background preloader

Security

Facebook Twitter

How mitmproxy works — mitmproxy 2.0.0 documentation. Mitmproxy is an enormously flexible tool.

How mitmproxy works — mitmproxy 2.0.0 documentation

Knowing exactly how the proxying process works will help you deploy it creatively, and take into account its fundamental assumptions and how to work around them. All About Skimmers. The series I’ve written about ATM skimmers, gas pump skimmers and other related fraud devices have become by far the most-read posts on this blog.

All About Skimmers

I put this gallery together to showcase the entire series, and to give others a handy place to reference all of these stories in one place. Click the headline or the image associated with each blurb for the full story. Real card slot on left, skimmer on right.

Pen-testing

Mobile security. Understanding What Constitutes Your Attack Surface. Home » Featured Articles » Understanding What Constitutes Your Attack Surface In the first article in this series, we discussed a little about Understanding Attack Surface Analytics, and in this second installment we will examine exactly what constitutes your attack surface.

Understanding What Constitutes Your Attack Surface

Put simply, your attack surface is the sum of your security risk exposure. Put another way, it is the aggregate of all known, unknown and potential vulnerabilities and controls across all software, hardware, firmware and networks. The New Personal Attack Surface.

Wifi security

Every trick in the book: how hackers take over your computer. By Rich Pasco Spammers will use every trick in the book to get you to click on their links to malicious web sites, or to open their malicious attachments, or to divulge personal information for identity theft.

Every trick in the book: how hackers take over your computer

Below are just a few examples. Free Penetration Testing and Ethical Hacking Training Course. Watch the Course Intro Video Get started with Ethical Hacking by viewing our course videos below.

Free Penetration Testing and Ethical Hacking Training Course

If you are looking to become a pen tester, this course explains the fundamentals necessary for advancement. The SQL Injection Knowledge Base. Default Databases Testing Injection False means the query is invalid (MySQL errors/missing content on website) True means the query is valid (content is displayed as usual) Given the query SELECT * FROM Table WHERE id = '1';

The SQL Injection Knowledge Base

SEED Project.

OSINT

Domain specific modelling - security. Mind Maps .... Wireless Network Review v1.5 [2013 May] View Full Size -- Image Only -- Template below.

Mind Maps ....

ICT%20in%20H2020%20WP2014-15_0.pdf. Perspectives_integrating-cybersecurity-into-computer-science-curricula-final31102014.pdf. BIM Security. Fundamentals of Information Security. Data management strategy. Streaming media security. SRGwiki.

Cryptography

John The Ripper Hash Formats. 1286: Encryptic. Adobe, however, ignored these well-known principles, and instead stored over a hundred million passwords in a reversably encrypted way, using a terrible choice of encryption methods which exposes a great deal of information about the passwords, and does not involve a salt.

1286: Encryptic

This password database was recently obtained by someone and released on the Internet. In particular, Adobe used Triple DES, an older encryption algorithm which can still be relatively secure when properly used but they used it improperly. It works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that a sequence of 8 characters in a password which starts on a character position which is a multiple of eight is always encrypted to the same result. How an epic blunder by Adobe could strengthen hand of password crackers. Four weeks ago, Adobe disclosed a sustained hack on its corporate network that threatened to spawn a wave of meaner malware attacks by giving criminals access to the raw source code for the company's widely used Acrobat and ColdFusion applications.

How an epic blunder by Adobe could strengthen hand of password crackers

Now, researchers are warning the same breach could significantly strengthen the password crackers' collective hand by revealing a staggering 130 million passcodes used over the years by Adobe customers, many of them from the FBI, large corporations, and other sensitive organizations. That's because Adobe engineers used reversible encryption to scramble the passwords contained in a 9.3-gigabyte file that's now available online. Surprisingly, they flouted almost universally recognized best practices that call for stored passwords to be protected by bcrypt or another one-way cryptographic hashing algorithm. That's not at all the way the passwords for the 130 million active and inactive Adobe accounts are protected. Analyzing the Adobe leaked passwords. On October Adobe reported that some user data, including credit cards and password dumps, got stolen from their servers.

Analyzing the Adobe leaked passwords

Now the passwords dump has leaked, and it’s hilarious.

Security usability

European Journal of Information Systems - Abstract of article: What levels of moral reasoning and values explain adherence to information security rules[quest] An empirical study. Security and Communication Networks - Early View. Keeping the UK safe in cyber space - Policies. Issue The growth of the internet has transformed our everyday lives and is an important part of our economy.

The internet-related market in the UK is now estimated to be worth £82 billion a year while British businesses earn £1 in every £5 from the internet. But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. 93% of large corporations and 87% of small businesses reported a cyber breach in the past year. Drcrack - reusablesec2.