Top 10 web hacking techniques of 2021
"the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year."
https://portswigger.net/research/top-10 ... es-of-2021
they also recommend the nomination list as good reading...
Top 10 web hacking techniques of 2021
Top 10 web hacking techniques of 2021
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Re: Top 10 web hacking techniques of 2021
an annoying page thru story here, but in depth article on the replacement for the kgb hackers.
https://interaktiv.br.de/elite-hacker-fsb/en/index.html
The Snake hackers are also known by the names Turla or Uroburos.
Ultimately, the reporting leads to a company in the Russian city of Ryazan – a company that, according to official information, once belonged to the FSB.
The level of proficiency of the Snake hackers is outlined in documents that were leaked several years ago. The Canadian signals intelligence agency, which calls the group Makers Mark, described the developers of the malware at the time as “geniuses,” but said their highly complex tools are “implemented by morons.” An official from a German security agency explains it as follows: “For some tasks, such as programming the malware code, people who are extremely technically adept are required. But those who then gather up the goods once a network is penetrated – they don’t have to be the best.”
BfV, the German domestic intelligence agency, also emphasizes the “exceptional” abilities of the hackers, who present an “extreme danger” (PDF).
IT security researcher Paul Rascagnères, who in 2014 became one of the first to discuss Snake in public, told BR and WDR: “For me, at the time, they were perhaps in the top five worldwide.” Many hacker groups, he says, learned how to successfully penetrate networks by watching Snake"
BSI agents learned that the hackers found their way into the Foreign Ministry via a detour through the University of the Federal Public Administration. The institution provides training to security officials, police and diplomats in addition to intelligence agents, both foreign and domestic.
Together with the Foreign Ministry, the BSI decided to adopt a strategy that, at first glance, might appear to be extremely risky. Instead of shutting the hackers out of the network, they decided to monitor their activities for several weeks.
The analysis performed by the BSI revealed the trick with the satellites. Whereas fiber-optic cables are the primary method used in Germany for accessing the internet, other countries rely heavily on satellite internet. The data is simply sent from space directly to the user’s satellite dish. The Snake hackers are able to take advantage of that delivery method.
The infected computer seeks to access the website, which is controlled by the hackers. In doing so, the computer is forced to use satellite internet.
The Snake hackers are then able to collect the data using their satellite dishes.
https://interaktiv.br.de/elite-hacker-fsb/en/index.html
The Snake hackers are also known by the names Turla or Uroburos.
Ultimately, the reporting leads to a company in the Russian city of Ryazan – a company that, according to official information, once belonged to the FSB.
The level of proficiency of the Snake hackers is outlined in documents that were leaked several years ago. The Canadian signals intelligence agency, which calls the group Makers Mark, described the developers of the malware at the time as “geniuses,” but said their highly complex tools are “implemented by morons.” An official from a German security agency explains it as follows: “For some tasks, such as programming the malware code, people who are extremely technically adept are required. But those who then gather up the goods once a network is penetrated – they don’t have to be the best.”
BfV, the German domestic intelligence agency, also emphasizes the “exceptional” abilities of the hackers, who present an “extreme danger” (PDF).
IT security researcher Paul Rascagnères, who in 2014 became one of the first to discuss Snake in public, told BR and WDR: “For me, at the time, they were perhaps in the top five worldwide.” Many hacker groups, he says, learned how to successfully penetrate networks by watching Snake"
BSI agents learned that the hackers found their way into the Foreign Ministry via a detour through the University of the Federal Public Administration. The institution provides training to security officials, police and diplomats in addition to intelligence agents, both foreign and domestic.
Together with the Foreign Ministry, the BSI decided to adopt a strategy that, at first glance, might appear to be extremely risky. Instead of shutting the hackers out of the network, they decided to monitor their activities for several weeks.
The analysis performed by the BSI revealed the trick with the satellites. Whereas fiber-optic cables are the primary method used in Germany for accessing the internet, other countries rely heavily on satellite internet. The data is simply sent from space directly to the user’s satellite dish. The Snake hackers are able to take advantage of that delivery method.
The infected computer seeks to access the website, which is controlled by the hackers. In doing so, the computer is forced to use satellite internet.
The Snake hackers are then able to collect the data using their satellite dishes.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0