It’s that time of the year again folks when security experts release the most...
Raspberry Pi Hacking
By Jeremiah Brott
Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – sais the author. The Raspberry Pi is a credit-card sized computer
that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.
Malware, Botnet and Cyber Threats, What Is Happening To The Cyberspace?
By Pierluigi Paganini
The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.
By Sergey Scherbel
When you do penetration testing, the server under examination often seems quite harmless for the first sight: it runs the latest versions of a web application and other services. But you still have to
find vulnerabilities in them, so everything should be inspected. For example, if the server runs a third-party PHP version, everything can prove more serious. There are a number of third-party PHP versions currently in use. All of them were created to increase the performance and functionality
of the language. A third-party PHP version increases the average operating speed of the application
up to 5 times, which is definitely a lot. This is a result of cross compilation.
Network Pen Testing Breaking the Corporate Network through Hackers Perspective
By Amar Wakharkar
The article discusses about performing network penetration testing on the corporate network using grey box approach and exploiting the vulnerabilities from hackers perspective. This article concentrates majorly on usage of NMap, Nessus, Metasploit for network penetration testing.
By Wong Chon Kit
The devastating method which also known as SQL injection, many people say they know what it
is all about. But how many of them are practicing on securing their server? What exactly is SQL injection? It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language (SQL)queries that an application passes to a back-end
database which could potential leak all the sensitive information such as credit card, phone number
Windows 8 Security in Action
By Dan Dieterle
Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands
up to the most common internet based threats.
Intel SMEP Overview and Bypass on Windows 8
By Artem Shikhin
With a new generation of Intel processors based on the Ivy Bridge architecture a new security feature has been introduced. It is called SMEP which stands for “Supervisor Mode Execution Prevention”. Basically it prevents execution of a code located on a user-mode page at a CPL = 0. From an attacker’s point of view this feature significantly complicates an exploitation of kernel-mode vulnerabilities because there’s just no place for a shellcode to be storedThis paper provides an overview of a new hardware security feature introduced by Intel and covers its support on Windows 8. Among the other common features it complicates vulnerability exploitation on a target system. But if these features are not properly configured all of them may become useless. This paper demonstrates a security flaw on x86 version of Windows 8 leading to a bypass of the SMEP security feature.
Android Application Assessment
By Nilesh Kumar
This article discusses about the steps involved in performing security assessment of an Android based application. We will see use of various tools and methodologies. There are various other
methods and tools but steps are very common in nature. You will look at the matter from both, the Black Box Approach and the White Box Approach.
Live Capture Procedures
By Craig Wright
Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.