Who's Online
There are currently, 193 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Modeling Security Pentests - New Issue of WebAppPentesting is Out!
Posted by cdupuis on Wednesday, 25 January 2012 @ 12:58:26 EST (151 reads)
Topic Hakin9
Anonymous writes "Inside Web App Pentesting:
Open Source Web Application Security Testing Tools by Vinodh Velusamy
Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish.
Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with your information systems.
At the end of the day and over the long haul, this will add up to considerable business value you can’t afford to overlook”.
More Articles:
- Modeling Security Penetration Tests with Stringent Time Constraints by Alan Cao
- The puzzlepices by Daniel Clemens
- WebAppSecurity for Newbies part 2 Herman Stevens
- Web Application Common Vulnerabilities – Part I by Bryan Soliman
- CYBER STYLETTO by Mike Brennan and Richard Siennon
SUBSCRIBE NOW AND GET 2 AMAZING E-BOOKS !
1. CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits details the methodologies, framework, and unwritten conventions penetration tests should cover to provide the most value to your organization and your customers.
2. In his new book "Save the Database, Save the World!" John Ottman captures the essence of the threats we face to the information that drives business. Organized crime, underhanded competitors and even foreign governments are looking to gain any financial, competitive or operational advantage and these enemies are going directly after the databases and the applications that access data.
After subscribing contact katarzyna.zwierowicz@software.com.pl with "WAPT" in the tittle of the message.
You can visit us at: http://www.pentestmag.com "
New Issue of PenTest Extra Magazine is available
Posted by cdupuis on Monday, 16 January 2012 @ 11:26:04 EST (221 reads)
Topic Hakin9
New Issue of PenTest Extra Magazine is available!  Download the Free Sample Issue to check the content and read Free article, just click here.
Read free article "XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications" by Marsel Nizamutdinov The goal of this article is to demonstrate the real danger of post-authenticated vulnerabilities. The author will not explain the basics of web application attacks in this article, as that has already been done many times before by others. He will focus on a practical way to exploit post-authentication XSS's and CSRF, which remain a highly underestimated attack vector in the security scene.
Inside:
- XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications by Marsel Nizamutdinov
- Discovering Modern CSRF Patch Failures by Tyler Borland
- Business Logic Vulnerabilities via CSRF by Eugene Dokukin
- XSS Using Shell of the future by Sow Ching Shiong
- Cross-Site Request Forgery by Jamie
- Security Resolutions for 2012 by Rishi Narang
- Interview with Peter N. M. Hansteen by PenTest Team
|
|
Get For Free "The Book of PF" by Peter N. M. Hansteen!  Buy annual subscription of PenTest and receive:
- Free Ebook "The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall" worth $30.00 Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:
- Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridges
- Use PF to create a wireless access point, and lock it down tight with authpf and special access restrictions
- Maximize availability by using redirection rules for load balancing and CARP for failover
- Use tables for proactive defense against would-be attackers and spammers
- Set up queues and traffic shaping with ALTQ, so your network stays responsive
- Master your logs with monitoring and visualization, because you can never be too paranoid
If you buy PenTest annual subscription, you will receive 48 Issues of PeneTest per year and get:
- PenTest (release date: 1st of each month) – 50 pages of content dedicated to penetration tests, few regular columns written by specialists
- PenTest Extra (release date: 15th of each month) – 50 pages of strictly topical content dedicated each time to different hot topic
- Mobile Pentesting (release date: 7th of each month) – 40 pages of content dedicated to latest mobile topics
- Web App Pentesting (release date: 22nd of each month) – 40 pages of content dedicated to web application topics
Buy annual subscription and contact us at krzysztof.marczyk@software.com.pl. We will take care of everything for you! |
|
Contact PenTest team!
Please spread the word about PenTest magazine!
Enjoy reading!
Krzysztof Marczyk & PenTest team
mailto:olga.glowala@software.com.pl
PenTest Magazine
WebApp Pentesting for charity
Posted by cdupuis on Wednesday, 21 December 2011 @ 11:39:39 EST (408 reads)
Topic Hakin9
Anonymous writes "
| WebAppPentesting Magazine - new December issue is out!
Why don't we start thinking of those who really need help? Please consider help to those who don't have warm home to spend Christmas in, who suffer hunger when our tables are full of delicious food, who sleep alone in the shelter, or who spend their holidays in hospital.
|
| Download the Free Teaser Issue to check the content and read Free Article, just click here |
What's more you can find inside is:
- Web Application Security for Newbies part 1. By Herman Stevens
- Web Session Management – reality is a nightmare! By Rishi Narang
- A chance to ease automated Web Site testing. By Marek Zachara
- Cyber Security War – ofensive vs defensive. By Jatin Jain
- Web Application Security – Preservation and Hacking. By Priyanka Tomar
- E-banking ghosts. By Sebastien Bischof and Jean-Marc Bost
- Mike Brennan and Richard Stiennon “Cyber Styletto”
|
| SUBSCRIBE NOW! |
Christmas offer! Receive Ebook, coupon for Cyber Styletto for 99 cents, 6 months Subscription For Free!
