Welcome to SecurityDocs

A collection of 7,815 IT security white papers, carefully curated by professionals like yourself

Certified Ethical Hacker - Part 2 - Footprinting and Reconnaissance

by Riazul H. Rozen Oct. 22, 2017

Footprinting is the science of gathering information on a target’s network system. It allows the attacker be privy to certain kinds of sensitive information, which in essence narrows down the area of attack for the hackers. Footprinting if pulled of correctly can cause huge financial losses for the target organization

How Critical Security Controls Can Help Signaling System No. 7 (SS7)

by Hassan Mourad Oct. 4, 2017

For decades, the security of one of the fundamental protocols in telecommunications networks, Signaling System No. 7 (SS7), has been solely based on the mutual trust between the interconnecting operators. Operators relied on their trust in other operators to play by the rules, and the SS7 network has been regarded as a closed trusted network. This notion of trust and security has recently changed after several security researchers announced major vulnerabilities in the SS7 protocol that threa...

MIPS Malware Analysis

by Muhammad Junaid Bohio Oct. 3, 2017

Malware functionalities have been evolving and so are their target platforms and architectures. Non-PC appliances of different architectures have not traditionally been frequent targets of malware. However, many of those appliances, due to their enhanced processing power and/or low maintenance, provide ideal targets for malware. Moreover, due to the lack of security for home routers, they often remain infected until replaced, thereby providing longer persistence for a malware. Recently, there...

A Handbook for Incident Handling

by Patrick Kral Oct. 14, 2017

One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc (Bejtlich, 2005). The scope of this document is limited to the six phases of the incident handling process ("Incident handling step-­‐by-­‐step," 2011) and providing the basic informa...

Machine Learning enabled attacks

by Saman Abbad Oct. 11, 2017

In today’s Internet age Cybersecurity is a huge issue which has resulted in creating a domain which includes a number of different challenges. In around 2004 the global cybersecurity market was worth $3.5 billion & by the end of 2017 it will be worth $120 billion. Data security was & will remain important for different organizations forever hence it’s a field which is under constant evolution, it’s like a game of cat & mouse where the hackers are always busy trying to find new ways to break i...

Is Blockchain Really Safe?

by Saman Abbad Oct. 11, 2017

The blockchain is one of the most innovative technical innovation of current times used for cryptocurrencies like Bitcoin, since it stands as proof of all the transactions on the network. A block is the current part of a block chain which records some or all of the recent transactions, and once completed goes into the block chain as permanent database. A block chain is a public record of all bitcoin transactions that have ever been performed. A block is the current part of a block chain which...

Certified Ethical Hacker - Part 1- Introduction to Ethical Hacking

by Riazul H. Rozen Oct. 8, 2017

Ethical hacking is the legal breaching of an organizations defence system, for the sole purpose of finding and fixing security loopholes. Ethical hacking, is still hacking nonetheless and there are some rules/laws governing this activity.

Network Intrusion Detection and Prevention Deployment Strategies

by Nicholas Pappas Oct. 4, 2017

Information systems are more capable today than ever before. Society increasingly relies on computing environments ranging from simple home networks, commonly attached to high speed Internet connections, to the largest enterprise networks spanning the entire globe. Filling one's tax return, shopping online, banking online, or even reading news headlines posted on the Internet are all so convenient. This increased reliance and convenience, coupled with the fact that attacks are concurrently be...

Making Jenkins CI Systems More Secure

by Allen Jeng Oct. 4, 2017

With over 100,000 active installations worldwide, Jenkins became the top choice for continuous integration and automation. A survey conducted by Cloudbees during the 2012 Jenkins Users Conference concluded that 83% of the respondents consider Jenkins to be mission critical. The November 2015 remotely exploitable Java deserialization vulnerability stresses the need to lock down and monitor Jenkins systems. Exploitation of this weakness enables hackers to gain access to critical assets such as ...

Digital Forensics of the Bitcoin Cryptocurrency

by Michael Doran Oct. 4, 2017

The increased use of cryptocurrencies such as Bitcoin among private users and some businesses has opened a new avenue of research in the field of digital forensics involving cryptocurrencies. Since the creation of Bitcoin in 2008, cryptocurrencies have begun to make a presence in the world of ecommerce. Cryptography serves as the underlying foundation for Bitcoin, which gives it the benefits of confidentiality, integrity, nonrepudiation and authentication. Having been designed and built upon ...

