InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 53 min 8 sek zpět

Web Application Pentest Guide Part-I

22 Červen, 2017 - 14:00

In this article, we are going to pentest a web application which was developed by HP for scanner evaluation purpose. We will be demonstrating the complete process of a basic web application pentest from requirement collection to reporting. These are following steps we are going to follow: Requirement Collection Information Gathering URL Discovery Automated Scanner […]

The post Web Application Pentest Guide Part-I appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Ew! Skuzzy CTF Walkthrough

21 Červen, 2017 - 14:00

In my last article, we exploited a vulnerable machine from the vulnhub.com. That article must have given you some idea about hacking a machine without having much knowledge about it. In this article, we will complete another CTF named “Ew! Skuzzy” from vulnhub.com. As per the description given by the author on the VulnHub.com, the […]

The post Ew! Skuzzy CTF Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

SAP Mobile Infrastructure Security

21 Červen, 2017 - 14:00

SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the world. Therefore, its product portfolio includes solutions that allow mobile users to interact with business applications such as those based on ABAP, Java or HANA platforms. In this article, you will […]

The post SAP Mobile Infrastructure Security appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Which Malware are Specifically Designed to Target ISC Systems?

20 Červen, 2017 - 14:00

Introduction – ICS malware, a rarity in the threat landscape At the end of May, security experts discovered a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0. The flaw has been promptly fixed by the maintainers of the project. The vulnerability, tracked as CVE-2017-7494, can be exploited by an attacker […]

The post Which Malware are Specifically Designed to Target ISC Systems? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Hazards of Identity Theft

19 Červen, 2017 - 14:00

Scenario: You buckle down each day to bring home the bacon and bolster yourself as well as your family. You know how to keep your credit clean so you can appreciate the advantages of that diligent work. What happens, however, when you discover that somebody has used your name to get a MasterCard and has […]

The post Hazards of Identity Theft appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Big Data Discrimination

16 Červen, 2017 - 14:00

Introduced in 1997, the term “Big Data” has grown in popularity in the past years. Credit: IBM-Big-Data-Definitions by DigitalRalph / (CC BY 2.0) 53% of HR departments include Big Data in their strategic decisions; 71% use it to facilitate the sourcing, recruitment or selection of candidates; and 61% employ it to manage talent and performance. […]

The post Big Data Discrimination appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Troll 2 exploitation walkthrough

15 Červen, 2017 - 23:39

This write-up will walk you through an exploitation of Troll 2 a boot2root VM; the challenge is designed my Maleus. You can download the VM from the following link https://www.vulnhub.com/entry/tr0ll-2,107/ Lab set up: Open VMware > Edit >” Virtual Network Editor.” Click on “Add Network” and add any 1 Network example VMnet02 Select VMnet2 and […]

The post Troll 2 exploitation walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

NAC-Hacking – Bypassing Network Access Control

15 Červen, 2017 - 23:37

Conducting internal network penetration tests is always fun. There are vulnerabilities that easily help me to get to “keys of the kingdom” i.e. domain admin. However, I had hit a wall when a client refused to whitelist my device on their NAC. It was this time where I had to think out-of-the-box first to get […]

The post NAC-Hacking – Bypassing Network Access Control appeared first on InfoSec Resources.

Kategorie: Hacking & Security

How Much Physical Security is Enough?

14 Červen, 2017 - 14:00

When it comes to security, physical security is something which either takes a back seat or is not dealt with expertise. Though there are a lot of solutions present in the market for physical security, but choosing the right option is a task. A detailed analysis is required to determine the correct controls, correct implementation, […]

The post How Much Physical Security is Enough? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Kvasir 1 VM Walkthrough

14 Červen, 2017 - 14:00

Kvasir 1 is a vulnerable VM hosted by vulnhub.com. Rasta Mouse created the challenge. It can be downloaded from the URL https://www.vulnhub.com/entry/kvasir-i,106/ It has Linux operating system that has Virtual Machine OVA format. Environment: Attacker Machine is Kali Linux 192.168.44.136 Victim Kvasir 192.168.44.129 When you start the Kvasir VM it will look something as follows: […]

The post Kvasir 1 VM Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Security Awareness Implications of the 2017 Verizon Data Breach Report

13 Červen, 2017 - 22:05

Each year, Verizon publishes a report that highlights data breach and incident trends from the previous year. This report offers significant insight into not just the types of threats organizations face today, but who perpetrates breaches, the tactics used and, perhaps most importantly, the reason organizations find themselves at risk in the first place. Sadly, […]

The post Security Awareness Implications of the 2017 Verizon Data Breach Report appeared first on InfoSec Resources.

