InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 56 min 18 sek zpět

Launching Shellcode from Cat Pictures

24 Březen, 2017 - 14:00

We all know the internet loves cats! I was thinking of how we can combine cats and malware. Then, it struck me! I occasionally see a particular method of code execution which includes some executable file and an image. Usually, I will see that the program will download the image file and then convert it […]

The post Launching Shellcode from Cat Pictures appeared first on InfoSec Resources.

Kategorie: Hacking & Security

MASSCAN – Scan the Internet in minutes

24 Březen, 2017 - 14:00

Scanning is a really important part of any penetration testing. It gives us more information about our target which leads to narrowing the scope of the attack. I am sure most of us are familiar with Nmap, the most famous port scanner available. Masscan produces the same results as Nmap and in a much faster […]

The post MASSCAN – Scan the Internet in minutes appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Components of Top Security Awareness Programs

23 Březen, 2017 - 14:00

A good security awareness program is a great way to inform personnel on any kind of malicious activity targeting an enterprise’s use of cyberspace. It is crucial that organizations’ staff be wary of common fraud schemes, especially those targeting them rather than technical components of the infrastructure. Preparing staff to discover phishing or other types […]

The post The Components of Top Security Awareness Programs appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Mobile, Smartphone & BYOD

23 Březen, 2017 - 14:00

Owing to the development of mobile devices, people nowadays are overwhelmed by tons of information on the go. Curiously, despite being distracted by this constant flow of information, people are so mesmerized by it that they cannot break free from this lifestyle. Modern life is fast-paced and being mobile is the norm today. Mobile technology […]

The post Mobile, Smartphone & BYOD appeared first on InfoSec Resources.

Kategorie: Hacking & Security

More PowerShell Remoting Artifacts

22 Březen, 2017 - 14:00

In Part 1 of this series, we looked at PowerShell remoting artifacts under various Event IDs and ways to gather more information from those events and relate it to the investigation context. In this part, we will take a look at some other interesting artifacts like registry settings, prefetch files, networking artifacts, memory artifacts, etc. […]

The post More PowerShell Remoting Artifacts appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Deeper Dropper Analysis

22 Březen, 2017 - 14:00

In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. Also, notice that the previously allocated “Mem” memory chunk is used here. typedef struct {     DWORD Unk01;     LPVOID […]

The post Deeper Dropper Analysis appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Advanced Technical Review of VPN Infrastructure Impacts

21 Březen, 2017 - 14:00

Introduction As it was reviewed in the last article, the procurement and deployment of a Virtual Private Network Infrastructure can be a complex task. In fact, it can lie on either extreme; it can be very small implementation or a very large one. This is largely dependent upon the size of the business or the […]

The post Advanced Technical Review of VPN Infrastructure Impacts appeared first on InfoSec Resources.

Kategorie: Hacking & Security

RanRan and PetrWrap Threats: Political and Criminal Abuses in the Ransomware Landscape

21 Březen, 2017 - 14:00

Ransomware continues to be one of the most profitable cyber threats, for this reason, every week we see strains of malware in the wild with new features. The stories that I am going to tell you demonstrates that these threats could be abused by threat actors with quite different motivations, from the political to the financial one. […]

The post RanRan and PetrWrap Threats: Political and Criminal Abuses in the Ransomware Landscape appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Security Awareness for Kids: Tips for Safe Internet Use

20 Březen, 2017 - 14:00

The Internet plays an integral part in a child’s life at home, in schools, libraries and wherever they spend their free time. Though computers and mobile devices that connect to the Internet can be beneficial for learning, enhance social relations and keep young users connected to their loved ones, they can also be a source […]

The post Security Awareness for Kids: Tips for Safe Internet Use appeared first on InfoSec Resources.

Kategorie: Hacking & Security

RIPS – Finding vulnerabilities in PHP application

20 Březen, 2017 - 14:00

The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python). Out of which, the most frequently used language […]

The post RIPS – Finding vulnerabilities in PHP application appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Mimikatz: Walkthrough

18 Březen, 2017 - 00:00

Security researchers have been obsessed with Windows security since the beginning of time. Various tools have been released over the years which try to weaken the security/bypass it in some way or the other. Mimikatz is a tool written in `C` as an attempt to play with Windows security. Its primary function is to gather […]

The post Mimikatz: Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Maltego: Making sense of data

17 Březen, 2017 - 14:00

Information gathering has always been a crucial part of any penetration testing. The more information we have, the more likely we will be able to use that against the system to exploit it. Paterva, a South Africa-based company, is responsible for the development and release of Maltego. The first GUI version was launched way back […]

The post Maltego: Making sense of data appeared first on InfoSec Resources.

Kategorie: Hacking & Security

The Technical Impacts of a Virtual Private Network

16 Březen, 2017 - 14:00

Introduction In today’s world, the pace of technological change is happening at a very fast pace. For instance, back in the 1980’s, whoever thought that Smartphones would ever exist? For that matter, in those times, the term was not even conjured up then. People just assumed that the traditional landline phone would still remain (and […]

The post The Technical Impacts of a Virtual Private Network appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Code Review of Node.Js Applications: Uncommon Flaws

16 Březen, 2017 - 14:00

This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. Following are the list of vulnerabilities we are going to cover in this course: Global Namespace Pollution Cross Site Scripting Insecure […]

The post Code Review of Node.Js Applications: Uncommon Flaws appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PowerShell Remoting Artifacts: An Introduction

15 Březen, 2017 - 14:00

Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain. This article series will focus on different types of artifacts like network traffic, memory artifacts, registry […]

The post PowerShell Remoting Artifacts: An Introduction appeared first on InfoSec Resources.

Kategorie: Hacking & Security

An Introduction to Penetration Testing Node.js Applications

15 Březen, 2017 - 14:00

In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. Introduction Node.js is a server-side language built on the top of google chrome’s v8 engine. It uses event-driven non-blocking I/O which makes it a perfect candidate for data-intensive applications. It runs on […]

The post An Introduction to Penetration Testing Node.js Applications appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Ursnif Malware

15 Březen, 2017 - 00:39

These days, along with the unforeseen climatic conditions, several unpredictable malware campaigns are also occurring across the connected world. Mostly Offenders are relying on spam email and associated malicious macros, to drop and infect the targeted victims with other atrocious malware. Studies show 95% of successful security attacks are created by Human mistakes! Security sensitive entities […]

The post Ursnif Malware appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 5 Web Application Security Scanners of 2017

14 Březen, 2017 - 14:00

Web application plays an important role in an organization and possesses a great impact and gateway to organization’s critical information. However, hackers always look ahead to breach into corporate information and application to steal confidential and critical information. For that, organizations need a web application scanning solution that can scan for security loopholes in Web-based […]

The post Top 5 Web Application Security Scanners of 2017 appeared first on InfoSec Resources.

Kategorie: Hacking & Security

WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community

13 Březen, 2017 - 15:00

WikiLeaks “Vault 7” data dump The WikiLeaks organization obtained thousands of files allegedly originating from a high-security network of the U.S. Central Intelligence Agency (CIA). The huge trove of data, called “Vault 7,” sheds light on the hacking capabilities of the US Intelligence Agency and provided details about its spying infrastructure used for the massive […]

The post WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Dropper Analysis

13 Březen, 2017 - 14:00

Avatar was first detected by ESET circulating in the wild in early 2013 [1]. However, no samples were collected for analysis until May of the same year. ESET published two analysis reports on the botnet and its main modules and described it as “mysterious” [1] [2]. If you happen to be interested in understanding how […]

The post Dropper Analysis appeared first on InfoSec Resources.

Kategorie: Hacking & Security