Report by Miguel Bigueur & Les Davis
Figure 1. Anatomy of a URL and Web Server Architecture.
The intent is to manipulate URL inputs as a method of infiltration by means of legitimacy. The goal here is to masquerade as legitimate traffic in an effort to penetrate firewalls uninhibited, while bypassing all pre-established defense mechanisms. Once this is achieved, an attacker is afforded the opportunity to escalate privileges with an opportunity to engage in lateral movements.
A few tools that can be used to help discover vulnerabilities in web and mail servers include: Continue reading