Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Hardening The Linux Kernel With Grsecurity (Debian)

Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points. This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make).

1 comment www.howtoforge.com

Fraud Alert: Phishing — The Latest Tactics and Potential Business Impacts – Phishing White Paper

As one of the top cyber crime ploys impacting both consumers and businesses, phishing has remained a consistently potent threat over the past several years. In fact, the cumulative number of phishing attacks recorded in 2011 represented a 37 percent increase over 2010.

1 comment www.symantec.com Detection & Response

Grepping for Glory : using grep to uncover Android Application Level Vulns

by Keith Makan

I've spent some time trawling through masses of Android App Sauce lately and I thought I'd share some quick tips and tricks that can help you uncover some critical vulnerabilities. In this post I'll discuss some basic bash scripting that pin points code being either in Java or Jasmin/Smali form.

1 comment blog.k3170makan.com

What is IT governance? A formal way to align IT & business strategy

by Kim Lindros

IT governance is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives. The need for formal corporate and IT governance practices across U.S. organizations was fueled by the enactment of laws and regulations, including the Gramm–Leach–Bliley Act (GLBA) and the Sarbanes-Oxley Act, in the 1990 and early 2000s that resulted from the fallout from several high-profile corporate fraud and deception cases.

1 comment www.cio.com

Cloud Security Report

In the last few years the IT industry has crossed the chasm and cloud adoption no longer looks like an exotic proposition. This is as profound a paradigm shift as the Internet transformation appeared to be two decades ago, and it is driving an equally powerful change in the way we must evaluate the threat landscape. In 2017, we see a consolidation of threats in the very topmost layers of the computing model. The shift suggests that new approaches and fresh thinking will be required for busine...

1 comment www.alertlogic.com

WPA/WPA2 cracking using Dictionary attack with Aircrack-ng

by Shashwat Chaudhary

In this tutorial we will actually crack a WPA handshake file using dictionary attack. Our tool of choice for this tutorial will be aircrack-ng. We will not bother about the speed of various tools in this post. However, in the next post, we will compare various CPU and GPU algorithms for WPA hash cracking. I'd like to add that I already know the password of the network so I'll simply put it into the dictionary that I'm using.

1 comment www.kalitutorials.net Pen Testing & Audits

Suricata,Snorby and Barnyard2 set up guide

This is a detailed "How to guide" for setting up Suricata with Snorby and Barnyard2. In this particular set up we are using Suricata, Snorby, and Barnyard2.

1 comment redmine.openinfosecfoundation.org

Writing syslog messages to MySQL

by Rainer Gerhards

In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure the

2 comments 7 minute read Apps & Hardening

Trojans and RansomWare explained in light of WannaCry RansomWare

by Shashwat Chaudhary

Over the past week, around 200,000 systems are believed to have been hacked by wannacry ransomware. Let's start with some background first, and then move into the details

1 comment www.kalitutorials.net

Even Faster Blind SQL injection methods

by Keith Makan

A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requ...

1 comment blog.k3170makan.com Pen Testing & Audits


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.