877.791.9571 |

Monthly Archives: February 2013

Reverse Engineering If Statements

Introduction

Summary: In this article, we’ll present a simple program that uses ‘if’ statements and then we’ll try to reverse engineer the compiled version of the program to figure out how we can determine the usage of an if statements in the assembly code. This will be done purely as […]

Building an Incident Response Team and IR Process

In our world today, we have an abundance of many things, among which are -unexpected events. Falling meteorites, terrorist attacks, hacktivist demonstrations, blackouts, tsunamis…. well, you get the point.Now, although the majority of events I just mentioned probably fall into a Disaster Recovery category, they are nonetheless events that […]

  • WilsBellInterview-02282013
    Permalink Gallery

    InfoSec Institute Interview: Wils Bell – President of SecurityHeadhunter.com

InfoSec Institute Interview: Wils Bell – President of SecurityHeadhunter.com

SecurityHeadhunter.com Inc., a central Florida-based security search firm, is focused on uniting the right candidates with the right companies in the information security space.

As a specialist in security recruiting, the company knows where and how to identify the talent, said SecurityHeadhunter.com President Wils Bell, adding that the company has […]

The Recent Java Hack aka CVE-2013-1489 & CVE-2013-0422

There have been debates over the security and privacy issues concerning Java, the platform independent language. Time after time, the black and white hats have made full disclosures to the vulnerabilities which were there in the recent patches brought by Oracle. This time we had a Polish security firm […]

By |February 27th, 2013|Hacking|0 Comments

DOUBLE QUERY INJECTIONS DEMYSTIFIED

In the last article of the series, we started to explore the world of SQL injections by discussing different types and using the test bed available at https://github.com/Audi-1/sqli-labs. You can review the last post here.

Now, we will explore SQL injections even further and discuss Error based Double query injections, […]

Reversing Switch Statements

Introduction

In this article we’ll take a look at all the optimizations the compilers use to assembly the high-level switch statements into their assembly representations.

Switch Statements

The first example that we’ll look like uses the code shownbelow:

We have saved the number 1 into the variable x and then used the switch […]

Introduction to Application Risk Rating & Assessment

Background:

Understanding today’s threat landscape and looking at the pace with which organizations are adopting secure development practices, there seems to be a huge gap and it will take a longtime for organizations to catch up. It doesn’t make any sense for an organization to address every issue simultaneously and […]

Introduction to SoftICE

It’s often the case that we need to debug a kernel application, like device driverS, system calls, interrupt routines, or some other kernel application. In this article we’ll talk about SoftICE kernel debugger.

Installing and Configuring the SoftICE Debugger

We need to download the SoftICE, presumably the trial version from the […]

Collection

Objective of the Module:

Introduction

ArrayList

Hashtable

BitArray

Introduction

.NET offers a variety of collections such as ArrayLists, hashtables, queues, and dictionaries and these collections are abstractions of data algorithms. The ArrayList abstract is a dynamic array, the hashtable collection abstract is a lookup table, the queues collection abstract queues, and so on. In addition, […]

  • security-architecture-and-design-02252013
    Permalink Gallery

    CISSP – Security Architecture & Design – What’s New in 3rd Edition of CISSP CBK

CISSP – Security Architecture & Design – What’s New in 3rd Edition of CISSP CBK

What’s new in Security Architecture & Design
ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Architecture?”

First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to […]

By |February 25th, 2013|CISSP|0 Comments

Cracking the Defender: The Deobfuscated Code

Introduction

So far we’ve taken a look at the obfuscation routine and how it deobfuscates the instructions in the loc_4033D1. At the beginning point, the overview navigator will look like it shown on the picture below:

Upon executing the program, new functions will be discovered because the code is deobfuscated. The […]

Cyber Exploitation

Introduction

Over the past couple of years, cyber exploitation has established a reputation of something more than mere nuisance. The repercussions of these acts are often severe; ranging from a great economic loss to leaks of sensitive military information. As a result, there is a growing widespread concern about the […]

  • Alexander-Polyakov-02252013
    Permalink Gallery

    InfoSec Institute Interview: Alexander Polyakov – CTO at ERPSCAN

InfoSec Institute Interview: Alexander Polyakov – CTO at ERPSCAN

How it started

It started pretty much as usual. When you have a ZX Spectrum at home as a child, you will turn to the technology area anyway, but the question is where exactly. But during my childhood, I did not want to be a programmer, probably because my best […]

The Exponential Nature of Password Cracking Costs

Let’s assume for a moment that you suffered a security breach for a web application accessed by your customers. Somehow, an intruder was able to evade all the security measures you had in place to breach your website database and was able to obtain all the usernames and password […]

Arrays: A Brief Tutorial

Introduction

Arrays are powerful data structures that can be used to solve many programming problems. You have seen during the creation of different variables that they have one thing in common: they hold information about single items such as an integer, float, and string type. So what is the solution […]

SCADA & Security of Critical Infrastructures

Introduction
In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely.

Probably the strongest jolt has been caused by events such as the spread […]

  • security-architecture-and-design-02222013
    Permalink Gallery

    CISSP – Software Development Security – What’s New in 3rd Edition of CBK

CISSP – Software Development Security – What’s New in 3rd Edition of CBK

What’s new in Software Development Security
ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Software Development Security, besides the apparent name change from Application Security?”

First, let me say that all quoted material in […]

By |February 21st, 2013|CISSP|0 Comments
  • cryptography-02222013
    Permalink Gallery

    CISSP – Cryptography – What’s New in 3rd Edition of CBK

CISSP – Cryptography – What’s New in 3rd Edition of CBK

What’s new in Cryptography
ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Crypto?”

First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK […]

By |February 21st, 2013|CISSP|0 Comments
  • Info-Sec-Governance-Risk-Manag-02212013
    Permalink Gallery

    CISSP – Information Security Governance & Risk Management – What’s New in 3rd Ed of CBK

CISSP – Information Security Governance & Risk Management – What’s New in 3rd Ed of CBK

What’s new in Information Security Governance & Risk Management

ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Governance and Risk?”

First, let me say that all quoted material in this article is from the […]

By |February 21st, 2013|CISSP|1 Comment

Threat Modeling – Finding defects early in the cycle

Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under […]

By |February 20th, 2013|Other|1 Comment