InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 56 min 59 sek zpět

Web Application Pentest Guide Part-II

27 Červen, 2017 - 19:24

In last part of the article we have discussed the process of Requirement Collection, Information gathering and URL discovery now we will discuss the other steps. Automated Scanner Configuration: Scanner configuration is one of the most critical parts of the process. If anything goes wrong, then we might be hampering customer’s application, and now we […]

The post Web Application Pentest Guide Part-II appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Which OpenVPN fixed several remotely exploitable flaws that were not detected by recent audits

27 Červen, 2017 - 18:51

OpenVPN is an open-source software application that implements virtual private network (VPN), it is used for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. OpenVPN uses a custom security protocol that leverages SSL/TLS for key exchange; it is one of the most popular VPN solutions for protecting anonymity while surfing the Internet. This […]

The post Which OpenVPN fixed several remotely exploitable flaws that were not detected by recent audits appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: Browser Security Features

26 Červen, 2017 - 21:56

For a common internet user, a web browser is one of the regularly used programs on the computer. Web browsers were once only used for displaying text documents, but have now transformed into multi-purpose tools. We can now search for information, view and edit documents, view videos and make use of many more features. But […]

The post Anti-Phishing: Browser Security Features appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 16 Anti-Phishing Resources

26 Červen, 2017 - 19:56

Phishing has become increasingly prevalent in spite of the increasing awareness of the average technology user. Wombat Security’s official report indicates that the number of phishing attacks has been rising for the past half-decade; surveys revealed that organizations bore around 22 percent compromised accounts, 42 percent malware infections, and around 4 percent loss of data […]

The post Top 16 Anti-Phishing Resources appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Overview of Global and National Anti-Phishing Initiatives

26 Červen, 2017 - 19:33

Phishing is an international problem that continues to grow rapidly. Basically speaking, a “phishing” attempt is when a hacker or criminal sends an email, text message, or voice communication, pretending to be someone they are not. This communication will have a link or attachment, and when clicked, takes the unsuspecting victim to a phony website […]

The post Overview of Global and National Anti-Phishing Initiatives appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Exploiting Protostar – Heap Levels 0-2

26 Červen, 2017 - 14:00

In this article, we will be solving Heap Levels of Protostar. We will be mainly focusing at how and why of Heap Buffer overflows. Introduction: Heap memory can be viewed as another memory region. Heap memory is allocated via different memory allocators such as dlmalloc, jemalloc, ptmalloc, etc. In this article, we will be looking […]

The post Exploiting Protostar – Heap Levels 0-2 appeared first on InfoSec Resources.

Kategorie: Hacking & Security

US Regions Most Vulnerable to a Cyber Attack

26 Červen, 2017 - 14:00

1. Introduction In December 2016, the Identity Theft Resource Center published a report indicating the top 10 cyber-risk vulnerable U.S. regions. The ten regions (ordered from high to low level of vulnerability) are as follows: (i) Washington, D.C.; (ii) California; (iii) Florida; (iv) Massachusetts; (v) Nevada; (vi) Illinois; (vii) Texas; (viii) Michigan; (ix) Missouri; and […]

The post US Regions Most Vulnerable to a Cyber Attack appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: C-Level Support for Phishing Awareness Training

26 Červen, 2017 - 00:03

It is becoming harder and harder to detect phishing attempts. These attempts are becoming more and more sophisticated, meaning even an experienced user can fall prey to the phishing traps set. Despite these facts, many high ranking executives are still refusing to implement some type of phishing training. They may not see the potential benefits, […]

The post Anti-Phishing: C-Level Support for Phishing Awareness Training appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: Use Policies – Best Practices for Internet and Email

25 Červen, 2017 - 23:59

An Internet usage policy is no longer something that organizations can consider operating without. It’s of pivotal importance to lay out the guidelines and the instructions for employees to follow whenever they are using company devices. Some companies enforce very strict policies while others like to give employees some liberty. A good usage policy will […]

The post Anti-Phishing: Use Policies – Best Practices for Internet and Email appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: Measuring Phishing Awareness Training Effectiveness

