Phishing is a combination of social engineering and technology that tries to trick users into disclosing sensitive information. You’re probably already familiar with the stereotypical Nigerian Prince email – an unsolicited email from an unknown sender identifying himself as a Nigerian Prince and offering to pay you to help him transfer his money to your … Continue reading The Best Anti-Phishing Tool in the Enterprise… Is Free!
The SY0-401Security+ exam went live in April 2014, though you may still take the SYO-301 exam through December 31, 2014. In either event, the Security+ credential is now a Continuing Education certification such that you will want to update your knowledge and skill sets regardless of the exam version you initially pass. While teaching our … Continue reading Security+ SY0-301 versus SY0-401 and other questions
The importance of reconnaissance in vulnerability discovery and penetration testing is usually overlooked. Network security personnel with little training or experience will often begin their analysis by finding a few target systems and immediately attempt to compromise their security with user/password logins and vulnerability penetration tests. These premature attempts to compromise pseudo-random hosts are likely … Continue reading Using Nmap to Reconnoiter the DMZ and Perimeter Networks
A skilled attacker usually begins an attack by performing detailed reconnaissance. Recon is critical to a comprehensive attack as it yields information about the target network, hosts, personnel, publicly accessible assets, and a host of other data. One of the easiest targets is a website. Websites are, by design, highly accessible and loaded with data. … Continue reading Using WebRipper to Examine Website Content
The importance of reconnaissance in vulnerability discovery and penetration testing is usually overlooked. Network security personnel with little training or experience will often begin their analysis by finding a few target systems and immediately attempt to compromise their security with user/password logins and vulnerability penetration tests. These premature attempts to compromise pseudo-random hosts are likely … Continue reading Using SuperScan to Reconnoiter an Internal Network
A former student sent me an email requesting assistance with a computer issue. Microsoft Security Essentials continued to post the message “error warning: HACKTOOL:WIN32/Keygen”. Hacktool malware was quarantined. Other symptoms started to appear. Following appropriate guidance, the student looked into the event viewer. The most often repeated error that the student noticed was “The driver … Continue reading A Malware Recovery Scenario – Hacktool
A very common attack technique in use today is the Denial of Service (DoS) attack. DoS attacks are effective in degrading the performance of targeted systems, effectively taking them offline and preventing legitimate system use. A typical DoS attack goes like this: The attacker identifies one or more computers on the Internet as targets The … Continue reading Using the Low Orbit Ion Cannon for Denial of Service Testing
The scenario is simple enough. You need to share some information, a document, with a friend or coworker. You want them to read the document, but not alter or print it. You don’t want them to copy the text or graphics to another file. You want to enforce the concept of “eyes only” on the … Continue reading Do Not Rely on PDF Document Security
Browser toolbars are really common. You may even have one installed in your browser right now as you read this article. Whether you use Chrome, Firefox, Internet Explorer, Opera, Safari, or a less common browser, software companies make toolbars that integrate with your browser. For this context I need to define malware as undesired software … Continue reading Are Browser Toolbars Really Malware?
News, background, and alternatives regarding the recent Internet Explorer “Day Zero” attack are spread across the Internet. Confusion continues, so we decided to help set the record straight for our customer/readers. Step one, be careful what you read and interpret, including within this blog. Despite our care and research, we continue to find additional information … Continue reading The Internet Explorer patch – Setting the record straight