Spoiler alert: Those who haven’t yet seen the film, but plan to, please skip to the summary.
Hollywood has tried to depict cyberwarfare and “hacking” many times. Hackers and The Net are just a couple of examples.
Blackhat, a Michael Mann directed film, debuted in wide theatrical release on January 16th. […]
The virtual space has over time become something of real importance for business, politics, work, communities and communications.
In becoming gradually more and more dependent and addicted to the Internet, individuals, companies, organizations and governments have raised (or are raising) awareness of being intimately vulnerable to attacks and threats of […]
Wardriving is an activity in which a person seeks wireless access points in moving vehicles with high gain antennas mounted on the top. Usually, this access point data is correlated with GPS positions and marked on publicly accessible maps such as WiGLE. On the other hand, wireless penetration tests […]
Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered.
SSLv3 is an old version of the SSL protocol, dating back to […]
When a certification exam undergoes a modification to its coverage, it can be a headache if you’re in the planning stages for sitting it. I personally had this happen to me when I was studying for my CISSP exam in late 2011/early 2012 when the structure was changed and […]
CNN recently reveled the methodology of the cyber attack that allowed anonymous cybercriminals Guardians of Peace direct access to their network, or the “keys to the entire building,” as one Sony Pictures Entertainment official stated. According to investigators, the attack was carried out through a set of stolen system administrator credentials; […]
‘Session Hijacking’ is an old and routine topic in the field of application security. To make it more interesting, in this article, we are going to focus on different ways it can be performed.
Introduction for beginners
Web applications communicate using HTTP protocol. HTTP is stateless, which means there is no […]
Some time ago, Kaspersky discovered and reported a new type of malicious program called Tyupkin, which targets ATM machines by moving beyond targeting consumers with card skimmers that steal debit card numbers to directly getting cash from an ATM without the need for a counterfeit or stolen card.
At the […]
Everyone knows that drug prohibition has done nothing to stop the sale and consumption of illegal drugs.
The risk of getting into criminal trouble exists, especially if you don’t benefit from white privilege. Our prisons are filled with countless nonviolent so-called drug offenders. But if you know where to go […]
Despite the popular image of the hacker cracking distant servers from his basement, studies show that people with legitimate access to your information pose an even bigger threat. And when information is stolen from within, it’s often harder to trace and determine the extent of the problem.
The larger your […]
Let’s start looking at the future of the IT Security landscape by reviewing the past. I made some predictions last year for InfoSec Institute. The article started off with a clever disclaimer that all subjects in the IT Security world are new and are still pioneering in their fields, […]
So as promised, I have come up with some more use cases for PCI DSS 3.0 requirements. I will try to cover as many requirements and use cases as possible in this document. So as we learned in Part 1 of this document series, we will learn more on […]
Numerous malicious attacks on computers and mobile devices as well as networks of important entities have recently made the news and have brought back to the surface the debate on cyber warfare and the dangerousness of cyber weapons.
The increasing dependence on the Internet and the recent spur of attacks […]
The recent revelations about a Russian website offering links to various live streaming web cameras and baby monitors have made people truly petrified of using such gadgets. However treacherous it might sound, the truth is that the best advice to all users who have suddenly decided to stop benefiting […]
After I got an outstanding response to my previous article on SIEM use cases, I have now prepared a series of articles for some SIEM use cases. In this article, I will show SIEM use cases for PCI DSS 3.0 compliance. I will cover specific use cases pertaining to […]
While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists: Technological […]
In the past, cars and computers did not have many touching points. Nowadays, modern cars contain numerous computers. As Bruce Emaus, the chairman of SAE International, stated: “It would be easy to say the modern car is a computer on wheels, but it’s more like 30 or more […]
In today’s article, we will see a more advanced cryptosystem than the previous one: the ElGamal Signature scheme (not to be confused with ElGamal Encryption). So before you start reading this, read the first article for more details.
The target file (CryptoChallenge2.exe)
ELGAMALSiGNiT: An ElGamal signature scheme tool (requires dotNetFx4)
Veil-Pillage is a part of the Veil-Framework which comes handy when performing post-exploitation. It consists of a number of modules which can be used to perform different tasks on target machine(s). It has a Metasploit msfconsole-like interface and commands, so you won’t feel alien when using it.
Install the complete […]