Network Administration is a field that has an enormous amount of responsibility associated with it. Despite the fact that it sounds like a relatively straightforward concept at the outset – keep the systems talking to each other- that simple phrase covers a multitude of different compatibility issues, operating systems, […]
Have New Backdoors Been Discovered in iOS? An Interview With iOS Developer and Digital Forensics Expert Jonathan Zdziarski
When the HOPE X (Hackers On Planet Earth) 2014 convention started on July 18th, one particular presentation caught the undivided attention of information security professionals. Ever since, the tech media’s been buzzing… Are there really newly discovered backdoors in iOS’s code? Is Apple spying on the countless millions of […]
Cloud computing has really changed how organizations operate and store their data. Cloud computing attracts big organizations with tags such as huge savings on cap-ex, op-ex, on-demand, and availability. These are all valid and good features, but the cloud actually comes inherent with a lot of security concerns. One […]
Libemu is a library which can be used for x86 emulation and shellcode detection. Libemu can be used in IDS/IPS/Honeypot systems for emulating the x86 shellcode, which can be further processed to detect malicious behavior. It can also be used together with Wireshark to pull shellcode off the wire […]
It is estimated that today approximately three-quarters of the human population has a mobile phone. Crowdsensing, a new business model, allows this large number of mobile phones to be used not only for exchanging information between their users, but also for activities that may have a huge societal […]
What is a digital certificate?
The digital certificate is a critical component of a public key infrastructure. It is an electronic document that associates the individual identity of a person to the public key associated with it.
A certificate can then be associated with a natural person, a private company or […]
Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an ‘oracle’ is a system that performs cryptographic actions by taking in certain input. Hence a ‘padding oracle’ is a type of system that takes in encrypted data from the […]
Introduction to SCSI
The SCSI (Small Computer System Interface) defines a way to exchange data between a computer and its peripheral devices, like a hard drive, a tape drive, a scanner, etc . The primary purpose of SCSI is to support multiple devices to be connected together over a fast […]
Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 3: Gathering Additional Information about Host and Network
As we discussed before, this is our third installment in our Nmap series.
Nmap is well known for port scanning, port discovery, and port mapping. But we can do many more things by the Nmap NSE script. We can do email fingerprinting, retrieve a Whois record, use UDP services, etc.
People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political figures have elaborated on the possibility of cyberterrorists infiltrating governmental agencies, private corporations or damaging the technological part of the military or the services and […]
In today’s world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as organizations need all the help they can get in making their systems secure. Web application firewalls are deployed to establish […]
In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the most commonly overlooked requirement, just because the statements in PCI itself do not quite clearly specify what all needs to […]
1. Definition & Objective
A threat could be anything that leads to interruption, meddling or destruction of any valuable service or item existing in the firm’s repertoire. Whether of “human” or “nonhuman” origin, the analysis must scrutinize each element that may bring about conceivable security risk.
Cyber threat analysis is a […]
DragonFly, Cosmic Duke and Pitty Tiger: From State-Sponsored Espionage to Campaign of Independent APTs
Cyber espionage is one of the most aggressive cyber threats for private companies and government entities. In recent years, the number of cyber attacks having this finality has increased as never before. Unfortunately, the security community is able to detect just a small part of the overall cyber attacks […]
The proper implementation of network appliances is vital to designing and maintaining a properly secured network. Modern networking devices usually integrate multiple functions into one box. For example, most enterprise quality firewalls have built-in malware detection and IPSes or IDSes. Most home and small business routers have built-in firewalls […]
In today’s world, cyber criminals often use software to brute force passwords, and some may lead to successful attacks. Since there are many third party tools and high end machines to carry out such attacks, brute forcing is a fun and easier job now a days.
Recently there have […]
We always come across situations when our beloved tools like Nmap, Nessus etc. cannot continue because of the limited functionality provided by them. The nature of pen testing is such that it requires these type of tools to be be extended and customized. That’s where the add-ons for these […]
Microsoft Windows provides a sleek API for cryptographic purposes. It is a generic interface for accessing cryptographic services provided by Microsoft Windows operating system.
CryptoAPI is meant to be used by developers of Windows-based applications that may alter users to form and exchange documents and alternative information in a very […]
sqlmap is an attack tool which can be effectively used to perform SQL injection attacks and post exploitation acts. It is a versatile tool when it comes to SQL injections. Most security professionals use sqlmap for SQL injection related pen tests.
sqlmap is a modular framework written in Python. It […]