background preloader


Related:  IT Security

Metadata Extraction using FOCA | KaffeNews By Sudhanshu on March 1, 2013 in Analyst - 0 Comments In this Information age, Data is very crucial. From Information security point of view also data is what everybody is behind. Data loss for any organization can have a very negative impact financially as well as reputation wise. Most of the time people share their data knowingly, but sometimes we don’t realize and reveal critical information in the form of metadata and this data could play a major part in a cyber attack. Metadata: Simple data can be described as raw values which need to be processed for the purpose of generating information and deriving knowledge. Metadata (metacontent) is defined as data providing information about one or more aspects of the data, such as: Means of creation of the data Purpose of the data Time and date of creation Creator or author of data Location on a computer network where the data was created Standards used We can extract metadata for a given domain using a tool called as FOCA. Figure 1.

VSAntivirus 'FOCA' And The Power Of Metadata Analysis Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat. Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat.I've written about it before because its impact is often misunderstood both from the publicity and security standpoint. On one hand, metadata provides the necessary data to help organize documents in enterprise document management systems. At the same time, if left in documents sent to others, it provides an unnecessary amount of extra information that could embarrass an organization or be used by an attacker to pull off a more targeted attack. Several other metadata extraction tools exist, like metagoofil, libextractor, and cewl, but FOCA combines nearly all their features and much more. Now you can, too. John H. More Insights

Hacking FOCA [3 de 3] *********************************************************************************************- Hacking FOCA [1 de 3]- Hacking FOCA [2 de 3]- Hacking FOCA [3 de 3]********************************************************************************************* Spidering + FOCA Una de las características que tiene la FOCA es que busca información publicada en Internet. La pregunta que surge a colación es : ¿Cómo usamos FOCA con un servidor interno en una organización o como lanzamos FOCA para que analice links que no están en la base de datos de los buscadores?. La solución "fácil" sería que FOCA trajera un motor de Spidering que, dado un servidor web, fuera buscando todas los links en todas las páginas. Sin embargo, hacer un motor de Spidering no es trivial. Generación de un fichero de Spidering Para conseguri las URLS del sitio que se quiere analizar se va a utilizar Burp Suite. Figura 1: Activación de spidering en un sitio Cuando se activa un spidering a un sitio, hay que definir el ámbito.

SIMPLER Project name: theHarvesterDownload: Github CodeLanguage: PythonFeatured in: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Las 75 Herramientas de Seguridad Más Usadas Notas del Traductor: Muchos de los términos a traducir, tienen poco sentido al ser traducidos al castellano, y no es universalmente aceptada *UNA* traducción en particular, por lo que hice un intento de traducirlos pero mantuve, muchas veces, el término original en inglés siguiendo al traducido, entre llaves -- y encomillado, en caso de ser un término de varias palabras --. Hago esto porque es posible que alguien quiera conocer más sobre algún término y se frustre al tratar de poner en algún buscador el término en castellano, o incluso la traducción a inglés de _esta_particular_ traducción del término. ;-) Debido a la ambigüedad en la traducción de algunos términos como "free" o "commercial", éstos fueron acomodados en su traducción al sentido que se le quiso dar en el contexto en el que se encuentran ubicados y teniendo en cuenta algunas de las explicaciones de Richard Stallman en "Algunas palabras y frases confusas que vale la pena evitar" Se usarán estos íconos:

Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do. Imagine no more. The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. While Anderson's 47-percent success rate is impressive, it's miniscule when compared to what real crackers can do, as Anderson himself made clear. The Ars password team included a developer of cracking software, a security consultant, and an anonymous cracker. "These are terrible passwords," radix, who declined to give his real name, told Ars just a few minutes into run one of his hour-long cracking session.

AnyDesk - Otras plataformas Microsoft Windows (XP, 7, 8.x, 10) v2.2.2 AnyDesk.exe Linux v2.1.1 Distro: Warning: Due to a bug in the Ubuntu package manager (qapt-deb-installer), the current DEB package might break your X server installation. FreeBSD v2.1.1 anydesk-freebsd-2.1.1-x86_64.tar.gz Otras plataformas También estamos planificando y desarrollando AnyDesk para las siguientes plataformas: Apple MacOS X (a partir de 10.9 Mavericks) Apple iPad (a partir de iPad Air y iPad Mini Retina) Android-Tablets (a partir de KitKat)

