ABSTRACT: This paper presents statistics and machine learning principles as an exercise while analyzing malware. Conditional probability or Bayes’ probability is what we will use to gain insight into the data gleaned from a sample set and how you might use it to make your own poor man’s malware […]
In this article, we’ll present a couple of examples where we’ll be using the 0x2e int instruction to interrupt the kernel and call some interrupt service routine. We’ll also be using the sysenter instruction to do the same. The basic idea is presenting both methods of transferring the control […]
I don’t want this article to be alarming, and its purpose is not to make you deactivate / delete your Facebook account or make you stop all your social online-activities. I just hope after reading it you will pay a bit more attention about your privacy, your cookies, and […]
Welcome back to my series on Snort rule writing.
In my first installment, we covered the basic syntax of a simple rule. We established the fundamental framework for all Snort rules by laying a simple template. This template breaks the rule into two basic components, (1) the rule header and […]
SQL injection opens a lot of possibilties for an attacker like dumping the database, causing denial of service, or stealing sensitive information. But it becomes more interesting when it can be used to compromise a server. Different SQL databases, like MSSQL, MySQL, ORACLE, PLSQL pose different sets of challenges […]
The MSDOS system uses IVT (Interrupt Vector Table) to hold the interrupt vectors that are called whenever some action occurs: like an interrupt is generated. But modern execution environments, like the protected mode, require more complex data structures. Therefore, the protected mode uses IDT, which is almost the same […]
Sumit Sharma happens to be the co-founder of Ethical Hacking forum, Hackers Garage.
Sumit recently gave talk at NullCon Goa entitled “Capturing Zero-Day Information”, by leveraging on honeypots.
So Sumit how long you have been working on this stuff?
I have been into IT security for past 5+ years with 4 […]
In SQL (Structured Query Language) Injection, there are many kinds of techniques that are partnered with UNION SELECT statements like LOAD_FILE(), INTO OUTFILE(), INFORMATION_SCHEMA, Char(), CAST(), and LIMIT. Most attackers usually take advantage of the union statements, information_schema, and the order by statements but neglecting some of the techniques […]
Each process started on x86 version of Windows uses a flat memory model that ranges from 0×00000000 – 0xFFFFFFFF. The lower half of the memory, 0×00000000 – 0x7FFFFFFF, is reserved for user space code.While the upper half of the memory, 0×80000000 – 0xFFFFFFFF, is reserved for the kernel code. […]
Even a layman would notice that cyberspace is in full storm; different entities are increasing malicious activities pursuing various purposes, and cyber espionage is considered one of the principal motivations behind majority of the attacks.
Cyber espionage is not a practices limited to governments. Private business, cyber criminals and hacktivists […]
Satish Shetty is the founder and CEO at Codeproof Technologies Inc. – a company that delivers the first ever cloud-based software as a service security for mobile devices. Earlier, he worked with companies like McAfee, Microsoft etc. He currently holds 9 patents on software security and software anti-piracy hardening […]
In the world of computer security, the concept of an “Advanced Persistant Threat” has garnered a great deal of publicity recently. Commonly referred to by the abbreviation “APT,” the term denotes a specific type of information security risk with a much greater magnitude than the average “skr1pt kiddie.” The […]
In this period, security firms are publishing detailed reports on analysis conducted on principal cyber threats detected in 2012, the results proposed present a landscape dominated by explosion of menaces, especially for mobile and social media users.
Mobile technology has grown more than any other in the last few years […]
In the past, systems such as MSDOS used the real mode, and it had no protections against accessing any memory address. Programs then were able to access even the system data that was stored in memory. We can imagine that how bad this was when some programs did something […]
This article will demonstrate the development life cycle for various .NET framework applications,for instance, executables, console applications,Windows Forms, etc., and how to build them in C# using .NET framework compilation features. This chapter will also investigate the entry point of C# programs in depth and take a closer look […]
Getting the Physical Address Manually
So far we’ve figured that the virtual address is the same as linear address, so in the next part of the article we can use virtual addresses because they are the same as linear. Let’s take a look at the 0x0012ff60 virtual/linear address and try […]
For the purposes of this article, the term “cyber exploitation” will represent all the subversive activities that include interstate “breaking and entering” somebody else’s computer and network. For further explaination on the subject, read the first part of my previous work “Cyber Exploitation”.
The current contribution follows the progress of […]
So here we are on the third edition of “Which weapon should I choose for Web Penetration Testing?” For this edition, I am going to take a walk through two interesting tools for pen-testing: OWASP ZAP and Netsparker – Community Edition. In the previous edition, I had a request […]
With the huge popularity in mobile devices like the smartphone and tablets, two dimensional barcodes, or the so-called QR codes are beloved by marketers. QR codes or Quick Response codes were designed for automotive industry in Japan. Now, QR codes have become popular outside the industry due to greater […]
Even with all the technical advances of current human society, there are unfortunately certain areas where we have not progressed as a people but instead –REGRESSED. The proliferation of educational material and the availability of these resources have not been able to remedy very basic human problems, among which […]