If you buy PenTest annual subscription, you will receive 48 Issues of PenTest per year and get:
- PenTest (release date: 1st of each month) – 50 pages of content dedicated to penetration tests, few regular columns written by specialists
- PenTest Extra (release date: 15th of each month) – 50 pages of strictly topical content dedicated each time to different hot topic
- Mobile Pentesting (release date: 7th of each month) – 40 pages of content dedicated to latest mobile topics
- Web App Pentesting (release date: 22nd of each month) – 40 pages of content dedicated to web application topics
Sounds good? Isn't it?
|
 1. FIRST FIVE subscribers will get a free e-book "Network your Computers and Devices" by Cyprian A. Rusen. Don't let the others take them from you!
Have you ever wondered about the book which not only can help you to step by step network you computer and devices, but also can be useful for your relatives? New Step by Step Network your computers and Devices book is best useful tutorial for whole your family.
Visit 7 Tutorial Website |
 2. For all interested readers we have prepared special coupon for "Cyber Styletto" by Mike Brennan. Get your ebook just for 99 cents! |
| Special Offer! If you buy 1 Year Subscription, you will get from us Additional Six Months for Free! |
| CLICK HERE TO SUBSCRIBE |
| After subscrinig contact katarzyna.zwierowicz@software.com.pl with "Subscription" in the tittle of the message |
|
Buy one year PenTest Subscription until December 25th, 11:59 pm GMT+1, and you’ll get one year of Hakin9 Subscription for free!
Don’t wait for Santa, all is in your hands!
|
"
PenTest Extra Physical Security Issue 4 of 2011
Posted by cdupuis on Thursday, 15 December 2011 @ 20:59:18 EST (531 reads)
Topic Hakin9
Anonymous writes "
New issue of PenTest Extra is out!
Guaranteed Access
by Jon Derrenbacker
Everyone has different ideas of what physical security is, what it encompasses, and how to exploit it. It can include a wide range of exploits, many being surprisingly simple. Regardless of method, going after physical security in a PenTest often proves one of the easiest ways to gain access to a network. Sometimes physical exploits are almost looked on as cheating, simply because some of them are so simple, so obvious, and yet completely unprotected.
Let’s Get Physical
by Kent Blackwell
Your boss calls you into his office to inform you a penetration test has been requested by one of your clients. Unlike the bi-annual vulnerability sweeps Company Inc. has previously requested, they have also asked for a physical security assessment as well. You’ve never preformed this kind of test before and by the time you’ve made it back to your desk your imagination is already running wild with scenarios that wouldn’t look out-of-place in a Mission Impossible movie.
The Process Explained from Start to Finish
by Alex Horan
If a security tester, for example, has only a couple of days to test and report on the security posture of a web application, the tester needs to ensure that manual efforts are only devoted to areas of the web application that deserve manual attention. It would be highly inefficient for the tester to spend a third of his or her time simply crawling the application and recording all of the unique URLs associated with the application.
Anatomy of Attack Detection, Without Data!
by Rishi Narang
There has been a constant evolution in the threat landscape and attack vectors. New attacks, malware, malicious packets traverse our network every now and then. The industry has deployed the measures on perimeter, host and virtually anywhere in between. We have IPS, AV, Firewalls and other protection, and detection tools but most of them look for patterns, or as the standards say, do a DPI (Deep Packet Inspection). But the bottleneck hits when these wares start morphing or a slight change in the code, enables the signature writers to add exorbitant amount of code in the product. The overhead on signature writers and pattern matchers is increasing exponentially.
Intelligent Video Surveillance
by Theofanis Kontos
Intelligent video comprises any solution where the video surveillance system automatically performs an analysis of the captured image. Hence, the central idea behind it is that observation and alarm detection do not burden the human personnel any more, but are assigned to computers.
Now What am I forgetting
by Justin Rogosky
The article below details the exploits of a diamond thief who didn’t use a weapon or threat of violence, he came in everyday as a client and became a trusted individual. Normally, engagements don’t allow you to build up the kind of relationship required for this level of access, but being friendly can get you a lot farther than most people realize.
IT Security Books
In recent months on the market appeared a lot of new books in the field of IT Security. We want to introduce you three of them. “Web Application Security” and “Security Metrics” are a part of “Hacking Exposed” series, which has a good reputation and recognition. The last one, “Securing the Clics”, provides knowledge of network security.
Interview with Patrick Bedwell
by Arao
Patrick Bedwell has more than 14 years experience in the network security and network management industries. He is the vice president of product marketing at Fortinet and is responsible for executing the marketing strategy for Fortinet’s network security products. Prior to joining Fortinet, Patrick held product marketing and product management leadership positions at Arcot Systems, McAfee, SecurityFocus, Network ICE and Network General. Patrick earned an MBA with honors from Santa Clara University and a BA degree in English from the University of California, Berkeley.
"
New Christmas Issue of Hakin9 Extra is out!
