The malicious code in x86/x64 firmware can potentially reside in many places. One of them is in the PCI expansion ROM. In the past, the small amount of memory during PCI expansion ROM execution acted as a hindrance to this malicious code. The limited space for codes and data […]
Thanks to recent advances in content management systems (CMS) and content management frameworks (CMF), blogs and websites have become the perfect platform for publishing online content that can be tailored to any target audience. It is very clear that almost anyone can create a blog for any purpose by […]
Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible manners regarding a particular […]
Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosion of consumer devices in the hands of our employees changes how we look at remote connectivity. In addition to supporting various […]
In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]
In Wireless Network Security: A Beginner’s Guide, author Tyler Wrightson discusses the many attack vectors that target wireless networks and clients, and explains how to identify and prevent them. Actual cases of attacks against WEP, WPA, and wireless clients and their defenses are included in the book.
Designed specifically for the […]
Allowing an end user to upload files to your website is like opening another door for a malicious user to compromise your server. However, uploading files is a necessity for any web application with advanced functionality. Whether it is a social networking site like Facebook and Twitter, or an […]
Tyler Wrightson, CISSP, CCSP, CCNA, CCDA, MCSE, is the author of Wireless Security: A Beginner’s Guide (McGraw-Hill; 2012), the founder and president of Leet Systems, a next-generation security service provider, and Frigdo.com, a free online events search engine. He is currently a senior security consultant for Integralis, Inc., where […]
Securing the Access Point (AP) of your router’s web page and the Telnet or SSH access should be considered as part of the overall security strategy not only in your office or company but also in your home. Why? In order to prevent other users who are connected to […]
In the first part of this article we have seen how to start a scan using WebInspect. As discussed earlier, Default scan settings tab is the heart of the WebInspect tool as it allows you to configure the scan based on the requirements and architecture of the web application. […]
Interview with Joshua Arvin Lat: the Kaspersky International Cup 2012 and Kaspersky Asia Pacific & MEA Cup 2012 winner
For today’s hot seat we have Joshua Arvin Lat and his SOUL system. Joshua Arvin Lat is a Filipino software engineer or web developer who recently graduated Bachelor of Science in […]
Virtualization Security in Cloud Computing
2011 ended with the popularization of an idea: Bringing VMs (virtual machines) onto the cloud. Recent years have seen great advancements in both cloud computing and virtualization On one hand there is the ability to pool various resources to provide software-as-a-service, infrastructure-as-a-service and platform-as-a-service. […]
In the last article, I discussed in quite some detail how exactly the dropper for Bundestrojaner worked. In my next article what I’d been planning to do was to reverse the DLL and then the driver. There’s a slight change to those plans though. I was looking through the […]
Jim MacLeod’s journey towards becoming a network security engineer wasn’t typical.
For one thing, he earned a Religion degree at Swarthmore College in Pennsylvania whereas conventional wisdom might have led him to pursue something more along the lines of a Computer Science degree. But while his post-secondary focus might seem […]
Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when the operating system (OS) loads and the user logs in, the system is “clean” and trusted. The Unified Extensible Firmware Interface (UEFI) and the Trusted Platform Module (TPM) […]
How many managers think that it makes no sense to spend money protecting information that can be reconstructed? What can really happen? Theoretically, anything and everything from the abuse of workers (through natural disasters and industrial espionage) to terrorist attacks. Is our company is prepared for this? Imagine this scenario: […]
For IRC enthusiasts like me, it’s just common to encounter IRC bots in underground channels that have integrated functions like port scanning, nmap, SQL Injection Scanners, Remote File Inclusion scanners, Local File Inclusion scanners, Credit Card Checkers, Automatic Vulnerability Scanners that automates shell spawning and many more.
These IRC botnets […]
Anyone who has ever managed a firewall will know that all too often it’s a one way street. From the moment the device is plugged into the network, rules are added to allow traffic to flow between the required hosts and ports. We start out with the best of […]
Nowadays pretty much everyone uses wireless networking from your smart phone to your home and/or business networks. There are many security issues with wireless networking; the one that I see the most is security carelessness of some ISP’s contractors and installation personnel.
ISP based WEP Vulnerability:
I have noticed from […]
I would like to dedicate this article to all my friends, they know who they are, and to Irene, for her love and support.
From time to time I come across various security tools and utilities and sometimes I enjoy analysing them in order to evaluate their effectiveness, especially if […]