October 21, 2012 Added by:Brandon Knight
Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...
September 20, 2012 Added by:Jeff McCutchan
All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...
September 19, 2012 Added by:Michael Ligh
Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
July 08, 2012 Added by:f8lerror
Security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo board which supports emulating a Human Interface Device out of the box...
June 06, 2012 Added by:Electronic Frontier Foundation
Apps that require administrative privileges are impossible to install on an iOS device without jailbreaking it. This includes apps that let you firewall your device and secure your internet traffic with OpenVPN. Jailbreaking also helps security and privacy researchers to see if apps are leaking data...
May 15, 2012 Added by:Damion Waltermeyer
This series of articles will be entry points and ideas on how to manage your environment quickly, easily, and cheaply. We’ll also tackle some scripting languages: Batch, Bash, VBScript, Python and Powershell being the most likely for simplicity and compatibility with environments...
May 11, 2012 Added by:Headlines
Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...
May 10, 2012 Added by:Fergal Glynn
Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...
April 04, 2012 Added by:Headlines
"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."
March 14, 2012 Added by:Electronic Frontier Foundation
In the upcoming release on April 26, Ubuntu 12.04 is introducing operating system-wide settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether...
March 09, 2012 Added by:Headlines
Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions...
March 06, 2012 Added by:Ian Tibble
Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...
February 07, 2012 Added by:Bill Mathews
On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...
February 02, 2012 Added by:Bozidar Spirovski
We are not abandoning the Mac - it is a great tool and an asset in our little lab. But in the current state of things, it takes a lot of effort and compromise to fully migrate to a Mac platform, especially since a multi-environment knowledge is required...
January 23, 2012 Added by:Danny Lieberman
Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015