Blog
Podcasts
Identifying the IT Infrastructure for IT Security
As you can see in today’s world, so many devices are now classified as a computer. In the past, people think that the computer is the big bulky device you see on tables in many offices and organizations. You are right. Those devices are still considered computers. However, many other devices are now behaving and
Read MoreUse Defensive Cybersecurity to Mitigate Cyber attack
Wired.com reported that the Kaseya was warned by the Dutch Institute for Vulnerability Disclosure that there was a potential vulnerability in its system. In this case, Kaseya did not ignore the warning, but Kaseya did not move first to patch up the exposure. The impact of this attack on Kaseya is enormous because it is
Read MoreThe Human Factor in a Ransomware Attack Part-2
Kaspersky Lab conducted a study to determine what role employees play in a business’s fight against cybercrime. The study used over 5,000 businesses around the globe and found out that (52%) of the businesses surveyed believed they are at risk from within and that their employees either intentionally put the businesses at risk or are
Read MoreThe Human Factor in a Ransomware Attack Part-1
Multifactor authentication requires that the user of a system use a combination of factors to authenticate or confirm a right to access a system. In some systems, two types of authentications are required while in some other systems, more than two are required. The most common type of authentication is the username and password. The
Read MoreGathering Penetration Testing Intelligence from Network and Application Platform Configuration
Network configuration refers to the process of setting a network’s controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives.
Read MoreSecurity Implication of Web Frameworks
Web application frameworks provide a structure for building and developing applications through the provision of predefined classes, modules, and functions. The predefined classes and modules help to manage system hardware, software and to manage the streamlining of the application development process. The framework in this discussion includes application frameworks such as Angular.js or Django and
Read MoreHow to Use Robots.txt File to Gather Intelligence for Penetration Testing
In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. What is the robot.txt file? The roborts.txt is a file that
Read MoreGathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as
Read MorePenetration Testing Information Gathering for Web Server Fingerprinting
Penetration has a standard life cycle, which includes intelligence gathering or reconnaissance, scanning, threat modeling & vulnerability identification, exploitation, Post Exploitation, clean up, and reporting. Different projects may rearrange the stages in different ways, but whichever they rearrange, you have to know that there are standard things to be done and in certain ways. For
Read More- 1
- 2