Posted by cdupuis on Thursday, 15 December 2011 @ 20:01:13 EST (650 reads)
Topic Hakin9
Anonymous writes "
|
|
| New Hakin9 Extra is out! This issue is about wireless security with a couple of articles on Managed Code Rootkits and Facebook Forensics to spice things up! So don't hesitate and subscribe now! Take a quick look at the list of articles we've prepared for you or scroll down to read fragments of the articles. |
 |
Fake Access Point with Airsnarf by Rishabh Mehta
Wireless hotspots are everywhere. A mobile user can obtain connectivity quickly and easily in a wide variety of public locations. Some of these hotspots are free and some of them require a fee or subscription. Either way, you will continue to see how being in a public Wi-Fi hotspot poses the greatest security risk you will find. |
|
|
WPA2-CCMP Known Plain Text Attack by Domonkos Pal Tomcsanyi
Wireless Standards and Practices by Richard C. Batka
Facebook Forensics by Kelvin Wong, Anthony C. T. Lai, Jason C. K. Yeung, W. L. Lee, P. H. Chan
Managed Code Rootkits by Erez Metula
Short URL by Yaser Alosefer
|
|
|
| SUBSCRIBE NOW |
| If you buy a year subscription now you'll get a full version of Network Malware Cleaner by EMCO Software. The offer is valid till the stock lasts so hurry up! |
 |
| SUBSCRIBE NOW |
| But that's not all! We've got even more! Are you still looking for Christmas presents? This Christmas share Hakin9 with a friend. If you buy a year subscription of Hakin9 for a friend, you'll get a free year subscription to PenTest and an amazing gift from Hakin9. You can choose one of the following books: |
|
 |
Hard copy:
- Honeypots: A New Paradigm to Information Security – CRC Publishing
- Introduction to Cryptography with Open-Source Software – CRC Publishing
- Security and Policy Driven Computing – CRC Publishing
- Thor's Microsoft Security Bible – Syngress Publishing
|
 |
 |
E-book:
- IPhone Application TuneUp – Packt Publishing
|
|
| Now, let's see what's in the issue. |
| 1. Fake Access Point with Airsnarf
by Rishabh Mehta
Wireless hotspots are everywhere. A mobile user can obtain connectivity quickly and easily in a wide variety of public locations. Some of these hotspots are free and some of them require a fee or subscription. Either way, you will continue to see how being in a public Wi-Fi hotspot poses the greatest security risk you will find. |
| 2. WPA2-CCMP known plain text attack
by Domonkos Pal Tomcsanyi
There hasn’t been much up in the field of WiFi security lately because WPA/WPA2 combined with a strong password is truly secure; even nowadays when people use GPUs to accelerate password cracking it is almost impossible to crack an arbitrary random WPA/WPA2 password that contains numbers, letters and capitals in a reasonable timeframe. Or is it though? Is it really impossible? |
| 3. Wireless Standards And Practices
by Richard C. Batka
When it comes to wireless one of the most important areas are frames. This article will cover how to set up a lab environment to explore one of the four types of wireless management frames: The Beacon. |
| 4. Facebook Forensics
by Kelvin Wong, Anthony C.T. Lai, Jason C. K. Yeung, W. L. Lee, P. H. Chan
Facebook is a well-known social networking application and connect people all over the world. We have carried out various test activities in Facebook and identified footprints and evidence could be extracted from memory, browser cache and other spaces; In addition, we have tested it with various technology platforms to provide more detailed and comprehensive forensics analysis. |
| 5. Managed Code Rootkits
by Erez Metula
Influencing source code is not a new idea. Injecting malicious code secretly by the compiler or the IDE was introduced a while ago. Using managed code rootkits (MCRs), we can take this kind of attack a bit further, by changing the actual meaning of the compiled code after it was created. |
| 6. Short URL
by Yaser Alosefer
We all know the story of the Trojan Horse, where the Greeks built it to enter the city of Troy. It was an unimaginable trick used to enter Troy after a 10 year siege. In the computer world, hackers use similar tricks to fool the end-users into running their malware. |
| SUBSCRIBE NOW |
|
Please spread the word about Hakin9. Hakin9 team wish you good reading!
en@hakin9.org
Hakin9.org
"
The Best of Hakin9 Compilation for year 2010 available for FREE
Posted by cdupuis on Thursday, 13 October 2011 @ 11:44:24 EDT (945 reads)
Topic Hakin9
NOTE FROM CLEMENT:
Here is a nice opportunity to get over 200 pages of the best articles published throughout year 2010. The articles are very thorought and still totally applicable today. Hakin9 are so confident you will like it they are giving it to you for FREE without having to go through loops or registration. Just click on the link, get reading, and subscribe if you like it.
Best regards
Clement
 |
 |
Hakin9 The Best Of, the best articles since first hakin9 issue gathered in two big Hakin9 e-books!
Over 400 pages of the best technical content ever!
Hakin9 Best Of for Every Subscriber!
Download Now!
|
|
|
|
PenTest Magazine, Promoting Pentesting Services; Call For Writers
Posted by cdupuis on Thursday, 26 May 2011 @ 11:58:28 EDT (1398 reads)
Topic Hakin9
|
 |
Promoting Pentesting Services
|
|
The next issue of PenTest Magazine will be devoted in large part to promoting pentesting services and generating trust among those companies who remain unconvinced by the usability and – let's put it straight – indispensability of pentesting services in today's world. If you are among those on the fence about pentesting – check what you might be missing. If you are a pentester, the next issue will provide you with ideas on how to convince your clients to your services and how to improve them.
Selling Penetration Testing Services
Pentesting - Is It a Worth?
Is Your Pentest Meaningless?
What Should You Look For?
