Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 3: Gathering Additional Information about Host and Network
As we discussed before, this is our third installment in our Nmap series.
Nmap is well known for port scanning, port discovery, and port mapping. But we can do many more things by the Nmap NSE script. We can do email fingerprinting, retrieve a Whois record, use UDP services, etc.
People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political figures have elaborated on the possibility of cyberterrorists infiltrating governmental agencies, private corporations or damaging the technological part of the military or the services and […]
In today’s world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as organizations need all the help they can get in making their systems secure. Web application firewalls are deployed to establish […]
In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the most commonly overlooked requirement, just because the statements in PCI itself do not quite clearly specify what all needs to […]
1. Definition & Objective
A threat could be anything that leads to interruption, meddling or destruction of any valuable service or item existing in the firm’s repertoire. Whether of “human” or “nonhuman” origin, the analysis must scrutinize each element that may bring about conceivable security risk.
Cyber threat analysis is a […]
DragonFly, Cosmic Duke and Pitty Tiger: From State-Sponsored Espionage to Campaign of Independent APTs
Cyber espionage is one of the most aggressive cyber threats for private companies and government entities. In recent years, the number of cyber attacks having this finality has increased as never before. Unfortunately, the security community is able to detect just a small part of the overall cyber attacks […]
The proper implementation of network appliances is vital to designing and maintaining a properly secured network. Modern networking devices usually integrate multiple functions into one box. For example, most enterprise quality firewalls have built-in malware detection and IPSes or IDSes. Most home and small business routers have built-in firewalls […]
In today’s world, cyber criminals often use software to brute force passwords, and some may lead to successful attacks. Since there are many third party tools and high end machines to carry out such attacks, brute forcing is a fun and easier job now a days.
Recently there have […]
We always come across situations when our beloved tools like Nmap, Nessus etc. cannot continue because of the limited functionality provided by them. The nature of pen testing is such that it requires these type of tools to be be extended and customized. That’s where the add-ons for these […]
Microsoft Windows provides a sleek API for cryptographic purposes. It is a generic interface for accessing cryptographic services provided by Microsoft Windows operating system.
CryptoAPI is meant to be used by developers of Windows-based applications that may alter users to form and exchange documents and alternative information in a very […]
sqlmap is an attack tool which can be effectively used to perform SQL injection attacks and post exploitation acts. It is a versatile tool when it comes to SQL injections. Most security professionals use sqlmap for SQL injection related pen tests.
sqlmap is a modular framework written in Python. It […]
In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what is the planning and design strategy for DLP, what are the possible deployment scenarios, and what are workflow and best […]
Islamic State of Iraq and Syria (ISIS) a Global Threat: Analysis of the Effects on Cyberspace of the Iraqi Situation
What is ISIS and why it is menacing the world?
The Islamic State of Iraq and Syria and Islamic State of Iraq and al-Sham, also known as ISIS, is an unrecognized state and a Jihadist militant group operating in Iraq and Syria. The group claims religious authority over all Muslims […]
In this article, we will look at the techniques being used by Android developers to detect if a device on which the app is running is rooted or not. There are good number of advantages for an application in detecting if it is running on a rooted device or […]
“What I would really love to be able to do is to kill the password dead,” said White House cybersecurity coordinator Michael Daniel recently. A simple and understandable idea from the man often colloquially referred to as the cyber Czar. However, enabling that idea is just not that simple […]
Russia and Internet Freedom
The Russian government is increasing its pressure on social media. Many experts maintain that the population is suffering a serious online censorship. The analysts have noted a surge in the use of anonymous web surfing software like Tor. According to data proposed on the Tor Metrics […]
Someone once said, “the powers of hell feed on the best instincts in man.”
Take, for example, the case of Andrew Meldrum, who was recently convicted of three counts of unauthorized access to computer material and two counts of voyeurism– http://www.wired.co.uk/news/archive/2014-03/04/cyber-voyeur. It seems Mr. Meldrum installed spyware on at least […]
As the adoption of various forms of cloud models (i.e. public, private, and hybrid) in various industry verticals are increasing, the cloud buzzword is on a new high. However, customers still have doubts about the security areas and raise a common question: “How can I trust the cloud?” The […]
1. What is an E-mail Retention Policy?
Simply put, an e-mail retention policy/ERP is the process of keeping emails for compliance or business reasons. It differs from archiving (although these terms can be used interchangeably) in the fact that a retention policy decides when to dispose of redundant electronic messages, […]