877.791.9571 |

Monthly Archives: January 2013

Social Media use in the Military Sector

Introduction
Social media has assumed a fundamental role in today’s society. It is a technology with the highest penetration level, as billions of people are connected through the principal global platforms by sharing experiences, documents and media.

An audience this large is exposed daily to all kinds of cyber threats, and […]

  • Facebook_Hacker_Cup-sized
    Permalink Gallery

    Facebook Hacker Cup 2013 Qualification Round: Balanced Smileys

Facebook Hacker Cup 2013 Qualification Round: Balanced Smileys

I must admit that I was a little bit hesitant whether or not I should enter the Facebook Hacker Cup, but I did it anyway just for the fun of it. There were three problems that needed to be solved and they were named “Beautiful Strings,” “Balanced Smileys” and […]

By |January 31st, 2013|Hacking|2 Comments

Linux Hardening

This article aims to provide a general list of security issues that should be considered when you are auditing a Linux system or when you are hardening an existing Linux system. With a significant number of Linux web servers deployed around the world, security is quoted as the main […]

Android Application Assessment

In this article, we’ll discuss THE steps involved in performing A security assessment of an Android based application. We will see the use of various tools and methodologies and we will also be showing use of inbuilt tools such as ADB in security assessment task.

Introduction:

Mobile applications are gaining popularity […]

By |January 30th, 2013|Hacking|1 Comment

Enhanced Mitigation Experience Toolkit (EMET)

Defining the problem

First, we must define the problem before we try to find the solution. The problem with Windows systems is that they can easily be exploited. There are various exploits out there that can exploit the Windows system. This is possible because most of the users don’t apply […]

By |January 30th, 2013|Hacking|1 Comment

Executing Office 2007 Exploit on Office 2010

So in the last post, we discussed how to insert your own payload by reversing a malware sample. Here, we are going to discuss how to execute an Office 2007 exploit on Office 2010.In order to complete this exercise, we will use the same exploit as in the last […]

The Basics of ASP.NET

Introduction

In this article we’ll talk about unicode support in various elements of the HTTP protocol, but first let’s say a few words about HTTP. We won’t go into depth about what HTTP is, let’s just remind the reader about the elements that comprise the whole protocol. First there is […]

CompTIA Security+: SY0-301 Study Guide excerpt

Get Certified – Get Ahead
The CompTIA Security+ SY0-301 certification validates foundation-level security knowledge and skills and is recognized by organizations around the world. As an example, the U.S. Department of Defense requires personnel to have this certification to retain administrative access.

The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study […]

  • HaveYouEver-sized
    Permalink Gallery

    Have You Ever Seen the Red Spike? (D)DoS: Mitigation Strategies

Have You Ever Seen the Red Spike? (D)DoS: Mitigation Strategies

Executive Summary

DDoS, or Distributed Denial of Service, is a cyber-attack in which an attacker tries to bring the functioning of a computer system that provides a service, such as a website, to the limit of its performance, generally working on one of the input parameters until it is no […]

  • Article-51-sized
    Permalink Gallery

    Invoking Article 51 (self-defense) of the UN Charter in Response to Cyber Attacks – II

Invoking Article 51 (self-defense) of the UN Charter in Response to Cyber Attacks – II

Cyber attacks through the perspective of the armed attack notion

A cyber attack cannot rise to the level of an armed attack as prescribed in Article 51 “because it lacks the physical characteristics traditionally associated with military coercion” (Holis 2007: 1041). In short, it’s because the belligerents don’t use standard […]

Introduction to Blackberry Balance Technology

Blackberry is known for its email and security rather than a company which produces fancy mobile phones. This is one of the reasons why Blackberry is preferred as a platform when it comes to corporate users. Many organizations provide Blackberry Phones to their employees to ensure their around the […]

Password Cracking Using Cain & Abel

Introduction

According to the official website, Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, […]

By |January 25th, 2013|Hacking|2 Comments
  • Article-51-sized
    Permalink Gallery

    Invoking Article 51 (self-defense) of the UN Charter in Response to Cyber Attacks – I

Invoking Article 51 (self-defense) of the UN Charter in Response to Cyber Attacks – I

Introduction

Among the series of problems with regard to the legal regulation of cyber attacks is how the self-defense doctrine applies to them. In itself, the self-defense notion was always an interesting subject, but now with the emergence of a new security threat posed by the development of technologies, the […]

Restricting social media at work

Introduction

Employees using social networks such as Facebook and Google+ may not only waste a lot of their working time, but also spread viruses on their work computers. Due to this, some employers have implemented security systems designed to closely monitor or restrict, as needed, an employee’s access and use […]

To Trust or Not To Trust?

While taking a knowledge management course in school, one thing that struck me was the common theme among classmates of, “…as long as the knowledge is there, timely, and relevant…I’m good.” Each time I posted a situation where I would tell them, for example, I’m a hacker who just […]

Arbitrary File Download: Breaking into the system

What you will learn:

Introduction to Arbitrary File Download

Difference between Arbitrary File Download and LFI/ RFI

How it is exploited- a real example

Countermeasures

What you should know:

Basic Web related concepts

What is Arbitrary File Download?

As the name suggests, if the web application doesn’t check the file name required by the user, any malicious […]

By |January 24th, 2013|Hacking|4 Comments

Using X5S with Fiddler to find XSS Vulnerabilities

Cross Site Scripting is one of the top 10 OWASP security threats. This dangerous vulnerability allows attackers to inject malicious scripts on a website in using the browser. This flaw can be found anywhere inside the application that takes users inputs. If the website is vulnerable to XSS, attackers […]

  • gamestick-sized
    Permalink Gallery

    Handy Devices Revolution: Watch Out for Hackable Gaming Consoles

Handy Devices Revolution: Watch Out for Hackable Gaming Consoles

I have always been a video game console fan and enjoy playing RPG (role-playing games) and “Hack and Slash” games (cheers to God of War and Darksiders) with my Playstation 3 until today – it relieves me of my stress after getting some serious stuff done in school. In […]

By |January 23rd, 2013|Hacking|0 Comments
  • reverse-engineering-sized
    Permalink Gallery

    Demystifying dot NET Reverse Engineering: Advanced Round-trip Engineering

Demystifying dot NET Reverse Engineering: Advanced Round-trip Engineering

Before going through this article, I highly advice you to read all previous ones in the series since I will not re-explain some techniques and re-describe some tools previously presented. Here, I will assume that you understood the basics and everything that was presented prior:

Article 1: Demystifying Dot NET […]