InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by Infosec
Aktualizace: 8 min 29 sek zpět

Web server protection: Web application firewalls for web server protection

7 Duben, 2020 - 15:02

Introduction Firewalls are an integral part of the tools necessary in securing web servers. In this article, we will discuss all relevant aspects of web application firewalls. We’ll explore a few concepts that touch on these firewalls, both from a compliance and technical point of view, as well as examine a few examples of how […]

The post Web server protection: Web application firewalls for web server protection appeared first on Infosec Resources.

Web server protection: Web application firewalls for web server protection was first posted on April 7, 2020 at 8:02 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Network traffic analysis for IR: Data exfiltration

7 Duben, 2020 - 15:00

Introduction Understanding network behavior is a prerequisite for developing effective incident detection and response capabilities. ESG research has found that 87 percent of companies use Network Traffic Analysis (NTA) tools for threat detection and response capabilities, and 43 percent say that NTA is their first line of defense for that purpose. Network communication is one […]

The post Network traffic analysis for IR: Data exfiltration appeared first on Infosec Resources.

Network traffic analysis for IR: Data exfiltration was first posted on April 7, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hack the Box (HTB) machines walkthrough series — Postman

6 Duben, 2020 - 15:01

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Postman. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple […]

The post Hack the Box (HTB) machines walkthrough series — Postman appeared first on Infosec Resources.

Hack the Box (HTB) machines walkthrough series — Postman was first posted on April 6, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Web server security: Command line-fu for web server protection

6 Duben, 2020 - 15:00

Introduction Adequate web server security requires proper understanding, implementation and use of a variety of different tools. In this article, we will take a look at some command line tools that can be used to manage the security of web servers. The tools reviewed will demonstrate how to perform tasks such as hashing strings in […]

The post Web server security: Command line-fu for web server protection appeared first on Infosec Resources.

Web server security: Command line-fu for web server protection was first posted on April 6, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hack the Box (HTB) machines walkthrough series — JSON

2 Duben, 2020 - 15:01

Today we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named JSON. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple […]

The post Hack the Box (HTB) machines walkthrough series — JSON appeared first on Infosec Resources.

Hack the Box (HTB) machines walkthrough series — JSON was first posted on April 2, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

The state of threats to electric entities: 4 key findings from the 2020 Dragos report

2 Duben, 2020 - 15:00

Introduction In January 2020, industrial cybersecurity firm Dragos released the North American Electric Cyber Threat Perspective, referred to as the Dragos report. This report summarized findings regarding threats and adversaries that focus on critical infrastructure and is intended to be a snapshot of the threat landscape in January 2020 and which is expected to evolve […]

The post The state of threats to electric entities: 4 key findings from the 2020 Dragos report appeared first on Infosec Resources.

The state of threats to electric entities: 4 key findings from the 2020 Dragos report was first posted on April 2, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Cyber Work podcast: Cryptography careers and IoT vulnerabilities with Ted Shorter

1 Duben, 2020 - 16:17

Introduction In this episode of Infosec’s Cyber Work podcast series, host Chris Sienko speaks with Ted Shorter. Ted is co-founder and CTO of Keyfactor, a computer security firm. He has worked in security for over 20 years, with a focus on cryptography, application security, authentication and authorization services, and software vulnerability analysis. His past experience […]

The post Cyber Work podcast: Cryptography careers and IoT vulnerabilities with Ted Shorter appeared first on Infosec Resources.

Cyber Work podcast: Cryptography careers and IoT vulnerabilities with Ted Shorter was first posted on April 1, 2020 at 9:17 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Logical Instructions

31 Březen, 2020 - 16:53

Introduction This article defines logical instructions as executed by x86 processors. It goes on to describe four key classifications of logical instructions in brief. This article is designed for students and professionals who want to gain a detailed understanding of logical instructions, their classifications and how they’re used. Through the use of an 8086 emulator, […]

The post Logical Instructions appeared first on Infosec Resources.

Logical Instructions was first posted on March 31, 2020 at 9:53 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Networking Basics for Reverse Engineers

31 Březen, 2020 - 15:25

Introduction This article will define network reverse engineering, list tools used by reverse engineers for reverse engineering and then highlight the network basics required by such engineers. The article will illustrate, through the lens of an attacker, how to expose the vulnerability of a network protocol and exploit the vulnerability, and then discuss how to […]

The post Networking Basics for Reverse Engineers appeared first on Infosec Resources.

Networking Basics for Reverse Engineers was first posted on March 31, 2020 at 8:25 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

AI and machine learning and their uses in cybersecurity

31 Březen, 2020 - 15:01

Artificial intelligence and machine learning trends Although artificial intelligence and its subfield of machine learning have been applied in cybersecurity for some time, the speed of adoption is now accelerating. As threats evolve and IT environments get more complicated, AI-driven technology shows the potential of addressing new threats and risks that require machine speed rather […]

The post AI and machine learning and their uses in cybersecurity appeared first on Infosec Resources.

