CISM April 28, 2011 Kenneth Magee CISM Domain – Information Risk Management CISM Chapter 2 – Information Risk Management (IRM) IRM accounts for 22 percent of the CISM exam or about 44 questions. In 2010, ISACA reorganized the CISM...
General security April 28, 2011 Darren Dalasta Grep Essentials grep The grep utility, which allows files to be searched for strings of words, uses a syntax similar to the regular expression syntax of the vi, ex, ed, and...
Hacking April 28, 2011 Keatron Evans What is DLL Hijacking? PORTIONS OF THE BELOW EXPLANATION HAVE BEEN SOURCED FROM DLL HIJACKING DEFINITION AT MARAVIS.com AND HAVE BEEN GRANTED PERMISSION TO USE HERE AS A MEANS TO...
General security April 27, 2011 Darren Dalasta Mac Shortcuts To use a keyboard shortcut, or key combination, you press a modifier key with a character key. For example, pressing the Command key (the key with a symbol)...
Hacking April 26, 2011 Stephen Bradshaw SEH Based Overflow Exploit Tutorial This tutorial will cover the process of writing an SEH based buffer overflow exploit for a known vulnerability in the Vulnserver application. Vulnserver is...
General security April 26, 2011 Darren Dalasta Useful Linux Commands echo 1 > /proc/sys/net/ipv4/ip_forward enables ipv4 forwarding on backtrack, and other distros. Bash commands cut -d" " -f2 > new (cuts from an...
General security April 26, 2011 Ryan Dewhurst Insecure Defaults Lead to Mass Open Proxies in China Description: A bug in Chinese video streaming software leads to mass open proxies on the web. A security blogger has uncoverd a flaw in the Chinese PPLive...
Application security April 21, 2011 Russ McRee OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF) Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement....
CISM April 20, 2011 Kenneth Magee CISM Domain – Information Security Governance There are eight (8) task statements for ISG and twenty (20) knowledge statements. The eight task statements are covered in this post by Ken....
Reverse engineering April 19, 2011 ESET Team TDSS part 3: Bootkit on the Other Foot The final installment of the 3-part series covers the loading the bootkit previously discussed in part 2....