This article serves as a clarification about the PCI expansion ROM address mapping, which was not sufficiently covered in my “Malicious PCI Expansion ROM” article published by Infosec Institute last year (http://resources.infosecinstitute.com/pci-expansion-rom/). Low-level programmers are sometimes puzzled about the mapping of device memory, such as PCI device memory, to […]
When an attacker wants to learn credentials for an online system, he can use brute force or a dictionary attack. This article introduces these two types of attack and explains how to launch an online dictionary attack using Hydra.
2. Brute Force vs. Dictionary Attack
An attacker can try […]
This article shows hands-on penetration testing using an Apache server with CGI access; it identifies some vulnerabilities and performs exploits attacking these vulnerabilities, then further patches it to mitigate these known threats.
Apache can also be referred to as the Apache HTTP Server. It is a standard that is […]
With an estimated 80% of required information available for use in an open source for specific information vital for a deep analysis in newspapers, magazines, industry newsletters, television transcripts, and blogs. OSINT makes our work easier, by using OSINT we are able to get important information in just a […]
Phishing is a method of e-mail fraud that is used to gather personal and financial information from the recipients. According to Wikipedia, phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity […]
In my previous article, I discussed the importance of Python and how we can utilize it to fill the gaps created by commercial scanners, thus improving the quality of throughput; however, that does not mean that we should limit ourselves to that! There is a lot more that we […]
The answer to this question may be difficult to determine, simply because there are so many ways to hack a site. Our aim in this article to show you the techniques most used by hackers in targeting and hacking your site!
Let’s suppose that this is your site: hack-test.com
Let’s ping […]
A key generator or a Keygen is a computer program that will generate a valid « Product Serial or Key » in order to completely register a software.
The key generation process may require a name or e-mail to generate the serial, in other cases where no name or […]
Doxing is a coin with two sides. Doxing can be used for security, research and collecting proof for investigation in one hand but in other hand, it can be used for cyber harassment and other serious cyber issues. But here, after lots of research, I learned that Doxing is […]
As usual, there are some explanations about this attack out there (see references at the end), but some knowledge is required to understand it properly, so here I will describe, step by step, how to perform this attack.
Purpose of the Attack: To change a byte in the plaintext by […]
Nowadays internet usage is growing dramatically because of this, a vast majority of companies and individuals that provide services have a website so customers can know about the service(s) that is available to them. These companies and individuals usually have an access portal that will ask their customers to […]
We are living in an age defined by SPEED. We look always for shortcuts, faster ways, and faster solutions in order to save our time. Supposing most of the people use browser extensions because they are too lazy to download and install a software with the same functions […]
Below is a graphic that enumerates some methods of password pilfering, which serves as an introduction to the matter discussed:
In this article, we will be discussing mainly software keyloggers and user-mode ones in particular and the different techniques they embody. We start with a brief analysis of some […]
Apache has been truly one of the dominant web servers of the World Wide Web. It’s one of the best open source projects, Web Server for both the Windows and the NIX platform. It’s maintained by the open source community under the name Apache Software Foundation. Now first […]
A keylogger, also known as a keystroke logger, is a software program or hardware device that is used to monitor and log each of the keys a user types on his/her keyboard. It is a type of surveillance software that has the capability of recording each and every keystroke […]
Writing Data Format Parsers
File format parsing and converting for further processing is a fundamental activity in many computer software-related tasks. Taking cues from the gaming community, wherein graphics files are converted from one format to another by writing custom parsers, we will proceed with the steps of writing parsers […]
We are all familiar with CAPTCHA—an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. CAPTCHA is a test to tell whether the one who solves the test is human or machine. The machine in this case is practically computer software acting as a robot, […]
According to WhiteHat Security’s annual study of about 15,000 websites, 86% had at least one serious hole that hackers could exploit, and content spoofing is one such prevalent vulnerability, identified in over half of the sites. The top 15 vulnerability classes for websites are said to be information leakage, […]
These days malware is becoming more advanced. Malware Analysts use lots of debugging software and applications to analyze malware and spyware. Malware authors use some techniques to detect the presence of automatic analysis systems such as debuggers and Virtual Machines. In this article we will explore some of these […]
Internet usage is growing dramatically, but the vast majority of Internet users don’t have security backgrounds. Nor do a large majority of companies care about information security and the possible severity of any attack that could harm valuable company assets. They don’t give their employees security awareness sessions, either. […]