy
Race, Sex, Religion
Ethnographic Landscape
Calculated Risks
Correlation and Causality
About Robert Hansen
0 of .
Results for:
No results containing your search query
P. 1
Detecting Malice

Detecting Malice

Ratings: (0)|Views: 894|Likes:
Published by Ahmed Mekki

More info:

Published by: Ahmed Mekki on May 22, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 7 to 93 are not shown in this preview.
You're Reading a Free Preview
Pages 100 to 102 are not shown in this preview.
You're Reading a Free Preview
Pages 109 to 202 are not shown in this preview.
You're Reading a Free Preview
Pages 209 to 254 are not shown in this preview.
You're Reading a Free Preview
Pages 261 to 316 are not shown in this preview.

Activity (4)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
nsipel_346418192 liked this
jlw223 liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->