877.791.9571 |

Monthly Archives: June 2012

Malicious Code Execution in PCI Expansion ROM

The malicious code in x86/x64 firmware can potentially reside in many places. One of them is in the PCI expansion ROM. In the past, the small amount of memory during PCI expansion ROM execution acted as a hindrance to this malicious code. The limited space for codes and data […]

Joomla Security and Vulnerability Scanning

Thanks to recent advances in content management systems (CMS) and content management frameworks (CMF), blogs and websites have become the perfect platform for publishing online content that can be tailored to any target audience. It is very clear that almost anyone can create a blog for any purpose by […]

Reconnaissance with Images

Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible manners regarding a particular […]

By |June 28th, 2012|Hacking|5 Comments

Chapter 9: Securing Remote Access

Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosion of consumer devices in the hands of our employees changes how we look at remote connectivity. In addition to supporting various […]

iPhone Forensics—Analysis of iOS 5 backups: Video

In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]

By |June 27th, 2012|Forensics|1 Comment

Chapter 5: CRPD & Security

In Wireless Network Security: A Beginner’s Guide, author Tyler Wrightson discusses the many attack vectors that target wireless networks and clients, and explains how to identify and prevent them. Actual cases of attacks against WEP, WPA, and wireless clients and their defenses are included in the book.

Designed specifically for the […]

Complete File Upload Vulnerabilities

Allowing an end user to upload files to your website is like opening another door for a malicious user to compromise your server. However, uploading files is a necessity for any web application with advanced functionality. Whether it is a social networking site like Facebook and Twitter, or an […]

Interview: Author Tyler Wrightson

Tyler Wrightson, CISSP, CCSP, CCNA, CCDA, MCSE, is the author of Wireless Security: A Beginner’s Guide (McGraw-Hill; 2012), the founder and president of Leet Systems, a next-generation security service provider, and Frigdo.com, a free online events search engine. He is currently a senior security consultant for Integralis, Inc., where […]

  • routerbot-v3
    Permalink Gallery

    Simple Router Pawning Techniques – Getting the Administrative Privileges

Simple Router Pawning Techniques – Getting the Administrative Privileges

 Securing the Access Point (AP) of your router’s web page and the Telnet or SSH access should be considered as part of the overall security strategy not only in your office or company but also in your home. Why? In order to prevent other users who are connected to […]

By |June 25th, 2012|Hacking|0 Comments

Webinspect Part 2

In the first part of this article we have seen how to start a scan using WebInspect. As discussed earlier, Default scan settings tab is the heart of the WebInspect tool as it allows you to configure the scan based on the requirements and architecture of the web application. […]

By |June 22nd, 2012|Hacking|10 Comments

Interview with Joshua Arvin Lat

Interview with Joshua Arvin Lat: the Kaspersky International Cup 2012 and Kaspersky Asia Pacific & MEA Cup 2012 winner

For today’s hot seat we have Joshua Arvin Lat and his SOUL system. Joshua Arvin Lat is a Filipino software engineer or web developer who recently graduated Bachelor of Science in […]

Virtualization Security in Cloud Computing

Virtualization Security in Cloud Computing
2011 ended with the popularization of an idea: Bringing VMs (virtual machines) onto the cloud. Recent years have seen great advancements in both cloud computing and virtualization On one hand there is the ability to pool various resources to provide software-as-a-service, infrastructure-as-a-service and platform-as-a-service. […]

German Trojans 2

Introduction

In the last article, I discussed in quite some detail how exactly the dropper for Bundestrojaner worked. In my next article what I’d been planning to do was to reverse the DLL and then the driver. There’s a slight change to those plans though. I was looking through the […]

How to become a network security engineer

Jim MacLeod’s journey towards becoming a network security engineer wasn’t typical.

For one thing, he earned a Religion degree at Swarthmore College in Pennsylvania whereas conventional wisdom might have led him to pursue something more along the lines of a Computer Science degree. But while his post-secondary focus might seem […]

  • ASUS-EFI-01
    Permalink Gallery

    Chapter 8 – UEFI and the TPM: Building a foundation for platform trust

Chapter 8 – UEFI and the TPM: Building a foundation for platform trust

Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when the operating system (OS) loads and the user logs in, the system is “clean” and trusted. The Unified Extensible Firmware Interface (UEFI) and the Trusted Platform Module (TPM) […]

Physical Access Control

How many managers think that it makes no sense to spend money protecting information that can be reconstructed? What can really happen? Theoretically, anything and everything from the abuse of workers (through natural disasters and industrial espionage) to terrorist attacks. Is our company is prepared for this? 
Imagine this scenario: […]

  • bigstockphoto_Internet_Security_98254
    Permalink Gallery

    Analysis on pBot – a PHP IRC Bot that has Malicious Functions

Analysis on pBot – a PHP IRC Bot that has Malicious Functions

For IRC enthusiasts like me, it’s just common to encounter IRC bots in underground channels that have integrated functions like port scanning, nmap, SQL Injection Scanners, Remote File Inclusion scanners, Local File Inclusion scanners, Credit Card Checkers, Automatic Vulnerability Scanners that automates shell spawning and many more.
These IRC botnets […]

By |June 18th, 2012|Hacking|1 Comment

Playing by the Rules: Performing Firewall Audits

Anyone who has ever managed a firewall will know that all too often it’s a one way street. From the moment the device is plugged into the network, rules are added to allow traffic to flow between the required hosts and ports. We start out with the best of […]

Protect Your Wireless Network from Leechers and Hackers

Nowadays pretty much everyone uses wireless networking from your smart phone to your home and/or business networks. There are many security issues with wireless networking; the one that I see the most is security carelessness of some ISP’s contractors and installation personnel.
ISP based WEP Vulnerability:
    I have noticed from […]

IObit Protected Folder Authentication Bypass

Acknowledgements
I would like to dedicate this article to all my friends, they know who they are, and to Irene, for her love and support.
Intro

From time to time I come across various security tools and utilities and sometimes I enjoy analysing them in order to evaluate their effectiveness, especially if […]