Major Threats & Vulnerabilities in Web and Mail Systems

Analysis and Remediation Strategies

 Introduction

● Brief overview of web and mail systems

● Importance of securing these systems
 Common Threats to Web Systems

● SQL Injection: Exploits vulnerabilities in the database layer

● Cross-Site Scripting (XSS): Injects malicious scripts into web pages
● Cross-Site Request Forgery (CSRF): Tricks users into executing unwanted actions
● Distributed Denial of Service (DDoS): Overwhelms the system with traffic
● Man-in-the-Middle (MitM) Attacks: Intercepts communications between users and
websites.
 SQL Injection (I)

Content:

● Description: An attacker injects malicious SQL code into a query

● Impact: Data breaches, data loss, unauthorized access
 SQL Injection (II)

Remediation:

● Use prepared statements and parameterized queries

● Employ input validation and sanitization
● Regularly update and patch systems
Before Parameterized Query After Parameterized Query

import sqlite3 import sqlite3

conn = sqlite3.connect('example.db') conn = sqlite3.connect('example.db')

cursor = conn.cursor() cursor = conn.cursor()

user_input = "alice'; DROP TABLE users; user_input = "alice'; DROP TABLE

--" users; --"

query = f"SELECT * FROM users WHERE query = "SELECT * FROM users WHERE

username = '{user_input}'" username = ?"

cursor.execute(query) cursor.execute(query, (user_input,))

conn.close() conn.close()
 Input Validated Code
import re
import sqlite3

conn = sqlite3.connect('example.db')
cursor = conn.cursor()

user_input = "alice"
if re.match("^[a-zA-Z0-9_]*$", user_input):
query = "SELECT * FROM users WHERE username = ?"
cursor.execute(query, (user_input,))
print(cursor.fetchone())
else:
print("Invalid input")

conn.close()
 Cross-Site Scripting (XSS) (I)

Content:

Description: Attackers inject malicious scripts into web pages viewed by others

● Impact: Data theft, session hijacking, defacement

 Cross-Site Scripting (XSS) (II)

Remediation:

● Encode data based on context (HTML, JavaScript, URL)

● Implement Content Security Policy (CSP)
● Validate and sanitize user inputs
 Vulnerable HTML Sanitized HTML
from flask import Flask, request from flask import Flask, request
from markupsafe import escape from markupsafe import escape

app = Flask(__name__) app = Flask(__name__)

@app.route('/') @app.route('/')
def index(): def index():
user_input = user_input =
request.args.get('user_input', '') request.args.get('user_input', '')
safe_input = escape(user_input) safe_input = escape(user_input)
return f'<h1>Hello, return f'<h1>Hello,
{safe_input}!</h1>' {safe_input}!</h1>'

if __name__ == '__main__': if __name__ == '__main__':

app.run(debug=True) app.run(debug=True)
$nickname = htmlspecialchars(getNickName(),
ENT_QUOTES, 'UTF-8');
echo "Greeting $nickname, nice to meet you!";
 Cross-Site Request Forgery (CSRF) (I)

Content:

● Description: Forces users to execute unwanted actions on web

applications
● Impact: Unauthorized transactions, data loss
from flask import Flask, request,
render_template_string

app = Flask(__name__)

<form method="post"
@app.route('/form', methods=['GET', 'POST'])
action="http://localhost:5000
def form():
if request.method == 'POST':
/form">
return 'Form submitted! ' <input type="hidden"
return ''' name="data" value="malicious
<form method="post" action="/form"> data">
<input type="text" name="data"> <input type="submit">
<input type="submit">
</form>
</form>
'''

if __name__ == '__main__':
app.run(debug=True)
 Cross-Site Request Forgery (CSRF) (II)

Remediation:

● Use anti-CSRF tokens

● Implement same-site cookies
● Validate request origins
 CSRF Protection

from flask import Flask, request, @app.route('/form', methods=['GET', 'POST'])

render_template_string def form():
from flask_wtf import FlaskForm , form = MyForm()
CSRFProtect if form.validate_on_submit ():
from wtforms import StringField, return 'Form submitted! '
SubmitField return render_template_string ('''
<form method="post" action="/form">
app = Flask(__name__) {{ form.hidden_tag() }}
app.config['SECRET_KEY '] = {{ form.data.label }} {{ form.data() }}
'mysecretkey ' {{ form.submit() }}
csrf = CSRFProtect (app) </form>
''', form=form)
class MyForm(FlaskForm):
data = StringField('Data') if __name__ == '__main__':
submit = SubmitField('Submit') app.run(debug=True)
 Distributed Denial of Service (DDoS) (I)

