No need for an introduction, Google is quite possibly the more powerful search engine used today, even used sometimes to check our connectivity; except that the power of the single search bar on the top of Google has become a source of concern for many, and if not they […]
This article describes the stack. GDB is used to analyze its memory. One needs to know this subject to play with low-level security.
Environment: x86, Linux, GCC, GDB.
The following registers are mentioned in the article:
ESP (points to the top of the stack)
EBP (is used as a reference when […]
You can take a look at the previous article before reading this one. If you already understand the basics of IAT table, then you can skip the first article, but otherwise you should read that before continuing below.
Presenting the Example Import Directory
Let’s use the !dh command to dump the PE […]
Behind the GhostNet notion stands an entire international worldwide network of infected computers belonging to places having high political, economic, media, or emblematic importance. One result among many in the IWM investigation concludes that sensitive documents are being removed. Atypical for a conventional cybercrime operation, the size of the […]
In this article series, we will be learning about the tools and techniques required to perform penetration testing and Vulnerability assessment on IOS Applications.
Jailbreaking your device
If you are serious about IOS security, then having a jailbroken device is a must. In this section, we will look at how we […]
The .NET framework caters to different types of authentication mechanisms to use within your applications – —including basic authentication, digest authentication, forms authentication, Passport, and Integrated Windows authentication. You also can develop your own custom authentication mechanisms; for instance, Windows authentication that matches web users to Windows user accounts […]
Botnets and cybercrime – Introduction can be found here
Botnets, how do they work? Architectures and case studies – Part 2 can be found here
Security experts use several key technologies to combat botnets, according to Group-IB’s Head of international projects, CERT-GIB CTO, Andrei Komarov. One of the leading companies in […]
For Part I, which discusses Mass Phishing and which sets the objects of examination in this paper, please check here.
For Part II, which discusses Targeted Phishing, please check here.
Vishing (Voice phishing) is a type of phishing —a social engineering technique, whereby the scammer is not aiming to collect the […]
Several years after the revelation of GhostNet, a massive case of cyber exploitation directed mostly against the Tibetan community, in terms of originality, this contribution appears as an interesting survey of the events happened pre and post that period.
In GhostNet part I, the reader can learn more about the […]
We know that when the operating system loads the executable, it will scan through its IAT table to locate the DLLs and functions the executable is using. This is done because the OS must map the required DLLs into the executable’s address space.
To be more precise, IAT is the […]
If you’ve been paying attention to vulnerabilities in web applications, you’ve certainly heard of attacks involving SQL injections, cross-site scripting, and poor session management. Thanks to the efforts of groups like OWASP (http://www.owasp.org), many responsible software vendors and open source project leaders now treat these types of vulnerabilities seriously, […]
Metasploitable is a Linux-based vulnerable virtual machine. It is designed especially for people interested in learning system exploitation. Rapid7 maintains Metasploitable and this virtual machine is downloadable from their website. I’d played around with the 1st version of Metasploitable, but did not have much idea about the second version. […]
In the first part of this of this mini-series on the botnet cyber threat, we have shown the current scenario and the technological evolution in security landscape. Malicious architectures are increasingly becoming one of the principal problems for security experts. Click here to see previous article.
Various researches conducted by […]
Welcome back to my continuing series of articles on Snort rule writing.
My first couple of installments in this series addressed some very simple rules in order to lay down a conceptual framework for the development of more complex rules. See Part 1 and Part 2.
In this article, we will […]
A patent is defined as an exclusive right or rights provided by a government to an inventor for a certain period of time in exchange for the public disclosure of an invention. A software patent is a patent for an invention involving software. The extent to which software […]
The recent major vulnerability CVE-2013-0027 flooded almost all versions of Microsoft Internet Explorer and affected operating systems like Windows XP, Vista, 7, and 8, including all the major server versions too. Some thirteen privately reported vulnerabilities were recently resolved in a security bulletin by Microsoft.
The vulnerability, now marked as […]
Simple Example of Export Directory
Let’s take a look at a simple example to understand how the export directory is used by the executables/libraries. Let’s suppose that we’re dealing with a .dll library that has 10 exported functions, so the NumberOfFunctions=10. It has 5 names, so the NumberOfNames=5. Because it […]
Internet usage is growing dramatically, but the vast majority of internet users don’t have any security backgrounds. Neither do a large majority of companies care about information security and the severity of any attack that could harm the valuable assets of these companies. They don’t give their employees security […]
The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical. However, we will try to stick mostly to logical techniques. By the word ‘logical,’ the technique would mostly involve accessing […]
The point of this article is to lay down the conceptual groundwork of numerous .NET related topics such as CLR, CTS, CLS, Managed Code, JIT Compilation, Security, Assemblies and Reflection. You will also understand the relationship between various aspect of .NET framework, such as Common Type System (CTS) and […]