Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points. This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make).
As one of the top cyber crime ploys impacting both consumers and businesses, phishing has remained a consistently potent threat over the past several years. In fact, the cumulative number of phishing attacks recorded in 2011 represented a 37 percent increase over 2010.
I've spent some time trawling through masses of Android App Sauce lately and I thought I'd share some quick tips and tricks that can help you uncover some critical vulnerabilities. In this post I'll discuss some basic bash scripting that pin points code being either in Java or Jasmin/Smali form.
IT governance is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives. The need for formal corporate and IT governance practices across U.S. organizations was fueled by the enactment of laws and regulations, including the Gramm–Leach–Bliley Act (GLBA) and the Sarbanes-Oxley Act, in the 1990 and early 2000s that resulted from the fallout from several high-profile corporate fraud and deception cases.
In the last few years the IT industry has crossed the chasm and cloud adoption no longer looks like an exotic proposition. This is as profound a paradigm shift as the Internet transformation appeared to be two decades ago, and it is driving an equally powerful change in the way we must evaluate the threat landscape. In 2017, we see a consolidation of threats in the very topmost layers of the computing model. The shift suggests that new approaches and fresh thinking will be required for busine...
In this tutorial we will actually crack a WPA handshake file using dictionary attack. Our tool of choice for this tutorial will be aircrack-ng. We will not bother about the speed of various tools in this post. However, in the next post, we will compare various CPU and GPU algorithms for WPA hash cracking. I'd like to add that I already know the password of the network so I'll simply put it into the dictionary that I'm using.
In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure the
Over the past week, around 200,000 systems are believed to have been hacked by wannacry ransomware. Let's start with some background first, and then move into the details
A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requ...
We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.