Content:

● Description: Overloads a system with traffic, making it unavailable

● Impact: Downtime, financial losses, reputational damage
 Distributed Denial of Service (DDoS) (II)

Remediation:

● Use DDoS protection services

● Implement rate limiting
● Deploy Web Application Firewalls (WAF)
 Man-in-the-Middle (MitM) Attacks (I)

Content:

● Description: Eavesdropping and intercepting communications

between two parties
● Impact: Data theft, manipulation of data
from scapy.all import *

# Define a function to intercept packets

def intercept_packet(packet):
if packet.haslayer(TCP):
if packet[TCP].payload:
data = packet[TCP].payload.load
# Modify HTTP response body
if b'</body>' in data:
modified_data = data.replace(b'</body>', b'<script>alert("MITM
attack!")</script></body>')
packet[TCP].payload = bytes(modified_data)
del packet[IP].chksum
del packet[TCP].chksum
send(packet)
print("[+] Packet intercepted and modified")

# Sniff network traffic and call intercept_packet for each packet

sniff(filter="tcp port 80", prn=intercept_packet)
 Man-in-the-Middle (MitM) Attacks (II)

Remediation:

● Use HTTPS with strong encryption

● Employ VPNs for secure communication
● Regularly update and patch systems
 Common Threats to Mail Systems

Content:

● Phishing: Deceptive emails to steal credentials or deliver malware

● Spam: Unsolicited bulk messages, often containing malicious links
● Malware: Email attachments or links that deliver malicious
software
● Email Spoofing: Forged sender addresses to deceive recipients
 Phishing as Social Engineering

● Description: Phishing attacks are a form of social engineering that

manipulate human behavior to gain confidential information.
● Key Tactics:
● Deception: Posing as trusted entities to trick victims
● Manipulation: Exploiting human emotions like fear, urgency, or
curiosity
● Persuasion: Convincing victims to disclose information or
perform actions
 Spam I

Content:

● Description: Unwanted bulk email, often containing harmful links

or attachments
● Impact: Decreased productivity, security risks
 Spam II

Remediation:

● Use robust spam filters

● Implement email authentication (SPF, DKIM, DMARC)
● Regularly update spam filter rules
 Malware

Content:

● Description: Malicious software spread via email attachments or

links
● Impact: Data loss, system damage, unauthorized access
 Malware

Remediation:

● Use advanced email security solutions

● Regularly update antivirus software
● Educate users on safe email practices
 Email Spoofing

Content:

● Description: Forging email sender addresses to deceive recipients

● Impact: Fraud, phishing attacks, reputational damage
 Email Spoofing

Remediation:

● Implement email authentication protocols (SPF, DKIM, DMARC)

● Use email filtering solutions
● Train users to recognize spoofed emails
 Phishing I

Content:

● Description: Fraudulent attempts to obtain sensitive information

● Impact: Credential theft, financial loss, data breaches
 Branches of Phishing Attack

● Spear Phishing: Targeted phishing aimed at specific individuals or

organizations
● Whaling: Phishing attacks directed at senior executives and
high-profile targets
● Clone Phishing: Duplication of legitimate emails with malicious
content
● Vishing: Phishing conducted over the phone (voice phishing)
● Smishing: Phishing using SMS or text messages
 Spear Phishing
● Description: Highly targeted phishing attacks aimed at specific
individuals
● Impact: More convincing attacks, higher success rate, credential
theft

Remediation:

● Train users to recognize suspicious emails

● Implement advanced threat protection
● Verify unusual requests through secondary channels
 Whaling

● Description: Phishing attacks targeting senior executives and

high-profile individuals
● Impact: Access to sensitive information, financial loss, reputational
damage

Remediation:

● Educate executives on phishing risks

● Use email authentication protocols
● Implement strict verification processes for sensitive requests
 Clone Phishing
Description: Duplication of legitimate emails with malicious content or
links
Impact: Increased likelihood of deception, credential theft, malware
infection
Remediation:

