877.791.9571 |

Monthly Archives: December 2011

A Vulnerable Civic Infrastructure: The Attack on South Houston’s SCADA Water System

As the world becomes increasingly digitized, IT security impacts more and more of our lives. Most ordinary citizens are unaware of how our important civic services- electricity, public transportation and water, not just telecommunications- are now dependent on computing and networking technologies.

Many industrial utilities are operated with SCADA, supervisory […]

By |December 27th, 2011|Interviews, SCADA|0 Comments

Measuring the ROI of Security Training

Marc Winner hasn’t come up with a way to precisely measure the return on investment for security training. What he does know for certain, however, is that the $100,000 or so that his company spends annually to keep employees on their toes is part of the price of operating […]

LOIC (Low Orbit Ion Cannon) – DOS attacking tool

The DOS (Denial of service) attack is one of the more powerful hacks, capable of completely taking a server down. In this way, the server will not be able to handle the requests of valid users. With a DOS attack, many computer systems connected to the internet will try […]

By |December 20th, 2011|Hacking|25 Comments

KARMETASPLOIT, Pwning the Air!

Wireless networks have become very common in today’s world, people are used to be connected to wireless networks in office, home, coffee shops etc. In order to facilitate the process of connecting to the wireless network, most of the operating systems often remember the previous networks connected to (often […]

Web Analysis, Vulnerability Assessment and Exploitation using Backtrack5

Web application analysis plays a major role while doing a vulnerability assessment/penetration test. Proper information about the web application (for example like type of plugins used; CMS type – whether it is joomla, wordpress, etc.) can help the pentester determine the right exploit to use, […]

By |December 16th, 2011|Hacking|1 Comment

Rootkit Detector Features: Malicious System Threads and Debug Registers

Introduction:
In my last article, we’d discussed the most important ways in which a rootkit enters a system and subsequently masks its presence so it isn’t detected. We’d also looked at two popular rootkit detectors in Tuluka and Gmer, and discussed what rootkit masking techniques they are able to identify […]

Writing Self-Modifying Code Part 2: Using extended assembly – Practice

Part 1 is here: http://resources.infosecinstitute.com/writing-self-modifying-code-part-1/

All the code for this tutorial is on github. Links for particular components are interspersed, or you can just pull the repo. It seems my video lost a bit of audio at the end. All I was noting is that when performing multiple calls in […]

Secure Random Number Generation in JAVA

Some Random Number concepts:
“Random numbers” means numbers which are random in practice (i.e. unpredictable and non – reproducible). As simple this term looks when you hear it for the first time, it is more difficult to reproduce. It is a bit different when we talk about single random numbers […]

Enterprise Security: A practitioner’s guide – Chapter 1

Chapter 1Security: A working definition

Managing Risk
Probability of OccurrenceBusiness Impact

Threat Sources
Human Threats
Geographic Threats
Natural Threats
Technical Threats

Security as a Business Enabler
Government Regulations
Litigation
Public Perception
Corporate Espionage
Cyber-warfare
Security Objectives
Summary
References
Security is defined in various ways, depending on perspective. Business managers might see it as a collection of pesky, cost-increasing regulatory mandates. Information technology (IT) […]

Firefox Forensics and SQLite Tables for Computer Forensics Analysis

I was showing off a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox […]

By |December 9th, 2011|Forensics|3 Comments

VLAN Hacking

Introduction
In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location independence to the users, able to save the bandwidth, manage the device, cost effective for the organization are some of the facilities provided by […]

Privacy and Big Data Book Review

Privacy and Big Data
Terence Craig and Mary E. Ludloff
O’Reilly Media

At this point, everyone and their uncle is on Facebook. Free webmail accounts via providers such as Hotmail or Gmail number in the billions. More and more people are using mobile devices on platforms from Google, Apple, RIM, and Microsoft. […]

Abusing IP Protocols to Create Covert Channels when Penetration Testing

This article will talk about the maintaining access step in a penetration test. After an attacker has broken into the system and got access, escalated privileges etc, it is important for him to maintain his authority on the system so that he can access it at a later time. […]

REVERSING RORPIAN – DHCP Hijacking Malware

We have seen our fair share of malware codes from time to time. With the help of disassemblers and debuggers, we have a shot of understanding them. But malware are not that simple to understand, one has to know assembly language. But even knowing the language is not enough […]

Social Engineering Toolkits

Introduction:
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information –Wikipedia

Pen testers can break into an employee’s security or get their information like domain logins, official email logins, important documents, etc using Social Engineering. There are different types of social […]

By |December 2nd, 2011|Hacking|0 Comments