This, and more, in PenTest Magazine June issue. Subscribe now at pentestmag.com.
|
Call For Writers
|
|
July issue focus: physical penetration testing. August issue focus: pentesting the cloud.
PenTest Magazine is seeking submissions on the above, and – as usually – on anything you consider interesting and worth discussing. Send your ideas here: sebastian.bula@software.com.pl.
|
Hack In Paris 50% Discount
|
|
We have ten 50% discount registration codes for Hack In Paris (http://www.hackinparis.com/) conference. First 10 subscribers who contact us at sebastian.bula@software.com.pl with the answer for the question “What is time consuming for 'human scanners'” (yes, you'd need to look at one of our May issue articles!) will be granted the codes.
|
|
|
|
|
|
Hakin9 Magazine Cloud Security Edition
Posted by cdupuis on Tuesday, 10 May 2011 @ 23:30:19 EDT (1314 reads)
Topic Hakin9
 |
|
New issue of Hakin9 available: Cloud Security
|
|
New issue of Hakin9 magazine already available!
Inside:
- An Analysis of the Cloud Security Threat by Julian Evans
- Cloud Computing Legal Framework and Privacy by Rebecca Wynn
- Cloud Security: Is the Sky Falling Already? by Gary S. Miliefsky
- On Cyber Investigations - Case Study: A Targeted E-banking Fraud by Alisa Shevchenko
- IPv6 Secure Transition Network Architecture by Michel Barbeau
- Antivirus in the Cloud: fad or future? by Malcolm Tuck
- Cloud Computing Standards: The Great Debate by Justin Pirie
- Cloud Security: Whose responsibility is it anyway? by Rik Ferguson
and exclusive extras prepared for Hakin9 subscribers only
Video trainings + tutorial from Wayne Burke, Sequrit:
- Forensics in Today's World
- Computer Forensics Investigation Process
- Searching and Seizing Computers
Download
An Analysis of the Cloud Security Threat
by Julian Evans
The cloud is very much the talk of the IT media town these days. Client side computational resources are still in demand but IT vendors and businesses are looking to the cloud in the hope that third-party companies will manage the network infrastructure (including overload requirements whereby the company has to pay for additional hosting services) and data/network security.
Cloud Security: Is the Sky Falling Already?
by Gary Miliefsky
Everyone seems to be jumping into the Cloud with both feet and many before they have realized that there may not be a silver lining with their public or private cloud. Just take a look at the competitive nature of streaming video on demand, offered by NetFlix through the Cloud or Amazon or large cable TV operators like Comcast and others. Some of these vendors seem to be sending out TCP resets on their end-user customers to kill the smooth streaming of a video, over their internet service, because it comes from another video service provider. I’m sure there will be law suits flying soon, when users get upset about their movies hanging, restarting or playing at a lower quality than they expect. So there’s already a battle taking place in the Cloud.
Cloud Computing Legal Framework and Privacy
by Rebecca Wynn
Cloud Computing is not a brand new term or concept. Since the days that you started to use AOL Webmail, MSN Hotmail, Yahoo, or Gmail you have been using Cloud Computing. If you use Facebook, Twitter, online data storage, Google Apps, many photo sites, etc. then you are using Cloud Computing. Simply stated Cloud Computing is using others’ computer systems, hardware, and software to do things on your system. The data is yours but others take care of the server(s) and application(s).
On Cyber Investigations - Case Study: A Targeted E-banking Fraud
by Alisa Shevchenko
As money migrates into the virtual world, the crime follows. This article presents a brief journey into the industry of cyber crime and the methodology of cyber investigation, disclosed through a real world case study. The author’s main objective is to highlight the general approach and the particular techniques of a cyber investigation process. The criminal case in question demonstrates a typical systematic approach to massive targeted e-money fraud. Due to this reason the article will also serve educational purposes to the professionals involved in cyber crime research and investigations.
IPv6 Secure Transition Network Architecture
by Michel Barbeau
The Internet has grown to a point where Internet Protocol version 4 (IPv4) can’t handle the large number of addresses created by that growth. The long term solution has been the replacement of IPv4 by Internet Protocol version 6 (IPv6), which has the capability to handle an astronomically large address space. Because of the difficulty to switch from one Internet protocol to another, IPv6 deployment has been marginal and several less drastic solutions have been used to expand the address space of IPv4.
Contacts Us
|
Last chance to get a FREE issue of Hakin9
Posted by cdupuis on Tuesday, 19 April 2011 @ 00:04:34 EDT (1427 reads)
Topic Hakin9
|
|
|
|
Download April issue for free till April 30th;
Buy access to Hakin9 online content
|
 The last free issue of Hakin9 magazine: Mobile Security
In order to download the issue you need to:
-register on the website (for free)
-log in using your details
-click on the cover of the magazine
Then you should get the save/open window.
Download today at www.hakin9.org/en
Buy access to Hakin9 online content
Starting from April 18 till April 30th you can subscribe to Hakin9 magazine for a lower fee - $15 monthly till the end of your subscription.
The regular price will be $29 and will include:
-12 regular issues a year
-6 extra topical issues a year
-additional materials each month (video trainings, software)
This change has one goal: make the magazine even more article oriented with limited number of ads and commercial content sent via newsletters.