Color Palette and the 56 Excel ColorIndex Colors [View without Frames] Excel Color Index, coloring of fonts, cell interiors[palette], [copy], [chart], [colorindex], [grayscale], [formatting], [DOS/OE], [HTML]*, [Help], [Macros], [macros], [ColorFormulas], [FormatUnprotected], [chgfont], [ClearConstantsf], [icolorF], [popvalue], [popbased], [sorting], [count], [rowcolor], [DelRows], [hexconv], [chgpalette], [fillcolor], [cellcommentcolor], [BackupDisplay], [tabs], [triangles], [manual], [colorcharts], [detector], [Luma], [pgms], [colorcoding], [coloringcode], [VBE], [Related], [thissite], [postings], [otherxl], [other], [font], [problems], [printers], [mskb], [msdn], Scope of the Color Palette: Each workbook has it’s own palette. To change the default, change your book.xlt template for new workbooks. How the color palette works (#palette) The arrangement in XL97 differs from previous releases in that the colors are arranged from darker to lighter colors, but the Color Index values remain the same. From HELP --> Index --> palette

How easy is it to hack JavaScript in a browser? This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. Imagine an auth system where you're using a JavaScript framework like Backbone or AngularJS, and you need secure endpoints. But what if you need a little security without involving the server? For example, say you've got a client-side routing system and you want a concrete route to be protected for logged-in users. How easy is for a user to modify that variable and get access? My security (and JavaScript) knowledge isn't great. See the original question here. Sending secret data Joachim Sauer answers (66 votes): It's simple: any security mechanism that relies on the client to do only what you tell it to do can be compromised when an attacker has control over the client. Another route Benjamin Gruenbaum answers (17 vote): Notes:

PPT2000: Introduction to Macro Programming in PowerPoint 2000 This article explains the steps to create a simple Microsoft Visual Basic for Applications macro within Microsoft PowerPoint. The macro you create will add a slide to your presentation, set a background texture for a slide, set slide timings, and run a slide show. This article is designed to introduce you to some of the tools and concepts you need to become a macro programmer. Microsoft provides programming examples for illustration only, without warranty either expressed or implied. Create A New Presentation On the File menu, click New. Create a Macro On the Tools menu, point to Macro, and then click Macros. Add Code to a New Macro You should now be looking at a flashing cursor within the Code Window. Run the Macro There are several methods to run a macro. View the Macro Code To view the source code of a specific macro, follow these steps: On the Tools menu, point to Macro, and then click Macros. Add Some More Code Now we are ready to add the rest of the commands to complete the macro.

Shamir's Secret Sharing Shamir's Secret Sharing is an algorithm in cryptography created by Adi Shamir. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret. Counting on all participants to combine together the secret might be impractical, and therefore sometimes the threshold scheme is used where any of the parts are sufficient to reconstruct the original secret. Mathematical definition[edit] The goal is to divide secret (e.g., a safe combination) into pieces of data in such a way that: Knowledge of any or more pieces makes easily computable.Knowledge of any or fewer pieces leaves completely undetermined (in the sense that all its possible values are equally likely). This scheme is called threshold scheme. then all participants are required to reconstruct the secret. Shamir's secret-sharing scheme[edit] points to define a polynomial of degree Suppose we want to use a where

Using Excel with Other Office Applications General Tips on Application Interactions Copy - Paste Methodology When you copy from one Microsoft Office application into another, the default Copy-Paste sequence embeds an object of the source application into the target application's document. Copying an Excel object is different. If you paste five charts from a 1 MB workbook into a PowerPoint presentation, you are adding 5 MB to the size of the presentation.If you are send the presentation to someone else, you may inadvertently send proprietary information which exists elsewhere in the workbook. This behavior also makes formatting the container of the embedded object an adventure. When I copy an Excel chart into another application, I always copy the chart as a picture. Note: Copying a chart as a picture eliminates the ability to reformat the chart using Excel's chart formatting features. To copy a selected Excel chart or range object as a picture, hold down the Shift key while opening the Edit menu. Summary: Early vs.

Why does the government disallow dynamic languages? This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Patrick asks: I know some people who are currently working on a project for the US military (low security level, non-combat, human resources type data). An initial state of the project code was submitted to the military for review, and they ran the program through some sort of security analyzer tool. It returned a report of known security issues in the code and required changes that needed to be implemented before delivery of the final product. One of the items that needed to be resolved was removal of part of the project that was written in Ruby as it is a dynamic language. What is the background/reason for not allowing a dynamic language to be used in a secure setting? See the full, original question here. It's the interpreter Thomas Owens♦ answers (22 votes): Dangerous tricks For example: