877.791.9571 |

Monthly Archives: October 2011

iPhone Espionage

There is this misconception that iPhones are protected by the iPhone passcode. This may be true for non-jailbroken iPhones, but not for jailbroken ones.

It is possible to have root access to the iPhone file system using tools from libimobiledevice.org, even when the locked jailbroken iPhone is protected by the […]

InfoSec Institute Review: Training Course Reviews

Computer Forensics Online Course Review: http://www.hackingtricks.in/2012/06/infosec-institute-security-course.html
Forensics Review: http://www.hackingtricks.in/2012/06/infosec-institute-computer-forensic.html
Security+ Online Course Review: http://www.hackingtricks.in/2012/06/infosec-institute-security-course.html

CPT: Ethical Hacking Training @ Ethical Hacker .net
InfoSec Institute Review : http://www.ethicalhacker.net/content/view/368/2/
Ethical Hacking: MadIrish.net
InfoSec Institute Review: http://www.madirish.net/node/382
Computer Forensics Course Review – ForensicFocus.com
InfoSec Institute Review: http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=952
InfoSec Institute Review: http://www.tomsitpro.com/articles/it-certification-it-training,2-141-4.html
InfoSec Institute Review: http://r00tsecur1ty.org/forums/showthread.php?t=121
InfoSec […]

The Pandora’s Box of Cyber Warfare

Last week, the New York Times scooped a story that the Obama administration “intensely debated” plans to use cyber warfare as part of the March 2011 military intervention in Libya and in the May 2011 operation in Pakistan that led to the death of Osama Bin Laden. The tactics […]

By |October 27th, 2011|SCADA|2 Comments

Security in Public API’s – How

Far too often we will download an API (Application Programming Interface) from Programmable Web, or download an SDK like the Facebook SDK and not worry about any of the security issues that might come from bad or improper coding practices that are embedded within the API. Often any static […]

Blind SQL Injection 1.0 – Attack Anatomy


In this article we’ll discuss Blind SQL Injection and how the attack can be carried out. We’ll start off with the basics of SQL Injection, briefly discuss its types and then find out how Blind SQL Injection is different. We’ll look at what data can be stolen and whether […]

A History of Anonymous

Anonymous is the most famous ‘hacktivist’ group in the world. The informal nature of the group makes its mechanics difficult to define. Subsequently, without a formal organizational hierarchy, it’s difficult to explain Anonymous to the general public and the media. In this article, I’ll explain the history of the […]

Understanding the implications of Facebook Connect and OAuth

Over the last month there has been a minor if interesting discussion about the use of Facebook Connect and the idea that it does not delete cookies when you log out. If you set your Facebook connect login to never log you out, OAuth and the Facebook implementation will […]

Cracking Democracy – Hacking Electronic Voting Machines

Communications around the world are gradually going digital.

I was born in 1984. I would expect, if I entered a typical office workplace that year, to find various filing cabinets, stacks of paper letters, memos and invoices, and typewriters. Even the state-of-the-art electronic typewriters of that day, such as the […]

SQL Injection: The Equal Opportunity Vulnerability

In the first installment of this series, we discussed application security within the Software Development Process by demystifying the adoption of security controls within the development organization. We also took a deeper dive into identifying potential vulnerabilities based on threats to attack surfaces exposed to the application, a process […]

Android malware analysis

The advance in technology brought us mobile phones with almost the same power and features as our personal computers. Something that criminal minds will find a way to exploit for their gain as the history has shown. In late months we have seen an increasing amount of malware aimed […]

HTTP Response Splitting Attack


In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we’re clear about how it works, because it is an often misunderstood topic, we’ll then look at how Response Splitting can be used to carry out Cross Site Scripting(XSS). We’ll […]

Egghunter Exploitation Tutorial

This tutorial will cover the process of writing a buffer overflow exploit for a known vulnerability in the Vulnserver application. This is the fifth article in the Vulnserver series.

Vulnserver is a Windows server application that deliberately includes a number of exploitable buffer overflow vulnerabilities, and was designed to act […]