Kategorie: Hacking & Security

More Bypassing of Malware Anti-Analysis Techniques

13 Červen, 2017 - 14:00

For last few articles, we have seen how malware employs some anti-analysis techniques and how we can bypass those techniques. Now, let’s raise the bar a bit more and look out for more advanced anti-analysis techniques. In this article, we will look at how we can reach the Original Entry Point of a packed Exe […]

The post More Bypassing of Malware Anti-Analysis Techniques appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Learning Pentesting with Metasploitable3 – Part 2

13 Červen, 2017 - 14:00

Introduction: This is the second part in this series of articles on Learning Pentesting with Metasploitable3. We have prepared our lab setup in our previous article. This article shows the Information Gathering techniques that are typically used during Penetration Testing by using Metasploitable3 VM. This phase is crucial during a penetration test as we will […]

The post Learning Pentesting with Metasploitable3 – Part 2 appeared first on InfoSec Resources.

Kategorie: Hacking & Security

NetFlow Data Collection in Cloud Systems

12 Červen, 2017 - 14:00

The value of NetFlow Within a network, connectivity is everything, but within a secure network, visibility is also everything. NetFlow data can provide both these requirements. NetFlow is a Cisco proprietary technology which allows for the collection of metadata generated by the traffic (flow) within a network. This metadata is invaluable for capacity planning of […]

The post NetFlow Data Collection in Cloud Systems appeared first on InfoSec Resources.

Kategorie: Hacking & Security

SambaCry: Hundreds of thousands of Linux systems exposed to a campaign that delivers cryptocurrency miner

12 Červen, 2017 - 14:00

CVE-2017-7494 – A Samba seven-year-old remote code execution vulnerability At the end of May, security experts discovered a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0. The flaw has been promptly fixed by the maintainers of the project. The vulnerability, tracked as CVE-2017-7494, can be exploited by an attacker to […]

The post SambaCry: Hundreds of thousands of Linux systems exposed to a campaign that delivers cryptocurrency miner appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Importance of Physical Security in the Workplace

9 Červen, 2017 - 14:00

Physical Security in Detail Protecting important data, confidential information, networks, software, equipment, facilities, company’s assets, and personnel is what physical security is about. There are two factors by which the security can be affected. First attack by nature like a flood, fire, power fluctuation, etc. Though the information will not be misused, it is very […]

The post The Importance of Physical Security in the Workplace appeared first on InfoSec Resources.

Kategorie: Hacking & Security

How to Protect Your Right to Personal Identity in the Digital Era

8 Červen, 2017 - 21:37

As stated by the FBI’s Internet Crime Complaint Center (IC3), identity theft “occurs when someone appropriates another’s personal information without their knowledge to commit theft or fraud.” Identity theft is not a new occurrence. From biblical times people impersonate other people. The magnitude of identity theft nowadays, however, is astounding. Javelin Strategy & Research reported […]

The post How to Protect Your Right to Personal Identity in the Digital Era appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Pluck: 1 CTF Walkthrough

8 Červen, 2017 - 14:00

Pluck: 1 is a vulnerable machine created by Ryan Oberto. It surfaced on VulnHub on 11th March 2017. It can be downloaded from https://www.vulnhub.com/entry/pluck-1,178/ The file can be used with VMWare as well as VirtualBox. The machine is Linux based. The objective is to read the flag present in the machine with root privileges. Downloaded […]

The post Pluck: 1 CTF Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 7 Tips to Secure Your Passwords

7 Červen, 2017 - 14:00

In our current world where technology is finding its way into all aspects of our life, it is important to understand how to properly protect yourself online to be sure all your accounts are secure. Hackers can use a variety of techniques to launch a cyber attack your way: Buffer Overflow- Using specialized code to […]

The post Top 7 Tips to Secure Your Passwords appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Malware Anti-Analysis Techniques-TLS and Process Hallowing

7 Červen, 2017 - 14:00

In continuation to previous articles, this article will also show a more sophisticated approach used by malware to thwart anti-analysis techniques. Let’s start the analysis of sampleTLS.exe As soon as I load the sample into OllyDBG for debugging, it is in paused state, but when I look into process hacker, there is an instance already […]

The post Malware Anti-Analysis Techniques-TLS and Process Hallowing appeared first on InfoSec Resources.

Kategorie: Hacking & Security