You are here: Home Articles

Articles inside the category: Articles

Written By :
on : Wednesday, 15 Jun, 2011

Ask the Social Engineer: Exploitation of the Human OS – The Human Buffer Overflow

Total domination is the goal for a penetration tester in every pentest – To utterly hack the company and demonstrate their true exposure to malicious attacks. Obtaining code execution is the easiest and most direct way to reach this goal. Social Engineering professionals are no different. by Chris
Tagged with: , , , , ,
Written By :
on : Wednesday, 15 Jun, 2011

From Fuzz To Sploit

By now everyone has heard of buffer overflows and a lot have been hearing about it for the last 15+ years. Through this time period there have been many techniques evolved both to combat vulnerabilities as well as persist attack and exploitation. As security is most often most thought of as an afterthought it is of no surprise that systems of all flavors (and their users of all sizes) can still be dropped to its knees by such a fundamental attack. by Israel
Tagged with: , , ,
Written By :
on : Wednesday, 15 Jun, 2011

Exploit Kits – Cybercrime Made Easy

The playing field for cybercrime has changed. It has become wide open. Many of the top attack exploit toolkits are now free! Symantec released its 2010 Symantec Internet Security Threat Report the first week in April 2011. Their executive summary
Written By :
on : Wednesday, 15 Jun, 2011

Software Exploitation: Development Flaw or Malicious Intent

It’s been said that lazy programmers make good programmers. Yet, it’s hard to understand why laziness would be considered one of the virtues of a good programmer let alone a virtue at all. By this point – however – I’m
Written By :
on : Wednesday, 15 Jun, 2011

The Top 25 Software Vulnerabilities and How to Avoid Them

Top 25 Most Dangerous Software Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will
Written By :
on : Wednesday, 15 Jun, 2011

Why Is Password Protection a Fallacy – a Point of View?

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
Written By :
on : Thursday, 2 Jun, 2011

A Hole in Your Access Control!

A couple of days ago I was called out to a do a security audit on a company’s internal network security and its access control. The audit was asked to be done on a specific day that the company chose.The
Written By :
on : Thursday, 2 Jun, 2011

PSN Hack: Where Risk Management and Reality Collide

There have been many column inches dedicated to the PlayStation Network, which was taken offline following a breach. It has been a high-profile incident and has left Sony management red-faced with many questions thrown at them – not all of
Written By :
on : Thursday, 2 Jun, 2011

Obscuring the Truth

Veiled in a world of pseudo-randomized padded nulls lies the answer in plain sight, laughing at you mockingly. It’s really only a matter of connecting the dots… Or is it? Can the answer be shielded better by simply adding more
Written By :
on : Thursday, 2 Jun, 2011

Attacking, Authentication, and Access Control

As part of a growing trend where people utilize more services on-line, we rely more and more on entering our data into what we trust as being secure web-forms. Has it ever crossed our minds while we enter our information
Written By :
on : Thursday, 2 Jun, 2011

Access Control: Lock-down Your Network

If most of the threats are coming from the inside, what are you doing about it? According to US-CERT (United States Computer Emergency Readiness Team), 95% of downtime and IT related compliance issues are a direct result of an exploit
Written By :
on : Thursday, 2 Jun, 2011

Flexible Access Online: ASP.NET’s Access Control for the Web

The web was not built to remember users between trips to the server. In fact, the stateless nature of the HTTP forgets anything outside of the immediate Request traveling to the Server or Response going to the Browser. All memory
You are here: Home Articles