InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by Infosec
Aktualizace: 1 týden 4 dny zpět

Format String Vulnerabilities: Use and Definitions

30 Září, 2020 - 17:29

Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes […]

The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.

Format String Vulnerabilities: Use and Definitions was first posted on September 30, 2020 at 10:29 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Average CCNA salary 2020

30 Září, 2020 - 16:12

Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install, configure, manage and support small- to medium-sized networks.  A study by CompTIA found that 47% of SMBs see the IT skills gap growing. This IT skills gap is […]

The post Average CCNA salary 2020 appeared first on Infosec Resources.

Average CCNA salary 2020 was first posted on September 30, 2020 at 9:12 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to exploit Format String Vulnerabilities

30 Září, 2020 - 15:28

Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where […]

The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.

How to exploit Format String Vulnerabilities was first posted on September 30, 2020 at 8:28 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Copy-paste compromises

30 Září, 2020 - 15:05

Copy-paste compromises: Introduction and overview Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste compromise that we’ll discuss today, malicious actors use open-source or publicly available exploit code, web shells and other tools to gain information. Recently, Australia has revealed […]

The post Copy-paste compromises appeared first on Infosec Resources.

Copy-paste compromises was first posted on September 30, 2020 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https

30 Září, 2020 - 15:03

Introduction to Lockphish Phishing attacks are a common tactic for gaining initial access to a system. If an attacker can convince their target to hand over their login credentials or install and execute malware on their machine, this provides an attacker with a foothold that can be used to expand their access and achieve their […]

The post Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https appeared first on Infosec Resources.

Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https was first posted on September 30, 2020 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Fuzzing introduction: Definition, types and tools for cybersecurity pros

30 Září, 2020 - 15:01

Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application is not a matter of simply exploiting a specific point of an application, but also acquiring knowledge and potential crashes that could be explored in-depth through the implementation of crafted payloads […]

The post Fuzzing introduction: Definition, types and tools for cybersecurity pros appeared first on Infosec Resources.

Fuzzing introduction: Definition, types and tools for cybersecurity pros was first posted on September 30, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Format String Vulnerabilities Exploitation Case Study

29 Září, 2020 - 21:55

Introduction: In the previous article of this series, we discussed how format string vulnerabilities can be exploited. This article provides a case study of how format string vulnerabilities can be used to exploit serious vulnerabilities such as Buffer Overflows. We will begin by understanding what stack canaries are and then we will exploit a Buffer […]

The post Format String Vulnerabilities Exploitation Case Study appeared first on Infosec Resources.

Format String Vulnerabilities Exploitation Case Study was first posted on September 29, 2020 at 2:55 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to mitigate Format String Vulnerabilities

29 Září, 2020 - 21:46

Introduction: This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers & operating systems, we will also discuss preventive measures that can be used while writing programs in languages susceptible to Format String vulnerabilities.  Techniques to prevent […]

The post How to mitigate Format String Vulnerabilities appeared first on Infosec Resources.

How to mitigate Format String Vulnerabilities was first posted on September 29, 2020 at 2:46 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications

29 Září, 2020 - 21:14

Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy to compromise and manipulate. Security (and privacy) by design is key for IoT, and probably the only effective way for a smart gadget to protect its communications is […]

The post IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications appeared first on Infosec Resources.

IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications was first posted on September 29, 2020 at 2:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

IoT Security Fundamentals: IoT vs OT (Operational Technology)

29 Září, 2020 - 20:59

Introduction: Knowing the Notions  Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This article will focus predominantly on the consumer Internet of Things (IoT) and how it relates to Operational Technology (OT). Operational Technology (OT) is a term that defines a specific category of […]

The post IoT Security Fundamentals: IoT vs OT (Operational Technology) appeared first on Infosec Resources.

IoT Security Fundamentals: IoT vs OT (Operational Technology) was first posted on September 29, 2020 at 1:59 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Public-Key Cryptography in Blockchain

29 Září, 2020 - 19:25

How public-key cryptography works Public-key or asymmetric cryptography is one of the two main types of encryption algorithms. Its names come from the fact that it uses two different encryption keys: a public one and a private one. Public and private keys The private key used in public-key cryptography is a random number with certain […]

The post Public-Key Cryptography in Blockchain appeared first on Infosec Resources.