How to Find an Advanced Persistent Adversary

by Fayyaz Rajpari Oct. 4, 2017

The Advanced Persistent Threat is a commonly used term by security practitioners all over the world. Many believe these threats are in the form of hidden backdoors, stealthy credential stealers, and other crafty hacking tools. This is partially true, but it is a small component of the Advanced Persistent Threat. This generic term would be better described by the term, Advanced Persistent Adversary. It is the actor or groups behind these tools that are the real problem. Preventative secur...

Law Enforcement and the use of Artificial Intelligence (AI)

by John Wulff Oct. 4, 2017

After the 9/11 terrorist attacks against the United States, law enforcement, and intelligence communities began efforts to combine their talents and information gathering assets to create an efficient method for sharing data. The central focus of these cooperative efforts for information dissemination was State Fusion Centers, tasked with collecting data from several database sources and distributing that information to various agencies. This vast amount of intelligence data eventually overwh...

Analyzing pcap with Linux

by Travis Green Oct. 4, 2017

Tools to analyze network traffic can be expensive, complicated, and may require preparation before an investigation begins. By leveraging tools easily available in every Linux distribution (and often in UNIX/Mac OS X) combined with Tcpdump to analyze network traffic, you can determine the make-­‐up of the network traffic in question find the most active hosts and protocols, search for oddities, and determine the most efficient next step of your investigation. Using this method, you are able t...

Using Static Analysis to Harden Open Source Intrusion Detection Systems (IDS)

by Jeff Sass Oct. 3, 2017

When deploying an open source Intrusion Detection System (IDS) into a network, it is critical to harden it against attackers. An IDS is designed to detect attacks instead of inadvertently enabling them. One approach to assist in this effort is to use static code analysis on the source code of the IDS. This paper details how to use Coverity’s static analysis tools on the Security Onion distribution to find security vulnerabilities. A look at Coverity’s security code checkers, with a focus towa...

Next Generation Firewalls Leveraging Intrusion Detection & Response

by Ahmed Abdel-Aziz Oct. 2, 2017

This paper will address a recent trend in network security, which is leveraging next-generation firewalls (NGFW) at the network perimeter. The paper will demonstrate how this relatively new type of firewall technology can be used in intrusion detection, analysis and response. The focus will mainly be on Fortinet technology as one of the leading vendors in that space. By writing this paper, I wish to benefit the security community by sharing useful knowledge and techniques related to NGFWs. No...

IT Guidance for Your Legal Team

by Brad Ruppert Oct. 2, 2017

This paper will discuss how an Information Security team should interface with their legal team to ensure both groups remain focused on what they do best. Working with the legal team can often be a drawn-out, overly documented process which might be simplified if they had the right tools and training to gather the information themselves. In today’s world e-discovery is a huge component when dealing with any type of litigation so it would be of everyone’s benefit that the tool used to col...

Cyberspace: America’s New Battleground

by Maxwell Chi Oct. 1, 2017

There is a global war going on. It is a war being waged not with bombs and missiles but with bytes and keystrokes. As with other global wars, like World War II and the Global War on Terror, the United States was slow at first to respond to the threat, but then quickly ramped up and began devoting resources to prevent future attacks and launch counterstrikes. Also, as with other wars, the protective measures proposed and instituted at home have raised some thorny legal and privacy issues. This...

Architecture for Secure Industrial Control Systems

by Luciana Obregon Oct. 1, 2017

Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to interconnected systems that leverage existing communication platforms and protocols to increase productivity, reduce operational costs and further improve an organization’s support model. ICS are responsible for a vast amount of critical processes necessitating organizations to adequately secure their infrastructure. Creating strong boundaries between business and process control networks can reduce the n...

Reverse Deception Used by Advanced Persistent Threats

by Mary W Sept. 30, 2017

The art of deception has been in use since ancient times to achieve objectives on the battlefield, on the negotiating table, and in business. Deception has also been used as a source of assurance in helping businesses to protect themselves from cyber security threats and increase their ability to respond to unexpected. Reverse deception refers to any strategy used by information security experts or organizations in deceiving an adversary by gaining a competitive advantage over the adversary...

Post Exploitation using Metasploit pivot and port forward

by David J. Dodd Sept. 30, 2017

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework Includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. A very nice feature in Metasplolt is the ability to pivot through a Meterpreter session to the network on the other side. This tutorial walks you through how this is don...


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.