A fun paper on remote log injection attacks from Daniel Cid (of OSSEC fame): "the goal of this document is to show some of the most common problems with log injections that we need to be aware when developing programs that parse log messages."
I am preparing more fun stuff on attacking log analysis ... stand by ... book tickets to Vegas (hint-hint) :-)
No comments:
Post a Comment