Skip to Main Content
Hacking: The Next Generation
book

Hacking: The Next Generation

by Nitesh Dhanjani, Billy Rios, Brett Hardin
August 2009
Beginner content levelBeginner
298 pages
9h 5m
English
O'Reilly Media, Inc.
Content preview from Hacking: The Next Generation

Blended Attacks

Now that we’ve discussed some techniques for identifying the protocol handlers for each operating system, we will demonstrate how protocol handlers have been used in blended attacks. Why are blended threats so effective? Typically, well-written, secure software is designed with certain threats in mind. These threats are normally defined during a threat model. Threat models are typically done in isolation, considering the consequences of direct attacks against the software being created. In an attempt to keep the threat model (and subsequent security effort) manageable, certain security assumptions are made and some threats are considered out of scope. For example, many threat models consider attacks in which the attacker already has the ability to write to the filesystem out of scope and ignore defenses against those attacks. This is where blended threats have the most impact. Blended threats take advantage of weaknesses in two (or more) different pieces of software to compromise or steal data from a victim’s system. Modern-day information systems are not homogeneous systems consisting of software from a single organization. Instead, systems are heterogeneous, consisting of software from various (many times, competing) publishers and organizations. This myriad software on our systems creates a web of interaction among numerous pieces of software that the attacker focuses on in blended attacks. Although blended attacks exist in many forms, the examples in the following ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Building a Modern Security Program

Building a Modern Security Program

Zane Lackey, Rebecca Huehls
Network Security Hacks

Network Security Hacks

Andrew Lockhart
Ransomware

Ransomware

Allan Liska, Timothy Gallo

Publisher Resources

ISBN: 9780596806309Errata Page