Introduction to SCSI
The SCSI (Small Computer System Interface) defines a way to exchange data between a computer and its peripheral devices, like a hard drive, a tape drive, a scanner, etc . The primary purpose of SCSI is to support multiple devices to be connected together over a fast […]
Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
In this tutorial we’ll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being executed in a debugger, in a virtual machine or in a sandbox.
Malware analysis today depends on a great deal of factors, but we’re often using a […]
In this article, we are going to solve the SecOS challenge, an entry level boot2root challenge.
So we start the game from hosting the vulnerable VM on the virtual box. After running the box, now we run a ping-based Nmap scan for identifying the live systems on the network.
As can […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 3: Gathering Additional Information about Host and Network
As we discussed before, this is our third installment in our Nmap series.
Nmap is well known for port scanning, port discovery, and port mapping. But we can do many more things by the Nmap NSE script. We can do email fingerprinting, retrieve a Whois record, use UDP services, etc.
In this tutorial, we’ll take a look at how we can hack clients in local network by using WPAD (Web Proxy Auto-Discovery). The WPAD protocol allows automatic discovery of web proxy configuration and is primarily used in networks where clients are only allowed to communicate to the outside world […]
People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political figures have elaborated on the possibility of cyberterrorists infiltrating governmental agencies, private corporations or damaging the technological part of the military or the services and […]
In today’s world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as organizations need all the help they can get in making their systems secure. Web application firewalls are deployed to establish […]
In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the most commonly overlooked requirement, just because the statements in PCI itself do not quite clearly specify what all needs to […]
Computer Forensics is the methodical series of procedures and techniques used for procuring evidence from computer systems and storage media. This evidence can then be analyzed for relevant information that is to be presented in a court of law. Computer Forensics has frequently been listed as one of the […]
1. Definition & Objective
A threat could be anything that leads to interruption, meddling or destruction of any valuable service or item existing in the firm’s repertoire. Whether of “human” or “nonhuman” origin, the analysis must scrutinize each element that may bring about conceivable security risk.
Cyber threat analysis is a […]
DragonFly, Cosmic Duke and Pitty Tiger: From State-Sponsored Espionage to Campaign of Independent APTs
Cyber espionage is one of the most aggressive cyber threats for private companies and government entities. In recent years, the number of cyber attacks having this finality has increased as never before. Unfortunately, the security community is able to detect just a small part of the overall cyber attacks […]
The proper implementation of network appliances is vital to designing and maintaining a properly secured network. Modern networking devices usually integrate multiple functions into one box. For example, most enterprise quality firewalls have built-in malware detection and IPSes or IDSes. Most home and small business routers have built-in firewalls […]
In today’s world, cyber criminals often use software to brute force passwords, and some may lead to successful attacks. Since there are many third party tools and high end machines to carry out such attacks, brute forcing is a fun and easier job now a days.
Recently there have […]
We always come across situations when our beloved tools like Nmap, Nessus etc. cannot continue because of the limited functionality provided by them. The nature of pen testing is such that it requires these type of tools to be be extended and customized. That’s where the add-ons for these […]
Microsoft Windows provides a sleek API for cryptographic purposes. It is a generic interface for accessing cryptographic services provided by Microsoft Windows operating system.
CryptoAPI is meant to be used by developers of Windows-based applications that may alter users to form and exchange documents and alternative information in a very […]
sqlmap is an attack tool which can be effectively used to perform SQL injection attacks and post exploitation acts. It is a versatile tool when it comes to SQL injections. Most security professionals use sqlmap for SQL injection related pen tests.
sqlmap is a modular framework written in Python. It […]
Given the massive spread of the Internet and Internet-related activities in recent times, there is an equal spread in silent activities behind the web too. These silent activities might relate to port scanning, vulnerability scanning, finding publicly available technical and non-technical information about target organizations, and so on. At […]
In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what is the planning and design strategy for DLP, what are the possible deployment scenarios, and what are workflow and best […]
In the previous article, we discussed shared preferences and its security under local data storage. In this article, we will discuss other storage methods being used by Android developers.
Fill out the form below to download the files associated with this article:
SQLite databases are lightweight file-based databases. They usually […]