-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Exploit development tutorial - Part Deux
In our exploit development tutorial’s second part, we examine how you can write exploits in PERL. Then we see how to port exploits by scripting in Ruby. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Tutorial
-
Snapshots from nullcon Tritiya Day 2
A quick look at what happened during nullcon 2012. Photo Feature
-
nullcon Tritiya’s infosec conference: Day 1 walkthrough
Join us, as we take a look at the third installment of annual information security conference nullcon 2012. Photo Feature
-
Burp Suite training tutorial: Part 3 – Sequencer, decoder and composer
In the third installment of our Burp Suite training tutorial, learn how to analyze tokens, decode requests and compare responses using Burp Suite tools. Tutorial
-
Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free! Tutorial
-
Burp Suite Guide: Part I – Basic tools
Our Burp Suite guide series explains how to use Burp Suite for security testing of Web apps. For a start, we look at proxy, spider, site scope and sitemap. Tutorial
-
BackTrack 5 training guide: Part V - Pen-testing in a nutshell
Use this step-by-step BackTrack 5 training guide to conduct ethical hacking and penetration testing, for identifying vulnerabilities in your network. Tutorial
- See More: Essential Knowledge on Hacking countermeasures
-
Microsoft fixes code targeted by Duqu in May 2012 Patch Tuesday
Experts suggest patience when dealing with this month’s round of Microsoft updates. News | 08 May 2012
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users. News | 04 May 2012
-
Microsoft program breach led to early RDP vulnerability exploit
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News | 03 May 2012
-
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News | 03 May 2012
-
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customers News | 02 May 2012
-
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News | 25 Apr 2012
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News | 18 Apr 2012
-
HP warns of malware in HP ProCurve switches' flash cards
HP has notified customers that some ProCurve 5400 zl switches were shipped that contained compact flash cards infected with malware. News | 16 Apr 2012
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn. News | 11 Apr 2012
-
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue
Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems. News | 10 Apr 2012
- See More: News on Hacking countermeasures
-
Maltego tutorial - Part 1: Information gathering
Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target. Tip
-
6 point SIEM solution evaluation checklist
With SIEM solutions gaining steam in India, Satish Jagu of Genpact shares concise tips based on the lessons from his SIEM implementation experiences. Tip
-
How to recognize and prevent a hypervisor attack to protect data
A hypervisor attack can hand hackers the keys to your virtual kingdom. But, with the proper precautions and tools, you can minimize the risk. Tip
-
UTM sizing tips for your network security needs
UTM appliances greatly ease the management of network security. But correct UTM sizing is of prime importance. Follow these UTM sizing tips to get it right. Tip
-
Sslstrip tutorial for penetration testers
Sslstrip is a powerful tool to extract sensitive credentials using HTTPS stripping. This sslstrip tutorial explains the working of sslstrip in-depth. Tip
-
CSRF attack: How hackers use trusted users for their exploits
A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods. Tip
-
BackTrack 5 guide 4: How to perform stealth actions
With BackTrack 5, how to include stealth into attacks is a necessary skill for penetration testers. Our BackTrack 5 how to tutorial shows you the way Tip
-
Cyber security threats: Will your enterprise be the next victim?
The old cyber security model is crumbling in the face of new, advanced cyber security threats. A paradigm shift in the approach to cyber security is crucial. Tip
-
BackTrack 5 tutorial: Part 3 – More on exploitation frameworks
Installment three of our BackTrack 5 tutorial covers credential theft and privilege escalation. Also learn SQL injection from this BackTrack 5 tutorial. Tip
-
A Web exploit toolkit reference guide for BackTrack 5
Web exploit toolkits help in vulnerability assessment and penetration testing. This article covers usage of popular Web exploit toolkits with BackTrack 5. Tip
- See More: Tips on Hacking countermeasures
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
An intro to free Microsoft security tools for secure software development
Free Microsoft security tools Threat Modeling, MiniFuzz and RegExFuzz are designed to help developers build secure software. Answer
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents. Ask the Expert
-
How to harden Linux operating systems
Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A. Ask the Expert
-
The telltale signs of a network attack
Some people believe that if IP addresses from China are attacking their network, then they are under attack from China. Expert John Strand explains why all that it is irrelevant. Ask the Expert
-
crimeware kit (attack kit)
A crimeware kit, also called an infection, exploit or DIY attack kit, is a programming tool that allows someone who does not have any experience writing software code to create, customize and distribute malware. Definition
-
Wireshark
Wireshark is an open source tool for analyzing packets and profiling network traffic. Such a tool is often referred to as a sniffer. Definition
-
man-in-the-middle (MitM) attack
A man-in-the-middle (MitM) attack is an exploit in which an intruder intercepts and alters communications between two parties, usually an end user and a website. Definition
-
11 security audit essentials
IT security audit tools automate the IT security audit process, making it more efficient and effective. Here are 11 must-have IT security audit tools. Photo Story
-
10 Wi-Fi security tools for your arsenal
With Wi-Fi’s growth, security administrators and pen testers alike have their hands full. Here’s a list of essential Wi-Fi security tools to ease the stress. Photo Story
-
Metasploit and software vulnerability testing
Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
-
Bruce Schneier on security for cloud computing
In part one of this interview with author and leading security expert Bruce Schneier, he discusses how cloud computing is changing the information security industry, and how companies should adapt to keep up. Video
-
Malware and email authentication for financial services
Malware and fighting phishing with email authentication are major security topics for financial services firms. In part two of this video, Paul Smocer discusses the threats and mitigation options. Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Jim Reavis on cloud computing security and regulatory compliance
Jim Reavis of the Cloud Security Alliance talks about how to secure the cloud, including some advice for compliance officers. Video
-
The integration challenges of unified threat management (UTM)
In this video, Joel Snyder of Opus One reviews how unified threat management products integrate with host-based protection and network access control devices. Video
-
The failing war against cybercriminals
Sophos senior security consultant Graham Cluley explains why it has been difficult to defeat international cybercriminal gangs. Video
-
Maltego tutorial - Part 1: Information gathering
Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target. Tip
-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Microsoft fixes code targeted by Duqu in May 2012 Patch Tuesday
Experts suggest patience when dealing with this month’s round of Microsoft updates. News
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users. News
-
Microsoft program breach led to early RDP vulnerability exploit
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News
-
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News
-
11 security audit essentials
IT security audit tools automate the IT security audit process, making it more efficient and effective. Here are 11 must-have IT security audit tools. Photo Story
-
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customers News
-
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News
-
6 point SIEM solution evaluation checklist
With SIEM solutions gaining steam in India, Satish Jagu of Genpact shares concise tips based on the lessons from his SIEM implementation experiences. Tip
- See More: All on Hacking countermeasures
About Hacking countermeasures
Utilize ethical hacking and other countermeasures to safeguard your business. Protect your network from hacking attacks. Leverage ethical hacking tools for system security. Use network penetration testing for optimal security. Set strong policies to prevent password hacking attacks.