877.791.9571 |

Monthly Archives: February 2011

OllyDbg Tricks for Exploit Development

This is the second article in a series about using the OllyDbg, a 32 bit assembler level analyzing user mode debugger for Windows.

In part one of this tutorial we covered:

Starting the Debugger
Opening and Attaching to the debugging target application
The OllyDbg CPU view
The 20 second guide to X86 Assembly language […]

Debugging Fundamentals for Exploit Development

Introduction

This is a basic exploit writers tutorial for OllyDbg, a 32 bit assembler level analyzing user mode debugger for Windows. Version 1.10 of OllyDbg is used, but the majority of the techniques discussed should also be applicable to other versions of OllyDbg (including version 2) as well as to […]

CISSP Domain – Physical and Environmental Security

This week’s article looks at the Physical and Environmental Security domain of CISSP.  First and foremost, (ISC)2 and the CISSP exam consider human safety paramount.  If you have a test question and one of the answers is human safety, that is the right answer, it is always MOST important.

Let’s […]

CISSP Domain – Security Architecture and Design

This article will cover some of the major areas within Security Architecture and Design by looking at: design concepts, hardware architecture, OS and software architecture, security models, modes of operations, and some system evaluation methods, specifically CAP.

First, design concepts. You need to remember “LAST.”  That is L=Layering, A=Abstraction, S=Security Domains […]

CISSP – Access Control Domain

There are several areas within access control which are covered on the CISSP exam.  Those areas include IAAA (Identification, Authentication, Authorization and Accountability), access control techniques & technologies, administration, control methods, control types, accountability, control practices, monitoring and threats to access control.  This article deals specifically with the role […]

Some common Infosec job roles and related certifications

Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it’s much broader than that. IDS specialist, firewall specialist, penetration tester, forensics investigator, security assessments (not to be confused with penetration testing because they are very different), are all […]

CISSP Domain – Information Security Governance and Risk Management

Today let’s take a look at the CISSP Domain that deals with Information Security Governance and Risk Management. When we speak about IS Governance we’re talking about how management views security, how the security organization is structured, who the Information Security Officer (ISO) reports to and some basic guiding […]