InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 18 min 45 sek zpět

Secure Shipping of Physical Data Carriers to and from a Cloud Service Provider

28 Duben, 2017 - 14:00

A cloud environment is ideally suited to store and analyze large amounts of data. If more storage space, CPU or memory resources are needed, services can usually be upgraded with ease. This situation is likely to occur because data tends to grow over time. This data could, for instance, be a sales database, ingesting logs […]

The post Secure Shipping of Physical Data Carriers to and from a Cloud Service Provider appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Security Weaknesses of Smartphones

28 Duben, 2017 - 01:28

Introduction Our last article started off our series upon the Security weaknesses and vulnerabilities which are found on wireless devices, especially those of Smartphones. As it was discussed, the evolution of computer technology has come a very long way since the first mainframe machines came out in the 1950s and into the 1960s. It has […]

The post The Security Weaknesses of Smartphones appeared first on InfoSec Resources.

Kategorie: Hacking & Security

SonarQube: A Hidden Gem

28 Duben, 2017 - 01:22

SonarQube is an open source quality management software that analyzes and measures the technical quality of project portfolio to a method which essentially means that it helps analyze the quality of our source code. Formerly known as Sonar, it is written in Java but can analyze code for more than 20 different languages such as: […]

The post SonarQube: A Hidden Gem appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Cyber risks for Industrial environments continue to increase

26 Duben, 2017 - 14:00

ICS Attacks continues to increase worldwide Industrial control systems (ICS) are a privileged target of different categories of threat actors. According to IBM Managed Security Services, the number of cyber-attacks increased by 110 percent in 2016 compared to 2015. Researchers observed a significant increase of brute force attacks on supervisory control and data acquisition (SCADA) systems. Figure 1 […]

The post Cyber risks for Industrial environments continue to increase appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Cloud Computing Security: Be Secure Before Moving to Cloud

25 Duben, 2017 - 14:00

Introduction This White Paper describes an approach for creating a secure cloud environment which helps Project Teams to deploy their projects easily in the cloud environment while not compromising the security. The document also takes you through the risks and factors involved in the cloud model and how to treat them. This document is cloud-provider […]

The post Cloud Computing Security: Be Secure Before Moving to Cloud appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top Ten Phishing Scams

25 Duben, 2017 - 14:00

Image taken from CSO Online Dyre Phishing Scam In October 2014, the Dyre, also known as Dyreza, infected more than 20,000 people via phishing campaigns. Dyreza banking malware was able to steal more than $1 million from targeted organizations successfully. The phishing campaign varied from target to target with regards to attachments, themes, payloads and […]

The post Top Ten Phishing Scams appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Shellcode Analysis- Basics

24 Duben, 2017 - 14:00

In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is written and is outside the scope of this article. Shellcode is a sequence of bytes that represent assembly instructions. Please note that they […]

The post Shellcode Analysis- Basics appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Security Weaknesses of Smartphones

24 Duben, 2017 - 14:00

Introduction Back a long time ago, one of the first computers at least came out was known as the “TRS-80”, which was manufactured by Radio Shack at the time. This computer came out in the late 1970s, and at the time, it was heralded to be a breakthrough in computer technology. It could run and […]

The post The Security Weaknesses of Smartphones appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Unhappy Boss

24 Duben, 2017 - 00:52

Large organizations have an added pressure of having so much organizational information publicly available on the Internet. If an attacker has performed due diligence during the planning phase it would be possible they could find organizational information such as employees, roles, and reporting structures – this is especially true for larger companies. This information can […]

The post The Unhappy Boss appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Please Volunteer

23 Duben, 2017 - 00:46

A successful phishing campaign has at least three common denominators, which are accurate target information, successful message delivery, and execution of the malicious intent on the client side. Often time’s phishing is thought of as a user exploit only, but the fact of the matter is that phishing exploitation requires the breakdown of several controls […]

The post Please Volunteer appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Invitation to a Compromise

22 Duben, 2017 - 00:39

It is possible that your organization can be phished by avenues other than email. Social-engineering attacks are part technical but mostly psychological and the more creative the attacker, the better the probability of a successful the attack. A delivery method that isn’t typical but is growing in popularity, as of late is phishing over meeting […]

The post Invitation to a Compromise appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Vendor, Consultant and Contractor Security

21 Duben, 2017 - 16:57

Getting a company to embrace information security on a corporate level requires luck, as you will need to engage upper management and gain their support. With these you will at least be dealing with people bound to follow the same set of rules and corporate policies. Ensuring vendor, consultant and contractor security requires another level […]

The post Vendor, Consultant and Contractor Security appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Domain Fronting

21 Duben, 2017 - 14:00

In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for […]

The post Domain Fronting appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 10 Open-Source Security Tools Released by Tech Giants

21 Duben, 2017 - 14:00

We have always wondered how tech giants have been able to keep their security so tight? Do they use the same tools that are available for the rest of us? Alternatively, they have allocated a small portion of their massive resources dedicated to coming up with something different? Finally, we have our answers. Many tech […]

The post Top 10 Open-Source Security Tools Released by Tech Giants appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Internet Drafts and Security Issues Around a Virtual Private Network Infrastructure

20 Duben, 2017 - 14:00

All of our articles in this series have reviewed what a Virtual Private Network Infrastructure is all about. Essentially, it is simply another layer of Security that a business or a corporation can implement into their existing Information Technology Infrastructure, also known more specifically as a “VPN.” The design of a VPN can either be […]

The post The Internet Drafts and Security Issues Around a Virtual Private Network Infrastructure appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Lynis: Walkthrough

20 Duben, 2017 - 14:00

Lynis is an open-source security audit tool used to check the security of Linux and UNIX based systems. Since it is self-hosted, it performs extensive security scans when compared to other vulnerability scanners. Lynis is a tool released by CISOFY. Lynis works on a variety of UNIX-based systems such as: FreeBSD Linux MacOS OpenBSD NetBSD […]

The post Lynis: Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Administrative Credentials Security Hole

19 Duben, 2017 - 14:00

Did you know that almost anyone with a bit of initiative can break into your systems in minutes – quietly and without leaving a trace? Even when you lock up your servers, apply patches, and use group policies to secure your servers and workstations, it only takes a few minutes for a hacker to gain […]

The post The Administrative Credentials Security Hole appeared first on InfoSec Resources.

Kategorie: Hacking & Security

China’s New Cyber Security Law

19 Duben, 2017 - 14:00

1Section 1. Introduction Regional regulations on data transfers, such as the U.S.-E.U. Privacy Shield framework, have a significant impact on the cross-border moving, use, and protection of personal data. In Asia, one of the major players in the field of ICT, China, is moving towards a more comprehensive regulation of its cyberspace. On 1st of […]

The post China’s New Cyber Security Law appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Memory Forensics: Enumeration

19 Duben, 2017 - 14:00

In Part 1 of this article, we have looked at the memory forensics power during the enumeration of forensically important objects like PROCESS, VAD nodes, MEMORY mapping, etc. In this article we will see memory forensics enumeration of other forensically important objects. DLLS Enumeration from memory DLL’s are used to be shared among processes for […]

The post Memory Forensics: Enumeration appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Security Evaluation Models

18 Duben, 2017 - 21:32

Most organizations these days want their information system to be managed as safely as possible. Security Evaluation is the basic step in achieving this goal for any organization, followed by Assurance and Information Security Certification. Security Evaluation is particularly important because of the rapidly changing environment of the information security system or the operation system. […]

The post Security Evaluation Models appeared first on InfoSec Resources.

Kategorie: Hacking & Security