Cracking and Evading Authentication







Risk Rating:


Authentication can take any form, whether based on a white list, black list, or mix of the two; it does not need to be a login/password by itself. A solution such as antivirus software can, therefore, be seen as black list authentication because like a parser, it searches all data for code matching signatures in its database. If it cannot match the code to a signature, then it allows the data. This explains why antivirus software is notoriously ineffective against new viruses and variants of old viruses. Even behavioral and heuristic scanners need to find a match against a database of known viral behaviors, which is also extremely difficult since behavior can mutate from system to system.

Authentication attacks are not only directed at login/password type schemes but also at evasion, circumvention, manipulation, and forgery. The attacks can also follow the same techniques used to test any form of authentication. To understand these techniques, you must first understand the authentication process, which, when working correctly, will always occur in the following order even if the process is not necessarily broken down in this manner:

1. Identify the agent. Determine who or what will be authenticated for access or interaction and how and where that identification will take place.

2. Authorize the agent. Provide permission, either implied or in the form of a token that the agent must have or show for access or interaction.

3. Authenticate the agent. Verify the authorization of that agent against specific criteria and grant access.

To defeat authentication controls, you must attack at least one of these three parts of the process.

Was this article helpful?

0 0
How To Protect Yourself From Spyware and Adware

How To Protect Yourself From Spyware and Adware

If you don't have any knowledge about adware/spyware completely taking over your computer. This letter will be the most important one that you've ever read. Never Worry About Someone Watching Your Each-And-Every Move Online, Educate Yourself With This Hard Hitting E-Book That Will Leave No Stone Unturned About Adware/Spyware.

Get My Free Ebook

Post a comment