877.791.9571 |

Monthly Archives: January 2012

Building the Foundation: Architecture Design – Chapter 3

This is Chapter 3 in Tom Olzak’s book, “Enterprise Security: A practitioner’s guide.”
Chapter 2 is available here: Risk Management – Chapter 2
Chapter 1 is available here: Enterprise Security: A practitioner’s guide – Chapter 1

Security enables the business; that is the central them of this book. However, how do we […]

Writing Self-Modifying Code Part 3: Antivirus Evasion

This is the third article in a series on the topic of self-modifying code.

Part 1 is here: Writing Self-Modifying Code Part 1: C Hellow Word with RWX and In-Line Assembly

Part 2 is here: Writing Self-Modifying Code Part 2: Using Extended Assembly-Practice

You can download the code mentioned in this article, […]

Hacking In The World’s Largest Mall

Figure 1. Yes there is a ship in the mall, and a whole bunch of wireless

Much has been made in the media about the frequency of computer intrusions that result in masses of credit card and other personal data being expropriated by person’s unknown and often used for fraud […]

CISSP Training – InfoSec Institute and Intense School

Our 7-Day CISSP training course is the best things you can do to prepare yourself to pass the CISSP exam.

The bootcamp style course lasts for 7 days, with 12 hours of training each day. It culminates with a final practice test that mimics that actual exam. On the last […]

By |January 24th, 2012|CISSP, Other|1 Comment

Wi-Fi Security: The Rise and Fall of WPS

Wireless local-area networks which are also referred to as WLANs or Wi-Fi are prevalent these days. They are so popular that they can be found installed in offices, colleges, hotels, cafes, and even homes. There are many Wi-Fi product vendors and service providers, providing different products with different services […]

Google Hacking: Amazon’s CloudFront

Google hacking is a time honored tradition that goes back many years. There are specific Google searches that will allow users to directly download documents that the company might not want to have publicly available. This kind of attack takes on a number of different Google searches that will […]

By |January 23rd, 2012|Hacking|1 Comment

Burp Suite Walkthrough

Burp Suite is one of the best tools available for web application testing. Its wide variety of features helps us perform various tasks, from intercepting a request and modifying it on the fly, to scanning a web application for vulnerabilities, to brute forcing login forms, to performing a check […]

Under the Hood: Reversing Android Applications

For several years now, there has been an explosive increase in the use of mobile applications. Included in this staggering increase of mobile software are applications that store, process, and transmit personal and sensitive data. While they are not the only players, the Google Android and Apple IOS platforms […]

Risk Management – Chapter 2

Managing security is managing risk. As explained in Chapter 1,
Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate application of administrative, technical, and physical controls, as required by risk management.

In Chapter 1, we explored risk at a high-level. As security practitioners, however, we […]

A Few Words on Malware – The Sality Way

Malware comes in different sizes and shapes. Trojans, worms, viruses, downloaders, and others are becoming more common than common cold medicine. These malware are mixed and matched to produce as much damage as possible. Some are originally designed from scratch, and some are recycled from an old malware collection, […]

Hacking Web Authentication – Part 2

In the first part of this article we looked at some of the common authentication types used in Web Applications these days and discussed their pros and cons. In this article we take it one step further and discuss some of the advanced authentication methods used these days. We will […]

Inserting Vulnerabilities in Web Applications

In this article we will look at how we can insert vulnerabilities in web applications.
Why? There are basically two reasons.
Firstly, it allows us to see the application from the eyes of a web developer and not a hacker. Secondly, because it allows us to create a platform where we […]

The THC SSL DoS Threat

    Ever since computers became ubiquitous and affordable they have attracted malicious users as well as those who use computers for altruistic purposes. These malicious users– sometimes called “black hats” or “crackers”– often try and take servers, desktops or entire networks offline using something called a Denial of Service attack […]

By |January 12th, 2012|Hacking|3 Comments

Fail-Open Authentication in IT Security

Authentication: Fail-Open
What do you mean by Fail-Open authentication?
Fail-open authentication is the situation when the user authentication fails but results in providing open access to authenticated and secure sections of the web application to the end user.
What is the impact when authentication does not fail securely?
Users can bypass authentication […]

By |January 10th, 2012|Hacking|0 Comments

Cross-Site Scripting (XSS)

Web applications today suffer from a variety of vulnerabilities. Cross Site Scripting (XSS) is one of the most prevalent web application security flaws, yet possibly the most overlooked. It holds second position in the OWASP Top Ten 10 Web Application Security Risks for 2010.

Cross-Site Scripting is a type of […]

The Art of Writing Penetration Test Reports

You close the lid of your laptop; it’s been a productive couple of days. There are a few things that could be tightened up, but overall the place isn’t doing a bad job. Exchange pleasantries with the people who have begrudgingly given up time to escort you, hand in […]

iPhone Forensics

iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.

iPhone 4 GSM model with iOS 5 is used for forensics.

GOAL
Extracting data […]

By |January 6th, 2012|Forensics|26 Comments

Rock Solid: Will Digital Forensics Crack SSDs?

Digital forensics is one of the most interesting and exciting fields of information security that you can ever be fortunate enough to work in, but not for the reasons you might expect. To those who have never been involved in an investigation, sorry to disappoint, it’s nothing like the […]

Hacking Web Authentication – Part 1

Authentication is the process of validating something as authentic. When a client makes a request to a web server for accessing a resource, sometimes the web server has to verify the user’s identity. For that the user will have to supply some credentials and the web server validates it. […]

Fuzzing – Application and File Fuzzing

In our first article, we reviewed the basics of fuzzing as well as the mutation and generation technique. We have also introduced the PeachFuzzer, which we will take a closer look at with this article.
Application Fuzzing:
Whether the application be a desktop app or a web app, there are any […]