1. Secure memory stick by Amit Mishra Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. As both consumers and businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage. [...]

IN BRIEF By Armando Romeo, eLearnSecurity and ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Cloud Security by Gurav Shah There are a number of security issues/concerns associated with cloud computing but these issues [...]

Cisco IOS Rootkits and Malware: A practical guide By Jason Nehrboss Propagating the worm code into a new router can either be quite easy, difficult, or impossible. There are many variations of supported IOS code and hardware platforms. The author discusses the use of and demonstrates an IOS Embedded Event Manager rootkit and worm. When [...]

An Overview on Cloud Forensics By Federico Filacchione There’s not a single law. Preserving the chain of custody means that you’ve to comply with specific laws, regarding a specific country. But in a cloud perspective there’s no single country. A huge network of data centers means a huge network of jurisdictions. So could be very [...]

SQL Injection Testing for Business Purposes by Michael Thumann, Frank Block, Timo Schmid SQL injection attacks have been well known for a long time and many people think that developers should have fixed these issues years ago, but having conducted web application pentests over a long period, we have a slightly different view. Many SQL [...]

What is Cyber War? by Keith DeBus In just a brief fifteen years, our communication, commercial and social lives have been dramatically altered by the development and growth of the Internet. With the convenience and bounty of this medium, has also come a dark side. Just as the famous bank robber, Willy Sutton, once said [...]

Understanding conditionals in shellcode By Craig Wright This article is going to follow from previous articles as well as going into some of the fundamentals that you will need in order to understand the shellcode creation process. In this article, we are looking at extending our knowledge of assembly and shellcoding. This is a precursor [...]

Do It Yourself Data Recovery By Frank Meincke In this article we will cover the basics of what failures one may experience with their hard drives and data, the start-up procedure for the hard drives to better determine what type of failure was experienced, some simple fixes one may do to gain access to their [...]

Mobile Device Security by Prashant Verma A lot of speculations these days are on the mobile devices and the security features they provide. The mobile phone and tablet usage has picked up on account of the numerous benefits, not to mention the comfort at fingertips and that too on the move. The number of free [...]

DNS Cache Poisoning by Jesus Rivero Computers that are able to communicate with each other, do so by means of a network protocol, generally TCP over IP, or just TCP/IP. The IP protocol establishes that every node in the network must have, at least, one IP address for other machines to know where to send [...]

Beyond Automated Tools and Frameworks: the shellcode injection process By Craig Wright Automated frameworks (including Metasploit) have simplified the testing and exploitation process. This of course comes with a price. Many penetration testers have become tool jockeys with little understanding of just how software functions. This script kiddie approach to code testing does have its [...]

Honey Pots – the Sitting Duck on the Network By Jeremiah Brott The purpose of this article is to provide details on what honey pots are, the characteristics of the two types down to the mechanics of how each one works. It will also analyze the benefits and pitfalls to explore multiple uses of a [...]

Data Handling on iOS Devices   With over half a million apps in the App Store, Apple’s trademark slogan “There’s an app for that” is bordering on reality. We use these apps for online banking, social networking and e-mail without really knowing if they’re communicating and storing our personal data securely. With Apple controlling over [...]

IN BRIEF By Armando Romeo, eLearnSecurity and ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. When I’m x64: Bootkit Threat Evolution in 2011 By Aleksandr Matrosov, Eugene Rodionov It’s traditional in security (almost considered [...]

  Starting to Write Your Own Linux Schellcode By Craig Wright We have seen more and more people become reliant on tools such as Metasploit in the last decade. This ability to use these tools has empowered many and has created a rise in the number of people who can research software vulnerabilities. It has [...]

From the Theory of Prime Numbers to Quantum Cryptography by Roberto Saia The typical ‘modus operandi’ of the computer science community is certainly more oriented to pragmatism than to fully understanding what underlies the techniques and tools used. This article will try to fill one of these gaps by showing the close connection between the [...]

The Mobile Wallet and E-Commerce Payment Systems: Ensuring Seamless Security and Mobility by Carla Hough Due to the increase use of smartphone and tablets by consumers, merchants and corporate clients, the banking industry, network companies and retailers are uniquely positioned to offer its customers an array of mobile payment options that will be easy to [...]

IN BRIEF By Schuyler Dorsey, eLearnSecurity i ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Practical Client Side Attacks By Julio Gómez Ortega In a penetration test, it is common not to pay attention [...]

DPA Exploitation and GOTs with Python By Craig Wright If we can write into the GOT, we can effectively redirect the execution flow of a program and allowing ourselves to gain a root shell. This article is a follow-up and second part of a look at format strings in the C and C++ programming languages; [...]

Creating Rouge Access Point by Rishabh Mehta A big issue a few years back had to do with dial-related fraud in Russia. Basically, usernames and passwords to dial accounts were being bought and sold on the black market and the owners of the stolen credentials were being hit with enormous usage charges. In actuality, this [...]