Recent Posts
Information Security Short Takes
Return To Blog Listing
Information Security and ICT Strategy Analysis and Tutorials
Recent Posts Tagged With 'penetration testing'
Nessus vs Retina - Vulnerability Scanning Tools Evaluation
We have mentioned our favorite vulnerability scanning tools in this blog. But a lot of time has passed since, so it is time to put these tools against each other and evaluate the quality of the results received when scanning the same target.UPDATE: A...
5 biggest mistakes of information security
Does your information security implementation suffer from mistakes in approach? Everyone is focused on information security, and security is a constant addition into every corporate mission statement. And yet in nearly every security implementation t...
5 biggest mistakes of information security
Does your information security implementation suffer from mistakes in approach? Everyone is focused on information security, and security is a constant addition into every corporate mission statement. And yet in nearly every security implementation t...
3 Things no book about hacking will ever tell you
There are tons of books which 'teach' you on how to become a hacker. Some boast to make you a hacker in XX number of days, or brag about being authored by the greatest experts in the field, or some other commercial mumbo-jumbo.But is there any great ...
3 Things no book about hacking will ever tell you
There are tons of books which 'teach' you on how to become a hacker. Some boast to make you a hacker in XX number of days, or brag about being authored by the greatest experts in the field, or some other commercial mumbo-jumbo.But is there any great ...
Creating BackTrack4 Pentest Virtual Machine
BackTrack4 is an excellent Penetration Testing Distro, but in the LiveCD version it is quite crippled:There is no possibility to install additional softwareThere is no possibility to create custom scriptsAll attacks need to start from scratchIn order...
BlogTipz hack - The BlogTipz editor response
We received the reply from the editor of BlogTipz.From the info, it seems that the hack on BlogTipz is merely a target of opportunity.The hack method is probably not related to error of WordPress, but the editor of BlogTipz does not reveal the actual...
Blogtipz Hacked
Today, blogtipz.com - a good internet blogging site got hacked. The attack is a simple defacement attack, and the signed culprits are Dr.0rYX|Cr3W-Dz.Here is a screenshot of the hacked version of the blogtipz.com siteWith the little information avai...
BackTrack 4 Penetration Test Distro - First Glance
Remote exploit just published the beta of the BackTrack 4 Penetration Testing Live CD.While the distro looks the same at first glance, it has had a major overhaul under the hood.Backtrack is moving away from SLAX and this version is based on Ubuntu 8...
Security Information Gathering - Brief Example
When embarking on a security evaluation, the first stop for security information gathering is the Internet. Only connecting to the target public servers and DNS yields a wealth of information.So here is an example what can be learned in a couple of m...
Checking web site security - the quick approach
One of the most frequent questions delivered to a security officer is: Is this web site secure?While a proper answer can be obtained only through a full blown penetration test, there a quick approach which will yield a very good "feel" of the site se...
Fedora Servers Compromised
According to this announcement from yesterday, Fedora servers were compromised.Here is a scary part of the announcement:One of the compromised Fedora servers was a system used for signingFedora packagesThat particular server had very little to do wit...
Competition Results - Computer Forensic Investigation
The Computer Forensic Investigation Competition is closed, and here are the resultsWhat was there to be found:Tshark sniffer - part of the wireshark suite in /moodle/enrol/paypal/dbNetCat tool for backdoor creation - renamed as MyTool.exe - in /moodl...
Competition - Computer Forensic Investigation
Shortinfosec is hosting a computer forensics competition.In the competition, you will have to analyze a submitted disk image for incriminating evidence, as per the scenario belowScenarioThe investigators suspect that the employee was doing the follow...
Portrait of Hackers
In order to properly defend against an attacker, one should understand the profile and motivation of the potential attackers that stand against you. Here is a brief profile of persons that are against you (you can use these profiles in internal train...
Tutorial - Using Ratproxy for Web Site Vulnerability Analysis
After Shortinfosec compiled the Ratproxy tool for Windows, we got e-mails with complaints that the it is still unclear how to use this tool. Therefore, Shortinfosec is following up with a tutorial on using Ratproxy.NOTE: Shortinfosec will present a d...
Google's Ratproxy Web Security Tool for Windows
In our previous post, we announced the new security tool - Google's ratproxy. It functions as a proxy, much like paros.Shortinfosec has compiled ratproxy v1.51 on windows.You can download compiled ratproxy-1.51.exe for Windows hereVerification sums:r...
Information theft - Minimize targets of opportunity
Information theft is not always a planned and systematic process. A lot of people can become attackers should an opening present itself, for a several motives, most frequently greed. To minimize such incidents, a company needs to be vigilant against ...
Ratproxy - Google Web Security Assessment Tool
The Google security team has released a free, open-source Web app security assessment tool. The tool is called Ratproxy, and can be found here:http://code.google.com/p/ratproxy/Google describes it as a semi-automated, largely passive web application ...
Another Bad D.M.C.A. - Canadian Bill C-61
Last week Bill C-61 was introduced in the Canadian parliament. Supposedly it protects digital media from copyright infringement. The danger in that law will not serve only to protect the copyright of music and video files, but will possibly hamper th...
Be Aware of Security Risks of USB Flash Drives
In several occasions i noticed a trend by which companies are identifying and protecting themselves against information theft and virus infections from all electronic transport channels, like email, web, file transfers, p2p etc. Those same companies ...
