877.791.9571 |

Monthly Archives: April 2012

AlienVault OSSIM Review – Open Source SIEM

Introduction

As logs never lie, it’s very important to aggregate and analyze the internal and external network logs constantly so that companies can prevent breach or perform incident response in a timely manner. For that security reason, companies use SIEM(Security Information and Event Management) as a solution and it’s deployed […]

Hacking AutoUpdate by Injecting Fake Updates

Works against Java, AppleUpdate, Google Analytics, Skype, Blackberry and more

Introduction

We all know that hackers are constantly trying to steal private information by getting into the victim’s system, either by exploiting the software installed in the system or by some other means. According to one stat, more than 60 percent […]

Hacking WolframAlpha – The Anatomy

Preview
Sharing source code with peers is one thing; sharing secrets over a public medium is another. The all-seeing eye of Google has no mercy, and once the secret has been seen, indexed, and copied to clone sites, it is no longer a secret. Now combine the search power of […]

ISACA Changes CISM Exam for 2012

According to ISACA, the CISM certification is changing to reflect the new CISM job practice analysis. (Source: ISACA’s CISM Review Manual 2012 p. iii)

ISACA has reformatted the CISM changing it from five domains to four domains. They have combined the Information Security Program Development and Information Security Program Management […]

CISO Interview Series- Doug Steelman: CISO Dell SecureWorks

Profile Subject: Doug Steelman

Doug Steelman is the Chief Information officer of Dell SecureWorks, where he leads the defense of Dell SecureWork’s networks.

Before joining Dell SecureWorks, Steelman was the Director of the U.S. Department of Defense (DoD) Dynamic Network Defense Operations for U.S. Cyber Command. In that role, he was […]

Passive Fingerprinting

During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some information about the system/network being exploited, and to know the operating system running on the system (to be exploited). Also, from the network security […]

Penetration Testing for iPhone Applications- Part 2

In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy issues and the application local data storage.
Privacy issues
Every iPhone has an associated unique device Identifier derived from a set of hardware attributes called […]

By |April 18th, 2012|Hacking|5 Comments

VLAN Network Segmentation and Security- Chapter 5

This is Chapter 5 in Tom Olzak’s book, “Enterprise Security: A practitioner’s guide.”
Chapter 4 is available here:Attack Surface Reduction – Chapter 4
Chapter 3 is available here: Building the Foundation: Architecture Design – Chapter 3
Chapter 2 is available here: Risk Management – Chapter 2
Chapter 1 is available here: Enterprise Security: […]

Iframe & the Security Risk

Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to spread their malwares and worms, and they use the compromised websites for spamming and other purposes. OWASP has created an outline to secure a […]

w3af walkthrough and tutorial part 3 – Remaining plugins

In the previous article w3af walkthrough and tutorial part 2 – Discovery and Audit plugins, we looked at the various discovery and audit plugins used by w3af to identify vulnerabilities in a web application. We also looked at how we can exploit these vulnerabilities by using the exploit plugins present in […]

Measuring the Internet – Part I: Distributed nmap

Last month, I participated in a project that involved the scanning of a whole continent. The goal of the project was to report, within 20 days, how many hosts were running a specific service. This type of measuring is not an easy task. According to the Internet Systems Consortium, […]

OSINT and pre-game show for a on-site WLAN Penetration Test

Wireless Penetration Testing in my opinion is one of the most fun parts of Ethical Hacking. It incorporates application exploits once you are on the WLAN/LAN, web application hacking to attack router web interfaces and a lot of networking trade craft. Needless to say gaining complete control of a […]

  • german-trojan
    Permalink Gallery

    Malware Analysis – Follow along reversing the German government’s “Bundestrojaner”

Malware Analysis – Follow along reversing the German government’s “Bundestrojaner”

Introduction

I’m reasonably sure that anyone reading this particular article has heard about viruses, worms, trojans and malware; as well as numerous antivirus products like Symantec, McAfee, AVG and many others. Now, whenever our computer is infected by a virus, most of us hope that it is detected and removed […]

Armitage –Fast and Easy Hacking

Armitage is a GUI for Metasploit which makes penetration testing easier. It was developed by Raphael Mudge. This tool helps to reduce the time and also gives a good understanding of Metasploit to various security professionals. The major advantages of using this tool are that it recommends the exploits, […]

The Importance of Securing a Linux Web Server

With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary […]

  • MH1 sullivan0071776168
    Permalink Gallery

    Book Excerpt: Web Application Security, A Beginner’s Guide

Book Excerpt: Web Application Security, A Beginner’s Guide

Web Application Security: A Beginner’s Guide provides IT professionals with an actionable, rock-solid foundation in Web application security–from a complete overview of the tools and resources essential to Web application security to the trade’s best practices for detecting vulnerabilities and protecting applications. Designed specifically for the needs of IT […]