● Verify the authenticity of unexpected emails

● Use email scanning and filtering solutions
● Educate users on recognizing clone phishing attempts
 Vishing (Voice Phishing)
● Description: Phishing attacks conducted over the phone, often
impersonating legitimate entities
● Impact: Credential theft, financial loss, unauthorized access

Remediation:

● Educate users on vishing techniques

● Implement caller ID verification
● Encourage verification of requests through known, official
channels
 Smishing (SMS Phishing)
● Description: Phishing using SMS or text messages to deliver
malicious links or requests
● Impact: Credential theft, financial loss, unauthorized access

Remediation:

● Educate users on the risks of clicking on links in unsolicited

texts
● Implement SMS filtering solutions
● Encourage users to verify requests through known, official
channels
 Phishing III

Remediation:

● User education and awareness

● Implement email filtering and scanning
● Use multi-factor authentication (MFA)
 Email Security Protocols Overview
Content:

● Description: Introduction to essential email security protocols that help

protect against email spoofing and phishing.
● Key Protocols:
● DKIM (DomainKeys Identified Mail)
● DMARC (Domain-based Message Authentication, Reporting, and
Conformance)
● SPF (Sender Policy Framework
 SPF (Sender Policy Framework)

● Description: SPF is an email authentication method designed to detect and

prevent email spoofing by verifying the sender's IP address.
● How It Works:
● DNS Record: Domain owners publish SPF records in DNS, listing
authorized sending IP addresses.
● Verification: Receiving mail servers check the SPF record to verify if
the sender's IP is authorized.
● Pass/Fail: If the IP is authorized, the email passes; otherwise, it fails.
 SPF (Sender Policy Framework)

Benefits:

● Prevents unauthorized use of domain

● Reduces spam and phishing emails
● Enhances email deliverability
 DKIM (DomainKeys Identified Mail) (I)

Content:

Description: DKIM is an email authentication method that allows the sender to

associate a domain name with an email message, ensuring its integrity and
origin.
 DKIM (DomainKeys Identified Mail) (II)

● How It Works:
● Signing: The sending server uses a private key to generate a digital
signature for the email.
● Verification: The receiving server uses the sender's public key
(published in DNS) to verify the signature.
● Integrity: Ensures the email content has not been altered.
 DKIM (DomainKeys Identified Mail) (III)

Benefits:

● Validates the sender's domain

● Protects against email tampering
● Builds domain reputation
DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Content:

● Description: DMARC builds on DKIM and SPF, adding reporting and policy enforcement
to combat email spoofing.
● How It Works:
● Alignment: Ensures the "From" header domain matches the domain in DKIM and
SPF records.
● Policies: Defines actions (none, quarantine, reject) for emails that fail DKIM/SPF
checks.
● Reporting: Sends aggregate and forensic reports on email authentication results.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Benefits:

● Reduces email spoofing

● Provides visibility into email authentication
● Enables enforcement of email policies
 How DKIM, DMARC, and SPF Work Together

Content:

● Integrated Approach:
● SPF: Ensures emails are sent from authorized IP addresses.
● DKIM: Confirms the email's content integrity and verifies the sender's
domain.
● DMARC: Aligns SPF and DKIM results with the "From" header, enforcing
policies and providing reports.
 How DKIM, DMARC, and SPF Work Together

Comprehensive Protection:

● Combats email spoofing and phishing

● Enhances email security and trustworthiness
● Provides detailed insights and control over email authentication
 Implementing DKIM, DMARC
DKIM:

● Generate DKIM keys (private and public).

● Publish the public key in DNS.
● Configure email server to sign outgoing emails.

DMARC:

● Create a DMARC record with policy settings (none, quarantine, reject).

● Publish the DMARC record in DNS.
● Monitor reports and adjust policies as needed.
 Implementing SPF

SPF:

● Identify all sending IP addresses.

● Create an SPF record listing authorized IPs.
● Publish the SPF record in DNS.
Task #2 - Mail Security
Domain Acquisition
DNS Rules
Mail Forwarding
Firewall Events
Task 3 - Web Pentesting
100 Common Passwords
BurpSuite Brute Force Settings
Password Acquired -> Length 4571
Additional Settings
Brute Force with wfuzz
Insecure Captcha
THE END