Beyond Automated Tools and Frameworks: the shellcode injection process By Craig Wright Automated frameworks (including Metasploit) have simplified the testing and exploitation process. This of course comes with a price. Many penetration testers have become tool jockeys with little understanding of just how software functions. This script kiddie approach to code testing does have its [...]

Honey Pots – the Sitting Duck on the Network By Jeremiah Brott The purpose of this article is to provide details on what honey pots are, the characteristics of the two types down to the mechanics of how each one works. It will also analyze the benefits and pitfalls to explore multiple uses of a [...]

Data Handling on iOS Devices   With over half a million apps in the App Store, Apple’s trademark slogan “There’s an app for that” is bordering on reality. We use these apps for online banking, social networking and e-mail without really knowing if they’re communicating and storing our personal data securely. With Apple controlling over [...]

IN BRIEF By Armando Romeo, eLearnSecurity and ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. When I’m x64: Bootkit Threat Evolution in 2011 By Aleksandr Matrosov, Eugene Rodionov It’s traditional in security (almost considered [...]

  Starting to Write Your Own Linux Schellcode By Craig Wright We have seen more and more people become reliant on tools such as Metasploit in the last decade. This ability to use these tools has empowered many and has created a rise in the number of people who can research software vulnerabilities. It has [...]

From the Theory of Prime Numbers to Quantum Cryptography by Roberto Saia The typical ‘modus operandi’ of the computer science community is certainly more oriented to pragmatism than to fully understanding what underlies the techniques and tools used. This article will try to fill one of these gaps by showing the close connection between the [...]

The Mobile Wallet and E-Commerce Payment Systems: Ensuring Seamless Security and Mobility by Carla Hough Due to the increase use of smartphone and tablets by consumers, merchants and corporate clients, the banking industry, network companies and retailers are uniquely positioned to offer its customers an array of mobile payment options that will be easy to [...]

IN BRIEF By Schuyler Dorsey, eLearnSecurity i ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Practical Client Side Attacks By Julio Gómez Ortega In a penetration test, it is common not to pay attention [...]

DPA Exploitation and GOTs with Python By Craig Wright If we can write into the GOT, we can effectively redirect the execution flow of a program and allowing ourselves to gain a root shell. This article is a follow-up and second part of a look at format strings in the C and C++ programming languages; [...]

Creating Rouge Access Point by Rishabh Mehta A big issue a few years back had to do with dial-related fraud in Russia. Basically, usernames and passwords to dial accounts were being bought and sold on the black market and the owners of the stolen credentials were being hit with enormous usage charges. In actuality, this [...]