25 Červen, 2017 - 23:38

Do you train your employees to understand what phishing is, what it looks like and what to do if they realize they’ve been targeted? As you’re about to find out, you better be doing all three. Phishing is a scam that is growing in terms of numbers and sophistication. However, aside from training your people […]

The post Anti-Phishing: Measuring Phishing Awareness Training Effectiveness appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: Factors to Consider When Planning, Developing and Implementing Phishing Awareness Training

25 Červen, 2017 - 23:10

Phishing as Part of Security Awareness Training Security awareness training is very broad in scope, but essentially it amounts to creating a formalized environment for familiarizing and educating employees about proper procedures for protecting a company from intrusion and theft. Properly designed, it should ensure that all workers understand corporate policies and procedures for using […]

The post Anti-Phishing: Factors to Consider When Planning, Developing and Implementing Phishing Awareness Training appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Anti-Phishing: The Importance of Phishing Awareness Training

25 Červen, 2017 - 22:37

Of all the precautions you need to take to keep your company afloat, planning for phishing attacks may be the most important by far. Phishing has become a widespread problem across every industry because this type of scam is extremely easy to pull off. Just about anyone can do it as long as they have […]

The post Anti-Phishing: The Importance of Phishing Awareness Training appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Introduction to Anti-Phishing

23 Červen, 2017 - 00:56

Throughout the course of your day, think about all the clicking you do with your mouse. You click again and again while opening a never-ending stream of emails. You click to open links in those emails. You click on links within those links. The list goes on and on. We do it so often, it […]

The post Introduction to Anti-Phishing appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Web Application Pentest Guide Part-I

22 Červen, 2017 - 14:00

In this article, we are going to pentest a web application which was developed by HP for scanner evaluation purpose. We will be demonstrating the complete process of a basic web application pentest from requirement collection to reporting. These are following steps we are going to follow: Requirement Collection Information Gathering URL Discovery Automated Scanner […]

The post Web Application Pentest Guide Part-I appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Ew! Skuzzy CTF Walkthrough

21 Červen, 2017 - 14:00

In my last article, we exploited a vulnerable machine from the vulnhub.com. That article must have given you some idea about hacking a machine without having much knowledge about it. In this article, we will complete another CTF named “Ew! Skuzzy” from vulnhub.com. As per the description given by the author on the VulnHub.com, the […]

The post Ew! Skuzzy CTF Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

SAP Mobile Infrastructure Security

21 Červen, 2017 - 14:00

SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the world. Therefore, its product portfolio includes solutions that allow mobile users to interact with business applications such as those based on ABAP, Java or HANA platforms. In this article, you will […]

The post SAP Mobile Infrastructure Security appeared first on InfoSec Resources.

Kategorie: Hacking & Security

ISSMP Training

20 Červen, 2017 - 18:52

This four-day ISSMP training course will help you dive into the work of Information Systems Security Management. This course is for those who have already completed their CISSP certification. This is taught by instructors who have more than ten years of experience in the field of information assurance. Many of them have worked for the […]

The post ISSMP Training appeared first on InfoSec Resources.

Kategorie: Hacking & Security

ISSAP Training

20 Červen, 2017 - 18:28

The Information Systems Security Architecture Professional certification program places an emphasis on managing security programs and teaches the ins and outs of security architecture. This course is heavily focused on the technical aspects of security architecture and it is a requirement that you already have your CISSP in order to be eligible. This 4 day […]

The post ISSAP Training appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Which Malware are Specifically Designed to Target ISC Systems?

20 Červen, 2017 - 14:00

Introduction – ICS malware, a rarity in the threat landscape At the end of May, security experts discovered a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0. The flaw has been promptly fixed by the maintainers of the project. The vulnerability, tracked as CVE-2017-7494, can be exploited by an attacker […]

The post Which Malware are Specifically Designed to Target ISC Systems? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Hazards of Identity Theft

19 Červen, 2017 - 14:00

Scenario: You buckle down each day to bring home the bacon and bolster yourself as well as your family. You know how to keep your credit clean so you can appreciate the advantages of that diligent work. What happens, however, when you discover that somebody has used your name to get a MasterCard and has […]

The post Hazards of Identity Theft appeared first on InfoSec Resources.

Kategorie: Hacking & Security