(Proof Of Concept exploit) An attack against a computer or network that is performed only to prove that it can be done. It generally does not cause any harm, but shows how a hacker can take advantage of a vulnerability in the software or possibly the hardware. See exploit.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- 'Evil Maid' USB stick attack keylogs TrueCrypt passphrases
- Security researcher Joanna Rutkowska has released a PoC proof of concept of a keylogger that is capable of logging TrueCrypt's disk encryption passphrase enabling the attacker to successfully decrypt the hard drive's content. Dubbed, the 'evil maid' attack due to its 'plug-and-exploit' functionality requiring 1-2 minutes for...
- Blog posts 2009-10-19
- Remote exploit released for Windows Vista SMB2 worm hole
- Time for an out-of-cycle patch Microsoft. nt.This exploit doesn't countIf the exploit was created by security researchers, it doesn't count.Cue the double standards...It's called "Proof of concept".Originally classified as "Denial of Service", it is now proved to be wormable in every version of Windows currently on the market.But feel free...
- Discussion threads 2009-09-17
- Windows 7, Vista exposed to 'teardrop attack'
- Vulnerable by default?[i]Exploit code for a remote reboot flaw in Microsoft's implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.[/i]I presume this attack is able...
- Discussion threads 2009-09-08
- A Good Year for Security Collaboration
- Guest Editorial by George Stathakopoulos It seems like just yesterday when I was at Black Hat. Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the...
- Blog posts 2009-07-27
- Remote code execution exploit for Firefox 3.5 in the wild
- A zero day exploit (Firefox 3.5 Heap Spray Vulnerability) affecting Mozilla's latest Firefox release has been published in the wild. Through an error in the processing of JavaScript code in 'font tags' malicious attackers could achieve arbitrary code execution and install malware on the affected hosts....
- Blog posts 2009-07-14
- Exploit code sends Mozilla scrambling to fix Firefox
- Exploit code sends Mozilla scrambling to fix FirefoxNot intended to be flame-bait butWhere are the howls of outrage that we'd see if this were IE8? RE: Exploit code sends Mozilla scrambling to fix FirefoxYou don't get howls cause it gets fixed too quick! That my friend is the difference. The...
- Discussion threads 2009-03-26
- One-year-old (unpatched) Windows 'token kidnapping' under attack
- Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating. The vulnerability, called token kidnapping (.pdf), was...
- Blog posts 2009-03-16
- IE7 XML parsing zero day exploited in the wild
- IE7 XML parsing zero day exploited in the wildThank goodness for Protected ModeFlaws such as this can easily be present in any browser. Good thing that IE on Vista runs in Protected Mode so that the exploit can't do much damage.Not sure if Chrome's security model includes an equivalent...
- Discussion threads 2008-12-10
- IE7 XML parsing zero day exploited in the wild
- A couple of hours ago, two working proof of concept exploits for MS Internet Explorer XML Parsing Remote Buffer Overflow were posted at Milw0rm, with international hacking communities quickly catching up and starting to use it. The second PoC also works on Vista, in particular both exploits were tested on...
- Blog posts 2008-12-10
- Black market for zero day vulnerabilities still thriving
- One would assume that popular sources for zero day vulnerabilities+Poc's such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They'd be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter OTC trade of zero day flaws, has been...
- Blog posts 2008-11-02
- On Opera patch day, a new zero-day flaw
- On Opera patch day, a new zero-day flawOpera flawExcept for an occasional site that is hard-coded to use IE, Opera has been a much more pleasant experience. IE used to crash several times a week. Firefox in their wisdom does not provide any way to convert the bookmarks, and I...
- Discussion threads 2008-10-23
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- Clickjacking: Researchers raise alert for scary new cross-browser exploitText or graphicremember there use to be a link on web pages if you wanted text only or graphics.that should be put back in placein the wild?"Zero-day" means that the exploit was being used in the wild before a patch was released...
- Discussion threads 2008-09-25
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Discussion threads 2008-07-24
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- XSS worm at Justin.tv infects 2,525 profiles
- A XSS worm was crawling across Justin.tv, the popular lifecasting platform at the end of June, details of the incident emerged in the middle of last week. Basically, the group that found the XSS vulnerability abused it for the purpose of generating the following graph as a proof of concept,...
- Blog posts 2008-07-14
- Demo exploits posted for unpatched MS Word vulnerability
- Demo exploits posted for unpatched MS Word vulnerabilityThe latest Office 2007 is not affectedThe latest Office 2007 is not affectedDamn it... and on a day I have reporting to doSee, I work with a group of guys where all we do is hack for our clients and show them how...
- Discussion threads 2008-06-23
- Proof of Concept "carpet bombing" exploit released in the wild
- In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as "carpet bomb" flaw, a working Proof of Concept exploit code has been released at Liu Die Yu's security blog : Nitesh Dhanjani discovered that Safari for...
- Blog posts 2008-06-11
- Apple under pressure to fix Safari 'carpet bomb' flaw
- Apple under pressure to fix Safari 'carpet bomb' flawThe problem with this one isIt's too easy. Anyone can read the PoC and figure out how to conduct a full blown attack quite simply. If you fit the pieces together, it's directly attackable.-NateRE: Apple under pressure to fix Safari...
- Discussion threads 2008-05-20
- MS08-025: Microsoft Windows kernel vulnerable to local privilege escalation flaw
- From Microsoft: A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server...
- Blog posts 2008-04-29
- Taking ownership of content
- Billy Rios covered a very interesting flaw in Google's code.google.com site on his blog today. The issue involves taking ownership of content of a third party by an application and relates to research that Rios and I originally presented at DEFCON 15 last year. Before...
- Blog posts 2008-04-04
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