Public-Key Cryptography in Blockchain was first posted on September 29, 2020 at 12:25 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hash Functions in Blockchain

29 Září, 2020 - 18:16

Introduction to hash functions Hash functions are one of the most extensively-used cryptographic algorithms in blockchain technology. They are cryptographic (but not encryption) algorithms that are designed to protect data integrity. In a nutshell, a hash algorithm is a mathematical function that transforms any input into a fixed size output. To be cryptographically secure — […]

The post Hash Functions in Blockchain appeared first on Infosec Resources.

Hash Functions in Blockchain was first posted on September 29, 2020 at 11:16 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Blockchain Structure

29 Září, 2020 - 17:55

Introduction The blockchain gets its name from its underlying structure. The blockchain is organized as a series of “blocks” that are “chained” together. Understanding blockchain security requires understanding how the blockchain is put together. This requires knowing what the blocks and chains of blockchain are and why they are designed the way that they are. […]

The post Blockchain Structure appeared first on Infosec Resources.

Blockchain Structure was first posted on September 29, 2020 at 10:55 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Average CCNP salary 2020

29 Září, 2020 - 16:59

Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification […]

The post Average CCNP salary 2020 appeared first on Infosec Resources.

Average CCNP salary 2020 was first posted on September 29, 2020 at 9:59 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CCNA certification prep: Network fundamentals [updated 2020]

29 Září, 2020 - 15:33

What percentage of the exam focuses on network fundamentals? The network fundamentals section is 20% of the CCNA 200-301’s topics. It’s neither the largest nor the smallest. The fact that the percentage increased from 15% in the previous version indicates that Cisco has emphasized the importance of having a strong base in this topic, on […]

The post CCNA certification prep: Network fundamentals [updated 2020] appeared first on Infosec Resources.

CCNA certification prep: Network fundamentals [updated 2020] was first posted on September 29, 2020 at 8:33 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hack the Box (HTB) Machines Walkthrough Series – Traceback

29 Září, 2020 - 15:07

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Traceback. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple […]

The post Hack the Box (HTB) Machines Walkthrough Series – Traceback appeared first on Infosec Resources.

Hack the Box (HTB) Machines Walkthrough Series – Traceback was first posted on September 29, 2020 at 8:07 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Breached passwords: The most frequently used and compromised passwords of the year

29 Září, 2020 - 15:05

Introduction Passwords should be secret, so why do so many people wind up using the same popular passwords? The truth is, no one sets out to choose a password that is dangerously common or insecure. Instead, they most likely don’t realize the risk of using a common password or don’t know how to create — […]

The post Breached passwords: The most frequently used and compromised passwords of the year appeared first on Infosec Resources.

Breached passwords: The most frequently used and compromised passwords of the year was first posted on September 29, 2020 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

The business value of CompTIA CySA+ employee certification

29 Září, 2020 - 15:03

Introduction The cybersecurity threat landscape is rapidly evolving, and cybercriminals are becoming more sophisticated. Traditional threat detection techniques that rely on signature-based threat detection are no longer effective. In fact, signature-based antivirus systems were only capable of detecting and blocking half of malware in the last quarter of 2019. Anomaly-based detection enables the detection of […]

The post The business value of CompTIA CySA+ employee certification appeared first on Infosec Resources.

The business value of CompTIA CySA+ employee certification was first posted on September 29, 2020 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Tech companies, privacy and vulnerabilities: How much transparency is enough?

28 Září, 2020 - 15:05

Views and opinions published in this article are intended to foster productive thought and discussion around challenges in the cybersecurity industry. Views expressed in this article do not necessarily represent the views of Infosec.    Introduction In late June 2020, a story was published by Vice’s Motherboard technology investigative platform with a revelation that sent […]

The post Tech companies, privacy and vulnerabilities: How much transparency is enough? appeared first on Infosec Resources.

Tech companies, privacy and vulnerabilities: How much transparency is enough? was first posted on September 28, 2020 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Hacking Microsoft Teams vulnerabilities: A step-by-step guide

28 Září, 2020 - 15:03

Introduction We are living in an era where technology is part of our lives and a primary valuable resource for personal and professional tasks. The use of online videoconference platforms such as Zoom and Microsoft Teams has exploded in recent months, due in large part to the COVID-19 pandemic situation. This article provides a detailed […]

The post Hacking Microsoft Teams vulnerabilities: A step-by-step guide appeared first on Infosec Resources.

Hacking Microsoft Teams vulnerabilities: A step-by-step guide was first posted on September 28, 2020 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security