The offer is valid till April 30th. Don't miss your chance - subscribe to Hakin9 for a lower fee!
|
New issue of Hakin9 available: Mobile Security
Posted by cdupuis on Thursday, 31 March 2011 @ 10:22:57 EDT (1613 reads)
Topic Hakin9
Articles
- Free Issue (04/2011) to Download!
In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address. You need to verify your email address using the link from the activation email you will receive. If you already subscribed to our list, you will be asked to provide your email address each time you download the magazine. No activation email will be sent and you should see the link for download.
IMPORTANT NOTICE
1. After the activation of your subscription you need to click the “download” button once again to start downloading the PDF.
2. In case you do not get the activation email please check your spam folder. If it is not there, please use different email address.
Download
-
- Passware Forensic Kit 10.3 - review
- MICHAEL MUNT
- SpyShelter Application - review
- DAVID KNIFE
- How to use Netcat
Netcat is a network utillity for reading and writing network connections that support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP ports on a target system and hackers use it with telnet to gain shell access to the target system.
- MOHSEN MOSTAFA JOKAR
- Security – Objectives, Process and Tips
In a world where business is moving towards e-commerce and happening over the Internet, B2B, B2C, and C2C applications have always been an area of major security concern due to the pitfalls of HTTP security and the number of integration points.
- RAHUL KUMAR GUPTA
- The Backroom Message That’s Stolen Your Deal
Do you want to learn more about bigwig? Is someone keeping secrets from you? Need to silently record text messages, GPS locations and call info of your child or employee? Catch everybody at whatever you like with our unique service.
- YURY CHEMERKIN
- Smartphones Security and Privacy
All the threats that attack your enterprise computer centers and personal computer systems are quickly encompassing mobile devices.
- REBECCA WYNN
- Defending Cell Phones and PDA’s
We’re at the very early stages of Cell Phone and PDA exploitation through ‘trusted’ application downloads, Bluetooth attacks and social engineering. With so many corporations allowing these devices on their networks or not knowing how to block their gaining access to corporate and government network resources, it’s a very high risk situation.
- GARY S. MILIEFSKY, FMDHS, CISSP®
- Special report: My RSA Conference 2011 Trip Report
Annual Trek to the Greatest INFOSEC Show on Earth. What’s New and Exciting Under the Big Top of Network Security.
- GARY S. MILIEFSKY, FMDHS, CISSP®
- Mobile Malware Trends and Analysis
Over the past few years there has been much speculation about when mobile malware will start to proliferate, but as yet it doesn’t appear to have happened. Over the past 12 months though there has been some interesting developments concerning mobile malware. This feature will look at some of these and also highlight some of the mobile trends. Firstly let us look at the mobile malware life cycle.
- JULIAN EVANS
- Why are Zero-Days Such a Big Deal?
Sounds like a stupid question at first. They’re a big deal because they’re vulnerabilities, and vulnerabilities are bad. Right? So why do we freak out about zero-days?
- MATTHEW JONKMAN
- Death Knell Sounds For Traditional Tokens
There is an often used phrase that the stars have aligned but, in 2011, it is the technology that has come together to hammer the final nail into the physical tokens’ coffin. The cynical among you would argue that this statement has been made before and yes, I concede that tokens have survived and are still prevalent, so, why is this year different? Let’s examine the evidence.
- Andrew Kemshall
Download
New issue of Hakin9 available: Identity Theft
Posted by cdupuis on Monday, 28 February 2011 @ 19:22:18 EST (2468 reads)
Topic Hakin9
Anonymous writes "
|
|
New issue of Hakin9 available: Identity Theft
|
|
New issue of Hakin9 magazine already available!
Inside:
- Identity Proof Your Personal Data by Julian Evans
- Guarding Against Identity Theft by Gary Miliefsky
- The Best Way to Learn and Apply Cryptography by Arkadius C. Litwinczuk
- Analysis of a Scam by Rich Hoggan
- Secure Env for PT by Antonio Merola
- Knowing VoIP – part III by Winston Santos
- Bluetooth Mice Can Leak Your Passwords! by Aniket Pingley, Xian Pan, Nan Zhang, Xinwen Fu
- Choosing an IDS/IPS Engine by Matthew Jonkman
Download
Identity Proof Your Personal Data
by Julian Evans
There doesn’t appear to be a day that passes where we don’t hear about a corporate or government network data breach in the media. Whatever individuals or businesses do, we all fail miserably when it comes to protecting our most valued assets – personal and financial information. So what is a data breach and how will it affect businesses, government and individuals?
Guarding Against Identity Theft
by Gary Miliefsky
In my last article I made predictions on the ever growing and dynamic landscape of cyberwar and cybercrime – bottom line, some of my predictions are already coming true this year so it’s time to become even more vigilant to guard your personal identity and for your organization to do the same.
The Best Way to Learn and Apply Cryptography
by Arkadius C. Litwinczuk
The CrypTool project is about making the sometimes daunting subject of cryptography more accessible and easy to understand. It is the most comprehensive cryptography learning tool worldwide.
Analysis of a Scam
by Rich Hoggan
It’s all to often that we hear about being scammed on the Internet especially when using Craigslist – the popular website for selling and buying almost anything on the Internet. But it seems as though the majority of the website has become devoted to messages warning us of the potential for getting scammed.
