Will your company ever ask this question? Hopefully the FBI does not call you … As Jim Aldridge from Mandiant says in this youtube video the first thing that will happen is the FBI will call you in a somewhat cryptic manner… Tell you the systems that were compromised and what systems compromised them. That’s … Read more
As everyone knows – there are 7 OSI network layers. Microsoft explains And this is my favorite Open Source Interconnect (OSI) diagram: So what do I mean about the “8th network layer”? Well I mean the human element of course. Got a new book written by Christopher Hadnagy and Dr. Paul Ekman: “Unmasking … Read more
CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types. The IBM report at X-Force blog recounts the challenges a web application scanner has as to … Read more
Hydra, w3af, Scapy are all good as well. We can create our own scans using scapy – as we can create our own scan reviews depending on the environment that we need to look at. to make this work – one really needs to understand the tcp networking from rfc793 contact us to learn … Read more
Penetration testing are several acts on various computers and systems. First in “recon” one checks the public profile of the company. Use scan tools, nmap, hping, scapy, burp suite, and others to check the target computers out. (this is the Alpha scan) Then one can use a few pre-built tools to review vulnerabilities … Read more