AI and machine learning and their uses in cybersecurity was first posted on March 31, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Ethical hacking: SNMP recon

31 Březen, 2020 - 15:00

Introduction In this article, we will discuss the various methods one could take to perform reconnaissance on the SNMP protocol. As you may know, SNMP reveals too much information about targets that might result in attackers compromising a target network. Today, we’ll explore the available tools that one can use to query information on targets. […]

The post Ethical hacking: SNMP recon appeared first on Infosec Resources.

Ethical hacking: SNMP recon was first posted on March 31, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Integer Overflow and Underflow Vulnerabilities

31 Březen, 2020 - 13:47

Introduction to integer overflows and underflows Integer overflow and underflow vulnerabilities are considered the eighth most dangerous vulnerability in the Common Weakness Enumeration (CWE) Top 25 List of 2019. These types of vulnerabilities are created by misuse of variable types and can be exploited to bypass protections against other types of vulnerabilities, like buffer overflows. […]

The post Integer Overflow and Underflow Vulnerabilities appeared first on Infosec Resources.

Integer Overflow and Underflow Vulnerabilities was first posted on March 31, 2020 at 6:47 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Stack Instructions

31 Březen, 2020 - 13:34

Introduction This article will introduce readers to the assembly concepts in relation to the stack. We will discuss basic concepts related to stack and various registers, and the instructions used when working with a stack. We will also see practical examples of how common instructions like PUSH and POP work by using a debugger. What […]

The post Stack Instructions appeared first on Infosec Resources.

Stack Instructions was first posted on March 31, 2020 at 6:34 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to use Protected Folders in Windows 10

30 Březen, 2020 - 17:58

Introduction Ransomware is one of the biggest threats faced by organizations today. After encrypting all files on servers and desktops, ransomware perpetrators demand payment before decrypting what are often business-critical systems and data.  Application whitelisting and the removal of local administrator access from day-to-day user accounts are two of the best ways to prevent the […]

The post How to use Protected Folders in Windows 10 appeared first on Infosec Resources.

How to use Protected Folders in Windows 10 was first posted on March 30, 2020 at 10:58 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Stepping

30 Březen, 2020 - 17:47

Introduction Single-stepping is one of the most powerful features of a debugger, as it allows a reverse engineer to execute a single instruction at a time before returning control to the debugger. This feature comes in handy when one needs to analyze a binary by executing a single instruction or a section of instructions of […]

The post Stepping appeared first on Infosec Resources.

Stepping was first posted on March 30, 2020 at 10:47 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Loops

30 Březen, 2020 - 17:31

Introduction In the previous article, we discussed how if statements can be spotted in the disassembly of a binary. We learned that if conditions are translated to conditional jumps when exploring the disassembly.  In this article, we will explore how for and while loops are translated in assembly. For loops Let us begin by taking […]

The post Loops appeared first on Infosec Resources.

Loops was first posted on March 30, 2020 at 10:31 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How hackers check to see if your website is hackable

30 Březen, 2020 - 15:01

Introduction “Memento mori” is Latin for “Remember that you are mortal.” According to tradition, this phrase was whispered to triumphant Roman military commanders on parades, to remind them they remained fallible humans.  In these times, perhaps the tradition should be updated to whispering “you will be hacked” into the ears of website administrators. This may […]

The post How hackers check to see if your website is hackable appeared first on Infosec Resources.

How hackers check to see if your website is hackable was first posted on March 30, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Ethical hacking: Stealthy network recon techniques

30 Březen, 2020 - 15:00

Introduction In this article, we shall discuss some stealthy reconnaissance techniques that should be employed during a hacking exercise. It’s important to know which scan to use, especially when you are getting blacklisted or having your scan results filtered out.  Many hackers use tools such as nmap without properly understanding what certain switches mean and […]

The post Ethical hacking: Stealthy network recon techniques appeared first on Infosec Resources.

Ethical hacking: Stealthy network recon techniques was first posted on March 30, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to configure VPN in Windows 10

30 Březen, 2020 - 14:20

Introduction This article defines Virtual Private Network (VPN) and the three basic connection types of VPN: remote user, third-party to mask source IP and user activities, and site-to-site-VPN. It also illustrates how remote user VPN is established using in-built Windows 10 VPN client. This article is designed for professionals and self-starters who want to understand […]

The post How to configure VPN in Windows 10 appeared first on Infosec Resources.

How to configure VPN in Windows 10 was first posted on March 30, 2020 at 7:20 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Race Condition Vulnerabilities

27 Březen, 2020 - 14:52

Introduction to race conditions Race condition vulnerabilities are an artifact of parallel processing. The ability to run multiple different execution threads in parallel can create vulnerabilities that would not exist in single-threaded programs. The impact of these vulnerabilities range from exploitable errors to leakage of sensitive information via side effects, like in the Meltdown vulnerability. […]

The post Race Condition Vulnerabilities appeared first on Infosec Resources.

Race Condition Vulnerabilities was first posted on March 27, 2020 at 7:52 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security