Secure Env for PT
by Antonio Merola
Security awareness guideline about setting a controlled environment to conduct technical security testing and assessments, in order to protect companies and professionals from possible legal implications.
Knowing VoIP – part III
by Winston Santos
In previous chapters we have talked about the marvelous world of VoIP, what it allows us to do, accomplish and so on. Now let’s focus on the dangers that we need to be aware of and the countermeasure as well.
Bluetooth Mice Can Leak Your Passwords!
by Aniket Pingley, Xian Pan, Nan Zhang, Xinwen Fu
In this article, we will introduce a hidden vulnerability in Bluetooth mouse communication that may leak critical information including passwords. Bluetooth mouse communication is generally unencrypted. By sniffing raw Bluetooth mouse communication, we are able to reconstruct the mouse trajectory on screen with default mouse acceleration enabled. Therefore, if passwords are typed through a software keyboard, the sniffed mouse movement will expose the passwords.
Download
Contacts Us
|
"
Hakin9 new edition on Network Security just released
Posted by cdupuis on Tuesday, 01 February 2011 @ 20:43:22 EST (2541 reads)
Topic Hakin9
 |
|
New Issue of Hakin9 magazine: Network Security
|
|
New issue of Hakin9 magazine already available!
Inside:
- Network Security - Data Breaches by Julian Evans
- A Security System That Changed The World by Yury Chemerkin
- Get in Through the Backdoor: Post Exploitation with Armitage by Raphael Mudge
- Breaking The Code: Brute Forcing The Encryption Key by Rich Hoggan
- Is Data Secure on the Password Protected Blackberry Device? by Yury Chemerkin
- Examine your Network With Nmap. What is network Scanning? by Mohsen Mostafa Jokar
- Exploring GCIH Certification for Fun and Employability by Alexandre Teixeira
- Certification Smart? by Douglas Chick
- What is Good Enough Coverage? by Matthew Jonkman
Download
Network Security - Data Breaches
by Julian Evans
There doesn’t appear to be a day that passes where we don’t hear about a corporate or government network data breach in the media. Whatever individuals or businesses do, we all fail miserably when it comes to protecting our most valued assets - personal and financial information. So what is a data breach and how will it affect businesses, government and individuals?
A Security System That Changed The World
by Yury Chemerkin
Enterprise data is a valuable corporate asset, and therefore ensuring it's over integrity is an issue of superior business cycle model to any commercial or government organization.
Get in Through the Backdoor: Post Exploitation with Armitage
by Raphael Mudge
IT professionals have a dated image of hacking. Many picture the process as running nmap, finding an exploit, and running it to compromise a server. This romantic scenario was alive around 2003, but it has since gone out of style.
Breaking The Code: Brute Forcing The Encryption Key
by Rich Hoggan
There’s no way around it, cryptography is an aspect of our digital lives that’s becoming more and more prevalent. It’s because we interact in a vast social network that is the internet where we enter our personal information into countless profile pages and make the majority of our purchases online that we have an increasing need to focus on cyber security and cryptography. But at the same time that cryptography has great potential in securing our information, it’s just as vulnerable to attack.
Is Data Secure on the Password Protected Blackberry Device?
by Yury Chemerkin
People who have ever heard of password utility think the usage of it can protect their private data. There are, however, several ways to steal a lot of information in spite of the fact that device locked by password. These ideas are not complicated to first-time malware developer.
Examine your Network With Nmap. What is network Scanning?
by Mohsen Mostafa Jokar
Network scanning is an important part of network that any system administrator must be aware of. Network scanning contains of port scanner and vulnerability scanner. Port scanner is a software that was designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and can be used by an attacker to identify running services on a host with the view to compromise it.
Exploring GCIH Certification for Fun and Employability
by Alexandre Teixeira
Do you remember the time when you used to read a lot of underground e-zines? How many years of professional experience do you have? These really count. Enhance your skill set by challenging this certification exam! There’s no more room to discuss whether it’s good or bad being certified. The market needs it.
What is Good Enough Coverage?
by Matthew Jonkman
Everything we buy, build, or test in the security space calls itself full coverage, complete coverage, or all you’ll ever need. But we all know no product could possibly say they can be full coverage, as in they’ll cover every threat you could be faced with.
Download
Contacts Us
|
Hakin9 magazine: Cybercrime and Cyberwar Predictions for 2011
Posted by cdupuis on Monday, 03 January 2011 @ 19:53:41 EST (2365 reads)
Topic Hakin9
|
|
New Issue of Hakin9 magazine:
Cybercrime and Cyberwar Predictions for 2011
|
|
New issue of Hakin9 magazine already available!
Inside:
- Cybercrime and Cyberwar Predictions for 2011 by Gary Miliefsky
- The Social Web Threat by Julian Evans
- Pros and cons of partial passwords in web applications by Darek Łysyszyn
- Target Attacks via Email by Pedro Bueno
- Spyware Threat Invades BlackBerry App World by Mayank Aggarwal
- Open WiFi and Firesheep by Joseph Webster
Download
Cybercrime and Cyberwar Predictions for 2011
Gary Miliefsky
In my last article, I showed you where to find some of the best and mostly untapped resources available to improve your personal computer and network security posture. In this article, I will share with you some great resources on researching trends of Cybercrime and Cyberwar and from my own research my conclusions on what is coming our way in 2011.
