The sharkfest challenge was organized by Wireshark University. There are seven challenges related to the trace files analysis. In each challenge, there are some questions we have to answer by analyzing the captured trace files. The sharkfest challenge trace files can be downloaded from the reference links. In this […]
Your health is your life
Keeps you alive
Hillside Avenue by Simply Red
Written by Mick Hucknall
Courtesy of EMI Music Publishing Ltd/So What Ltd
In the past few years, I’ve written about security vulnerabilities that exist in home security systems, in industrial SCADAs, in ATMs, voting machines, and embedded computers in motor vehicles. […]
Here is another interesting challenge we are going to solve. The vulnerable machine name is Flick. As usual, we started the game by hosting the image in a virtual machine and running an Nmap scan on the target.
We found two ports: 22 running OpenSSH and an unknown service on […]
Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the […]
We live in a world that’s becoming ever more dependent on the various digital products at our disposal. From the average man on the street making purchases on his phone to huge multinational companies taking hundreds of thousands of dollars in payments from wide and varied customer bases, technology […]
In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a great deal in developing an exclusion list for monitoring files and folders.
There are some critical system files, folders, and registry keys that are […]
Shellshock [CVE-2014-6271]: Another Attack Vector – Bluffing IPS/IDS Sensors With Python Crafted Pkts
While a lot of online websites and blogs are explaining the vulnerability damage, providing PoC scripts and repetitive information, here we will look into another angle of this vulnerability!
Without a doubt you’ve heard earlier last week that Shellshock was landed, allowing hackers to easily exploit many web servers that […]
In spite of the abundant availability of enterprise software designed to help businesses be more productive, cost-effective, and security conscious, most businesses today still rely on email as their primary business communication, collaboration and file sharing tool.
But why is this the case? Simply put, businesses are reluctant to stop […]
On August 31, 2014, news broke that nude photos of Jennifer Lawrence, Ariana Grande, Kate Upton, and other young female celebrities were being shared on 4chan. Jennifer Lawrence’s representative announced that the photos of her are real, Ariana Grande’s representative said hers are fake.
As far as I can tell, […]
With the number of employees telecommuting, traveling often or working remotely on the rise, the conventional corporate security model is undergoing a major shift. With the availability of VPN (Virtual Private Network) technologies allowing ubiquitous access to company systems, networks and servers, the standard security perimeter many enterprises once […]
In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and Markup Language (SAML), OpenID and OAuth. We will also see the shortcomings observed in each standard.
The three federated identity standards that we will talk in this article […]
Steganography is often mistaken with cryptography, but they are very different in their operations. The major similarity between them is they were coined from Greek words.
steganos – covered
cryptos – secret
graphos – writing
That gives us hidden writing for steganography and secret writing for cryptography. Fill out the form below to […]
Everything you need to know about the Bash Bug vulnerability
The Bash Bug vulnerability (CVE-2014-6271)
A new critical vulnerability, remotely exploitable, dubbed “Bash Bug”, is threatening billions of machines all over the world.
The vulnerability was discovered by the security researcher Stephane Chazelas at Akamai firm. It affects Linux and Unix command-line […]
To view Part I of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101/
To view Part II of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101-part-ii/
In this part of the Website Hacking 101 series, we are going to discuss controlling access to directories (if access is not controlled by key directories like include/includes, the […]
By their nature, business endeavors involve various elements of risk. These elements may include technological, commercial, legal, financial, and environmental risks.
As technologies evolve, businesses become global and regulations more pervasive, the level of risks facing organizations grows exponentially and the challenges become ever more complex.
Organizations have long sought frameworks […]
Ted is an application developer who lost his job in the IT sector due to company downsizing.
Ted was displeased at being laid off just before Christmas, and expressed his displeasure by launching a systematic attack on his former company’s network.
Three weeks following his termination, the insider used the username […]
In the past, many popular websites have been hacked. Hackers are now active and always try to hack websites and leak data. This is why security testing of web applications is very important. And here comes the role of web application security scanners. Web Application Security Scanner is a […]
Now that we’re well into the second decade of the 21st century, mobile computing technology and the increasingly ubiquitous nature of the Internet have been making strides into even more facets of our lives. Many refrigerators, cars, and other machines which became prevalent throughout the 20th century now come […]
1. What is an Acceptable Use Policy?
An Acceptable Use Policy (henceforward mentioned as “AUP”) is agreement between two or more parties to a computer network community, expressing in writing their intent to adhere to certain standards of behaviour with respect to the proper usage of specific hardware & software […]