InfoSec Institute Resources
A cloud environment is ideally suited to store and analyze large amounts of data. If more storage space, CPU or memory resources are needed, services can usually be upgraded with ease. This situation is likely to occur because data tends to grow over time. This data could, for instance, be a sales database, ingesting logs […]
The post Secure Shipping of Physical Data Carriers to and from a Cloud Service Provider appeared first on InfoSec Resources.
Introduction Our last article started off our series upon the Security weaknesses and vulnerabilities which are found on wireless devices, especially those of Smartphones. As it was discussed, the evolution of computer technology has come a very long way since the first mainframe machines came out in the 1950s and into the 1960s. It has […]
SonarQube is an open source quality management software that analyzes and measures the technical quality of project portfolio to a method which essentially means that it helps analyze the quality of our source code. Formerly known as Sonar, it is written in Java but can analyze code for more than 20 different languages such as: […]
ICS Attacks continues to increase worldwide Industrial control systems (ICS) are a privileged target of different categories of threat actors. According to IBM Managed Security Services, the number of cyber-attacks increased by 110 percent in 2016 compared to 2015. Researchers observed a significant increase of brute force attacks on supervisory control and data acquisition (SCADA) systems. Figure 1 […]
The post Cyber risks for Industrial environments continue to increase appeared first on InfoSec Resources.
Introduction This White Paper describes an approach for creating a secure cloud environment which helps Project Teams to deploy their projects easily in the cloud environment while not compromising the security. The document also takes you through the risks and factors involved in the cloud model and how to treat them. This document is cloud-provider […]
The post Cloud Computing Security: Be Secure Before Moving to Cloud appeared first on InfoSec Resources.
Image taken from CSO Online Dyre Phishing Scam In October 2014, the Dyre, also known as Dyreza, infected more than 20,000 people via phishing campaigns. Dyreza banking malware was able to steal more than $1 million from targeted organizations successfully. The phishing campaign varied from target to target with regards to attachments, themes, payloads and […]
In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is written and is outside the scope of this article. Shellcode is a sequence of bytes that represent assembly instructions. Please note that they […]
Introduction Back a long time ago, one of the first computers at least came out was known as the “TRS-80”, which was manufactured by Radio Shack at the time. This computer came out in the late 1970s, and at the time, it was heralded to be a breakthrough in computer technology. It could run and […]
Large organizations have an added pressure of having so much organizational information publicly available on the Internet. If an attacker has performed due diligence during the planning phase it would be possible they could find organizational information such as employees, roles, and reporting structures – this is especially true for larger companies. This information can […]
A successful phishing campaign has at least three common denominators, which are accurate target information, successful message delivery, and execution of the malicious intent on the client side. Often time’s phishing is thought of as a user exploit only, but the fact of the matter is that phishing exploitation requires the breakdown of several controls […]
It is possible that your organization can be phished by avenues other than email. Social-engineering attacks are part technical but mostly psychological and the more creative the attacker, the better the probability of a successful the attack. A delivery method that isn’t typical but is growing in popularity, as of late is phishing over meeting […]
Getting a company to embrace information security on a corporate level requires luck, as you will need to engage upper management and gain their support. With these you will at least be dealing with people bound to follow the same set of rules and corporate policies. Ensuring vendor, consultant and contractor security requires another level […]
In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for […]
We have always wondered how tech giants have been able to keep their security so tight? Do they use the same tools that are available for the rest of us? Alternatively, they have allocated a small portion of their massive resources dedicated to coming up with something different? Finally, we have our answers. Many tech […]
The post Top 10 Open-Source Security Tools Released by Tech Giants appeared first on InfoSec Resources.
All of our articles in this series have reviewed what a Virtual Private Network Infrastructure is all about. Essentially, it is simply another layer of Security that a business or a corporation can implement into their existing Information Technology Infrastructure, also known more specifically as a “VPN.” The design of a VPN can either be […]
The post The Internet Drafts and Security Issues Around a Virtual Private Network Infrastructure appeared first on InfoSec Resources.
Lynis is an open-source security audit tool used to check the security of Linux and UNIX based systems. Since it is self-hosted, it performs extensive security scans when compared to other vulnerability scanners. Lynis is a tool released by CISOFY. Lynis works on a variety of UNIX-based systems such as: FreeBSD Linux MacOS OpenBSD NetBSD […]
Did you know that almost anyone with a bit of initiative can break into your systems in minutes – quietly and without leaving a trace? Even when you lock up your servers, apply patches, and use group policies to secure your servers and workstations, it only takes a few minutes for a hacker to gain […]
1Section 1. Introduction Regional regulations on data transfers, such as the U.S.-E.U. Privacy Shield framework, have a significant impact on the cross-border moving, use, and protection of personal data. In Asia, one of the major players in the field of ICT, China, is moving towards a more comprehensive regulation of its cyberspace. On 1st of […]
In Part 1 of this article, we have looked at the memory forensics power during the enumeration of forensically important objects like PROCESS, VAD nodes, MEMORY mapping, etc. In this article we will see memory forensics enumeration of other forensically important objects. DLLS Enumeration from memory DLL’s are used to be shared among processes for […]
Most organizations these days want their information system to be managed as safely as possible. Security Evaluation is the basic step in achieving this goal for any organization, followed by Assurance and Information Security Certification. Security Evaluation is particularly important because of the rapidly changing environment of the information security system or the operation system. […]