The Social Web Threat
Julian Evans
The Social Web is also known as Web 2.0 or the dynamic Web. Social Websites are generally free to use and allow people to socialize, interact, share experiences, upload photographs, share interests, build friendship networks and play online community games. The Social Web has evolved and today we see Facebook. Twitter and MySpace to name three of the most popular are openly encouraging people to upload their entire life.
Pros and cons of partial passwords in web applications
Darek Łysyszyn
Almost every web application requires some kind of authorization. Most of them use user password authorization. And most of time one is forced to type full password. Is this solution convenient Probably yes. Is it secure? Not quite. There are few solutions of authorization by password. Let's consider one of them called partial passwords.
Target Attacks via Email
Pedro Bueno
After the lecture of this article we will be able to understand how the target attacks by email work, what are their targets and what are the malwares used. We will also see how easy it is to create an exploit based on public information.
Spyware Threat Invades BlackBerry App World
Mayank Aggarwal
Lately, Google’s Android Market has attracted the attention of the security community for not vetting or ensuring the authenticity of the applications posted on its app market. Earlier this year, the Junos Pulse Global Threat Center team performed a thorough analysis of the Android Market and unveiled numerous malware applications disguised as utilities or game applications. Since then, several research studies of the malicious nature of applications on Android Market have surfaced and all the studies concluded that the Android Market has been hosting a large number of malicious applications, which forced Google to enforce a Remote Kill switch for the malicious applications.
Open WiFi and Firesheep
Joseph Webster
Recently there’s been a lot of commotion in the press about a new threat to privacy at open WiFi hotspots known by the humorous moniker Firesheep. What’s new about Firesheep isn’t the exploit – HTTP session hijacking has been well known for years – it’s that Firesheep is a simple Firefox plug-in that is available to anyone and requires no technical expertise to utilize. In other words it allows anyone with Firefox and Firesheep to be a hacker. No experience required.
Contacts Us
|
December issue of Hakin9 magazine Botnets, Malware, Spyware - How to Fight Back
Posted by cdupuis on Tuesday, 30 November 2010 @ 11:41:52 EST (1812 reads)
Topic Hakin9
Anonymous writes "To: clement.dupuis@gmail.com
|
|
December issue of Hakin9 magazine
Botnets, Malware, Spyware – How to Fight Back
|
|
New issue of Hakin9 magazine already available! Download  Inside:
- A brief analysis of the cyber security threat by Julian Evans
- Cyber State-Bullying by Matthew Jonkman
- The Spyware Within You by Rajat Khare
- The Ear of Sauron by John Ay*****
- dasbot: controlling IRC via bash by Israel Torres
- Knowing VoIP Part II – Getting deeper to the settings by Winston Santos
- TDSS botnet – full disclosure. Part II by Andrey Rassokhin and Dmitry Oleksyuk
- Search Engine Security and Privacy – Part 2 by Rebecca Wynn
Download
A brief analysis of the cyber security threat
Julian Evans
Cyber security can be broadly described as protecting personal/business or government digital assets from cyber attack from individuals, organised criminals or foreign governments. Cyber security encompasses three threat vectors; cyber warfare; cyber terrorism and cyber attacks. Each of these threat vectors’will need to be addressed by a country’s citizens, its businesses (private and public) and national and local governments (including a nation-states armed forces).
Cyber State-Bullying
Matthew Jonkman
We know offensive cyber tools can be effective, and we’re all unprepared, and all building the capabilities to attack and defend. Will we actually go through with a full-scale conflict, or will we just use these to intimidate each other and expand defense budgets?
The Spyware Within You
Rajat Khare
Yes, today’s spyware though resides in your computer or mobile but it’s pretty much inside you. Whatever we do, wherever we go it’s stored in a computer or an embedded device like mobile phone.
The Ear of Sauron
John Ay*****
In The Lord of the Rings, Sauron wiles away the time peering out over Middle Earth with the Eye – lacking Internet access, Sauron couldn’t occupy himself flaming hobbits online. Sauron’s Eye has been realized, in a small way, by the webcams perched atop our monitors and embedded into our laptops and mobile devices.
dasbot: controlling IRC via bash
Israel Torres
The IRC protocol is a text-based protocol, with the simplest client being any socket program capable of connecting to the server – RFC1459 dasbot is an intuitive bash file driven IRC bot. It was created on a Mac and runs in a progressive environment where it can be updated with ease at a moments notice. It doesn’t require a compiler, sudo permissions or static path.
Knowing VoIP Part II – Getting deeper to the settings
Winston Santos
Last chapter we had previous talked about what is VoIP, advantages, disadvantages,etc. But this time I will take you inside to the process when people place/receive a call. I will take the opportunity to explain what is required to properly configure a device to work + some tips to help people in taking the best of the service.
TDSS botnet – full disclosure. Part II
Andrey Rassokhin and Dmitry Oleksyuk
After breaking into the world’s biggest botnet, which was covered in the previous issue of Hakin9, we performed thorough analysis of the botnet’s undercover logic. TDSS malware is also known as TDL, Tidserv, and Alureon. Quite a number of comprehensive analytical studies of various versions of this bot are available from the most respectful security researchers and vendor teams. It is advised to study them before proceeding in order to better understand the context of this article.
