Kategorie

In Part 1 of this article series, we discussed Information Security Management, or ISM. This second installment will cover the implementation and monitoring of security controls, including logical access controls, remote access controls, network security, controls/detection tools against information system attacks, security testing techniques and controls that prevent data leakage. Implementation and Monitoring of Security […]

The post Best Practices for the Protection of Information Assets, Part 2 appeared first on InfoSec Resources.

Best Practices for the Protection of Information Assets, Part 2 was first posted on August 8, 2018 at 1:21 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Rather than eliminating bugs, the idea is to add large numbers of non-exploitable bugs to software as decoys to waste cyber-criminals' time.

Today we’ll be continuing with our series on Vulnhub virtual machine exercises. In this article, we will see a walkthrough of an interesting Vulnhub machine called Vulnix. Note: For all of these machines, I have used the VMware workstation to provision the virtual machines (VMs). Kali Linux VM will be my attacking box. And please […]

The post Vulnhub Machines Walkthrough Series – Vulnix appeared first on InfoSec Resources.

Vulnhub Machines Walkthrough Series – Vulnix was first posted on August 8, 2018 at 1:10 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction This article series will discuss best practices for the protection of information assets, drawing from a wide array of sources. These articles are intended to be equally useful for a person studying for the CISA or any other reader interested in information security. This first part, “Information Security Management (ISM),” will predominantly cover security […]

The post Best Practices for the Protection of Information Assets, Part 1 appeared first on InfoSec Resources.

Best Practices for the Protection of Information Assets, Part 1 was first posted on August 8, 2018 at 1:02 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Vectra’s 2018 Spotlight Report found that attackers can easily spy, spread and steal information, largely unhindered by the insufficient internal access controls that are in place.

A chunk of Snapchat's source code that wasn't meant to be public just popped up on GitHub. Will this harm security?

WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations. Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a loophole in WhatsApp's security

Facebook says to banks: tell us who your customers are, and we'll get them talking to you in Messenger.

Boot camp certifies professionals with knowledge and skills to develop and sustain successful security awareness training programs InfoSec Institute, the leading provider of IT security education and workforce security awareness training solutions, today launched its Certified Security Awareness Practitioner (CSAP) boot camp. The course is the first of its kind to certify professionals with the […]

The post InfoSec Institute Launches Industry’s First Security Awareness Practitioner Certification appeared first on InfoSec Resources.

InfoSec Institute Launches Industry’s First Security Awareness Practitioner Certification was first posted on August 8, 2018 at 9:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

A Black Hat talk demonstrates the ease of poking holes in firewalls: How to break, bypass and dismantle macOS firewall products.

A new study argues that bogging black hats down in fake flaws might be better approach to security.

The glitch stems from a functionality intended to allow updates to the UEFI firmware.

As Black Hat's keynote kicks off today, Threatpost pinpoints the most popular trends of the conference with enSilo's CEO.

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description "Source Code for SnapChat," publishing the code of

LinuxSecurity.com: The vast majority of IT decision makers appear to believe the hype surrounding artificial intelligence as a means to enhance cybersecurity.

LinuxSecurity.com: Highly sensitive data on over 2.3 million Mexican patients has been exposed via a misconfigured MongoDB installation.

The whole cryptocurrency and blockchain craze has attracted both fans and critics of the new tech, but the flip side is that it has lured cybercrooks, too. After Bitcoin prices reached the mind-blowing point of $20,000, malicious players got busy looking for weak links in the blockchain. The bad news for regular users is that […]

The post Blockchain Vulnerabilities: Imperfections of the Perfect System appeared first on InfoSec Resources.

Blockchain Vulnerabilities: Imperfections of the Perfect System was first posted on August 7, 2018 at 6:00 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Part 3: Functions and Scripting with PowerShell Introduction The more we advance in our articles, the more we notice the power of PowerShell, and that impression will only increase as we move forward. In this article, we will try to focus on Scripting and Functions with PowerShell. Functions with PowerShell As we’ve seen for all […]

The post PowerShell for Pentesters appeared first on InfoSec Resources.

PowerShell for Pentesters was first posted on August 7, 2018 at 5:30 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Ethereum smart contracts, according to the platform’s official web page, “run exactly as programmed without any possibility of downtime, censorship, fraud or third-party interference.” That sounds good, but is it true? In this article, I examine whether things are actually so nice and neat by dissecting some issues encountered by smart-contract users. In the final […]

The post Smart Contracts as a Threat to a Blockchain Startup’s Security appeared first on InfoSec Resources.

Smart Contracts as a Threat to a Blockchain Startup’s Security was first posted on August 7, 2018 at 5:00 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

In the last article in this series, we have seen what Virtual Machine Introspection is and how it works in general. Now, in this article, we’ll see how we can set up VMI and what tools to use. What is LibVMI? LibVMI is a library written in C which allows users to set up an […]

The post Virtual Machine Introspection in Malware Analysis – LibVMI appeared first on InfoSec Resources.

Virtual Machine Introspection in Malware Analysis – LibVMI was first posted on August 7, 2018 at 4:30 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com