The recent revelations about a Russian website offering links to various live streaming web cameras and baby monitors have made people truly petrified of using such gadgets. However treacherous it might sound, the truth is that the best advice to all users who have suddenly decided to stop benefiting […]
After I got an outstanding response to my previous article on SIEM use cases, I have now prepared a series of articles for some SIEM use cases. In this article, I will show SIEM use cases for PCI DSS 3.0 compliance. I will cover specific use cases pertaining to […]
While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists: Technological […]
In the past, cars and computers did not have many touching points. Nowadays, modern cars contain numerous computers. As Bruce Emaus, the chairman of SAE International, stated: “It would be easy to say the modern car is a computer on wheels, but it’s more like 30 or more […]
In today’s article, we will see a more advanced cryptosystem than the previous one: the ElGamal Signature scheme (not to be confused with ElGamal Encryption). So before you start reading this, read the first article for more details.
The target file (CryptoChallenge2.exe)
ELGAMALSiGNiT: An ElGamal signature scheme tool (requires dotNetFx4)
Veil-Pillage is a part of the Veil-Framework which comes handy when performing post-exploitation. It consists of a number of modules which can be used to perform different tasks on target machine(s). It has a Metasploit msfconsole-like interface and commands, so you won’t feel alien when using it.
Install the complete […]
Sony Pictures corporate network hacked
At the end of November, the corporate network of Sony Pictures was breached and taken offline by a malware-based attack. The attack caused the disclosure of sensitive data belonging to the company and its employees and the destruction of internal machines that were infected by […]
In this part of the series, we are going to examine the different ways to escape HTML characters in PHP in order to add security to your web project. We will also give a brief introduction to PHP’s Perl-compatible regular expressions and show how they can be used for […]
Many corporations are not aware of the types of data that can be found and used by attackers in the wild. The information that you will be able to find will vary from target to target, but will typically include items such as IP ranges, domain names, e-mail addresses, […]
PowerSploit is a collection of PowerShell scripts which can prove to be very useful during some exploitation and mostly post-exploitation phases of a penetration test.
To get the latest version of PowerSploit, visit this URL: https://github.com/mattifestation/PowerSploit
If you have GIT, then you can simply run the following command to get all […]
HTTPS is used to make communication between the server and the browser secure. However, a problem occurs when an HTTPS page loads HTTP content: this is called mixed content vulnerability. There are two types, active and passive, discussed in this article. Finally, a demo page with this vulnerability […]
The Internet has fundamentally altered the world we live in and interact. As former Secretary of Defense Leon Panetta (2012) remarked in a speech before the Business Executives for National Security, “Cyberspace has fundamentally transformed the global economy. It’s transformed our way of live, providing two billion people across […]
Alright, now it’s personal. I got a few new games for my PS Vita and my PS4 for Christmas. Thankfully, they each have a single-player mode, because there’s no way I’d be able to play them online. PlayStation Network was down.
I don’t have an Xbox 360, nor do I […]
Universities, colleges and other higher education institutions store PII (Personally Identifiable Information) such as credit card numbers, email addresses, medical records, many staff-related records, student-staff communications, library use records, intellectual-property records, highly-sensitive research, and social security numbers. However, academic IT systems were designed to store and share data, and […]
In a previous post, I presented the main techniques used to hack Tor networks and de-anonymize Tor users. Law enforcement and intelligence agencies consider “de-anonymization” of Tor users a primary goal.
Authorities can try to implement techniques to break the encryption used to anonymize the traffic or to exploit vulnerabilities […]
Humans are often the weakest link in the security chain. In his book The Art of Deception, renowned hacker Kevin Mitnick explains how innate human tendencies are exploited to the attacker’s advantage. It is a misconception that hackers seek to exploit convoluted vulnerabilities beyond comprehension of nontechnical employees. In […]
If you follow security news, I am sure you have heard of SoakSoak malware. It has been in the news for the past few days because it affects more than 100,000+ WordPress websites, and this number may increase. As I am also a WordPress user, I followed the news […]
Radio Frequency Identification, also known as RFID, is a technology that was created by Léon Theremin in1945 and later patented by Mario Cardullo in 1973. It was first developed by Léon Theremin as a spy device for the Soviet Union government. The device itself could transmit a sound […]
WordPress is the popular content management system and blogging platform being used by millions of websites. This is the reason hackers are targeting WordPress. Although the WordPress community is very active and they keep working to make it secure in the best possible ways, most of the time third […]
It is often the case that web applications face suspicious activities due to various reasons, such as a kid scanning a website using an automated vulnerability scanner or a person trying to fuzz a parameter for SQL Injection, etc. In many such cases, logs on the webserver have to […]