Search Engine Security and Privacy – Part 2
Rebecca Wynn
It is always surprising to see how much information is available to anyone with an Internet connection and little tenacity. Since Part 1 was published in the July 2010 Hakin9 magazine, there have been huge changes within the search engine world. I will name a few key changes here.
Contacts Us
|
| |
"
Hakin9 November Issue - Spyware – Someone is always watching...
Posted by cdupuis on Thursday, 04 November 2010 @ 14:34:46 EDT (1498 reads)
Topic Hakin9
|
|
November issue of Hakin9 magazine
Spyware – Someone is always watching...
|
|
New issue of Hakin9 magazine already available!  Inside:
- An analysis of the spyware threat and how to protect a PC by Julian Evans
- Emerging Threats: Electronic Cold War by Matthew Jonkman
- Deploying & Utilizing Intrusion Detection Using Snorby by Joshua Morin
- Malware Incident Response – Outbreak Scenario by Rajdeep Chakraborty
- TDSS botnet – full disclosure by Andrey Rassokhin and Dmitry Oleksyuk
- When XOR is your friend... by Israel Torres
- Proactive Defenses and Free Tools by Gary S. Miliefsky
Download
An analysis of the spyware threat and how to protect a PC
Julian Evans
Spyware has been around since approximately the mid-late nineties but it wasn’t until the millennium that Zone Labs founder Gregor Freund coined the name Spyware. Spyware can be clearly defined as invasive (monitoring your browser habits through adware and user tracking software) and malicious (installing keyloggers and other spyware related programs). It’s important to distinguish between the definitions but they can clearly overlap or blend as all will become clear.
Electronic Cold War
Matthew Jonkman
We have entered a new era of conflict, an era similar to that of the Cold War. This era will be a new James Bond style period of spying, sabotage, and misinformation but in the cyber realm. It will not nearly be as glamorous as Bond but probably more destabilizing to world politics in the short term.
Deploying & Utilizing Intrusion Detection Using Snorby
Joshua Morin
Snorby is an advanced Snort IDS front-end. Snorby has two basic fundamental pieces, which are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring in enterprise environments or private use.
Malware Incident Response – Outbreak Scenario
Rajdeep Chakraborty
This article applies to Microsoft OS on Intel Platform. With the ongoing threat of the Conficker Virus, which is still hanging like the sword of Damocles, it becomes very important to know and understand, what exactly needs to be done during a possible virus outbreak.
TDSS botnet – full disclosure
Andrey Rassokhin and Dmitry Oleksyuk
What is a botnet? A botnet is not merely an army of infected computers. First of all, a botnet is an externally managed complex structure. While the malware side is studied pretty well in most known botnets, the management side is often underestimated. The latter usually involves hacking and vulnerability exploitation, because server side scripts of a centralized botnet are hidden from public.
When XOR is your friend...
Israel Torres
Using a random enough input stream may sound like outright blasphemy to many if not all reading this; however in this article I will demonstrate when using it makes sense. One of my hobbies include creating crypto challenges where I hide an English message string in a block of numbers and letters. The first challenger that can correctly find what the message exactly states and demonstrate the algorithm used (usually in a programmatic fashion) they win a cash prize. I’ve learned over this year that in the past I had been making it far too difficult...
Proactive Defenses and Free Tools
Gary S. Miliefsky
In this article I will show you where to find some of the best and mostly untapped resources available to improve your personal computer and network security posture – best of all most of them are free. Let’s get started. Remember, to win the cyberwar, you must choose the path least taken by the cybercriminals, or forge a new path into the wild frontier of network security. By selecting less known tools and utilities, gems or diamonds in the rough – I am hoping to give you a fighting chance.
Contacts Us
|
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Thursday, September 30 | | · | H9: New issue available: Email Security, Web Malware, IPv6 |
| Tuesday, August 31 | | · | September issue of Hakin9 magazine: Mobile Malware – the new cyber threat |
| Tuesday, August 03 | | · | Hakin9 August Issue: Securing the cloud |
| Thursday, July 15 | | · | Haking 9 SECURING VOIP July edition available for FREE download |
| Tuesday, June 01 | | · | Hackin9 June Edition FREE Download -- Get it now |
| Sunday, May 16 | | · | Hakin9 Magazine is now FREE -- Get your copy NOW! |
| Saturday, April 24 | | · | Hakin9 Magazine now FREE in Digital Format |
| Thursday, March 04 | | · | Get a FREE copy of the Hakin9 Magazine |
| Tuesday, February 02 | | · | Get FREE copies of Hakin9 Magazines -- PDF Download |
| Thursday, December 03 | | · | Special offers to hakin9 magazine subscription for CCCure members and visitors! |
| Thursday, November 12 | | · | Hakin9 News: Download Article "My ERP Got Hacked. Part II" |
| Thursday, August 06 | | · | Hakin9 News: User Enumeration with Burp Suite - Free Article! |
| Thursday, February 12 | | · | Hakin9 News: Download FREE article on Training - The Security Minefield and VID |
| Wednesday, October 08 | | · | Hakin9 Newsletter |
| Friday, August 22 | | · | Hakin9 Newsletter |
Older Articles
|
[Criptography] DES Modes
