Beyond Automated Tools and Frameworks: the shellcode injection process By Craig Wright Automated frameworks (including Metasploit) have simplified the testing and exploitation process. This of course comes with a price. Many penetration testers have become tool jockeys with little understanding of just how software functions. This script kiddie approach to code testing does have its [...]

Honey Pots – the Sitting Duck on the Network By Jeremiah Brott The purpose of this article is to provide details on what honey pots are, the characteristics of the two types down to the mechanics of how each one works. It will also analyze the benefits and pitfalls to explore multiple uses of a [...]

Data Handling on iOS Devices   With over half a million apps in the App Store, Apple’s trademark slogan “There’s an app for that” is bordering on reality. We use these apps for online banking, social networking and e-mail without really knowing if they’re communicating and storing our personal data securely. With Apple controlling over [...]

IN BRIEF By Armando Romeo, eLearnSecurity and ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. When I’m x64: Bootkit Threat Evolution in 2011 By Aleksandr Matrosov, Eugene Rodionov It’s traditional in security (almost considered [...]

  Starting to Write Your Own Linux Schellcode By Craig Wright We have seen more and more people become reliant on tools such as Metasploit in the last decade. This ability to use these tools has empowered many and has created a rise in the number of people who can research software vulnerabilities. It has [...]

From the Theory of Prime Numbers to Quantum Cryptography by Roberto Saia The typical ‘modus operandi’ of the computer science community is certainly more oriented to pragmatism than to fully understanding what underlies the techniques and tools used. This article will try to fill one of these gaps by showing the close connection between the [...]

The Mobile Wallet and E-Commerce Payment Systems: Ensuring Seamless Security and Mobility by Carla Hough Due to the increase use of smartphone and tablets by consumers, merchants and corporate clients, the banking industry, network companies and retailers are uniquely positioned to offer its customers an array of mobile payment options that will be easy to [...]

IN BRIEF By Schuyler Dorsey, eLearnSecurity i ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Practical Client Side Attacks By Julio Gómez Ortega In a penetration test, it is common not to pay attention [...]

DPA Exploitation and GOTs with Python By Craig Wright If we can write into the GOT, we can effectively redirect the execution flow of a program and allowing ourselves to gain a root shell. This article is a follow-up and second part of a look at format strings in the C and C++ programming languages; [...]

Creating Rouge Access Point by Rishabh Mehta A big issue a few years back had to do with dial-related fraud in Russia. Basically, usernames and passwords to dial accounts were being bought and sold on the black market and the owners of the stolen credentials were being hit with enormous usage charges. In actuality, this [...]

Android Insecurities by Joey Peloquin The article will begin with a focus on what the author calls Offensive Mobile Forensics, an analysis technique that mimics the approach an attacker would take in the event they acquired a lost or stolen device. Readers will notice some stark differences between iOS and Android analysis. Next, the author [...]

Latest News From IT Security World By Armando Romeo, eLearnSecurity and ID Theft Protect Duqu: The Precursor Stuxnet Attack By Rebecca Wynn Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors, or those that have access to the Stuxnet source code, and the recovered samples have [...]

DOWNLOAD FOR FREE! Inside this issue you will find articles on anti-spam, email filtering and archiving. You will also get familiar with Roaring Penguin’s producs, sources of company creation and its founder itself. CONTENTS: March of the Roaring Penguin By Sophia Li Founded about a dozen years ago as a consulting firm in Ottawa, Ontario, [...]

Malware Analisys for Windows Systems Administrators Using Sysinternal Tools By Dennis Distler Today administrators deal with malware infections almost daily. Often malware is customized for specific organizations, departments in an organization, and even individuals in the organization. This type of malware typically is not identified by anti-virus products, and it is up to the administrator [...]

Rootkits Hidden in Hardware of PC by Anibal Sacco Let’s think like an attacker for a second. There are multiple applications dedicated to find malicious code both in user and in kernel space. So new places have to be found to deploy your code while keeping it stealthy. TDSS aka TDL – Chronology by Eugene [...]

Latest News From IT Security World By Schuyler Dorsey, eLearnSecurity i ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Secure Log Server With Rsyslog By Leonardo Neves Bernardo This article will discuss how to [...]

Cracking Java Applications Using AOP Exploits (part 2) By Daniel Drozdzewski AOP has been used in the domain of Software Security before. Its use was mainly for validation, auditing and authorization purposes, which in turn improve software security as a whole. Those crosscutting concerns are being woven into the existing software after the fully functional [...]

A study of a Botnet creation process and the impact of a DDoS attack against a web server by Stavros N. Shaeles and Ioannis D. Psaroudakis Over the following paragraphs we are going to describe in steps, the procedure of setting up a botnet in order to execute our DDoS attack. The purpose of building [...]

In Brief By Schuyler Dorsey, eLearnSecurity i ID Theft Protect As usual specialists from companies eLearn Security and ID Theft protect will share with us latest news from IT security world. Read it to up-date yourself. Hacking Tools on iOS By Alexandre Lacan One day I was asked if the iPhone is a good phone. [...]

CONTENT: Cracking Java Applications Using AOP exploits (part 1) By Daniel Drozdzewski Aspect Oriented Programming is a paradigm that aims to modularise software further by the separation of crosscutting concerns. Daniel will show us the basics of AOP and a simple, yet powerful idea behind the exploit. Smashing the Stack By Mariano Graxziano and Marco [...]