An Information Security Community
The last week has been brutal for me! Our community has been given one hit after another as we learn about someone doing something horrible or of someone leaving the community because something horrible was done to them!
I reached my limit today when a friend I admire and respect said he was calling it quits! One of our biggest failings I think is we so often overlook the ones who are there always putting in work helping others but not seeking or getting any credit! I'd like to change…Continue
Added by Jayson E. Street on June 8, 2016 at 4:30pm — No Comments
This dialogue prompt appears on every file in the entire file system. Anyone seen this and know a workaround? Trying to recover some files.
-select encoding that will make document readable
-gives these choices: windows (default)
[Will present this at local Defcon 414 in December 2015 and post slideshow here]
I have successfully done this over a dozen times - once for my girlfriend on a flight, sending her the credentials via email.
I MUST classify this as a "social engineering" hack despite several modifications to the boarding pass - which seems to be NOT associated with this airline's information other than flight number, date, time, and passenger name. Nobody checks, nor has the…Continue
Added by Faraday on November 6, 2015 at 8:38pm — No Comments
Many people don't know or haven't heard of threat modeling let alone know how to do it.
Hackers and crackers break assumptions we have made for how a system will be used.
But how to make the right assumptions? One way is to predict evil based on past known threats.
This might be a good start but it's not enough because hackers will also break the assumptions we make based on past attacks and change their behavior.
The better assumption is that all input…Continue
Paul Asadoorian has summed it up quite nicely in EP 373 of the Security Weekly Podcast.
A good pentest not only answers the question “can my controls be breached?” but also the following questions:
Added by d3tm4r on June 1, 2014 at 7:31am — No Comments
To protect your system from scammers, hackers, and malware, you need to follow certain steps.
Avoid Suspicious Websites: When you browse the Internet, be aware of the websites you are visiting. Most websites contain viruses or malware that could harm your…Continue
Added by Richard Thomas on April 30, 2014 at 5:23am — No Comments
Nowadays, information and computer security are on the minds of every IT professional as statistics have shown that the number of severe data loss episodes that occur each year is increasing. Data-bearing devices, including all forms of removable media, are said to be the cause of concern for both…Continue
Added by George Hillston on March 30, 2014 at 1:00pm — No Comments
My dear friend Leon tweeted that it took few minutes for his kippo install to get it's first catch.
I knew that if you go online with SSH password 123456 you will eventually get hacked but i was curious about how soon would that be.
So i ran a little experiment for the sole purpose of documenting that, and i repeated it on 6 fresh VPS installs in 6 different…
Added by Mohab Ali on March 16, 2014 at 12:44pm — No Comments
According to a recent report, cybercrime attacks continue to be a global threat. In fact, there is a growing trend of DDoS attacks, evolving continuously. These attacks have become more sophisticated, harder to detect and mitigate. They have also become the tool of choice for hackers to cause disruptions of…Continue
Added by George Hillston on November 20, 2013 at 4:24pm — No Comments
Martin Bos (purehate)
Eric Milam (brav0hax)
As security consultants we’ve had an opportunity to pentest some of the world’s most interesting companies. Technology and penetration testing is our passion and as such - we love our tools (toys)! Having worked with a load of them over the years it’s easy to embrace the good and dismiss the rest. The devices released by the team at Pwnie Express are far from toys in the traditional sense. These devices are small form factor…
Added by Eric Milam on October 11, 2013 at 12:00pm — No Comments
This is not a survey, consensus or popular poll. This is my opinion written from my viewpoint on how I see this subject. If you disagree with this list or if you agree, please do me a favor and write your OWN list! Seriously if you can’t find twenty things about the industry you work in no matter what it is then it is time for you to look for a new career. I have said it many times to be good at infosec you have to have a passion for it because the people you are up against love what they…Continue
Added by Jayson E. Street on April 9, 2013 at 2:00pm — No Comments
For over two years now, my ssh-honeypot kippo (developed by Upi Tamminen) is receiving “visits” from all over the world. With an easy to guess root password 123456, to shorten the brute force attacks I have gathered some interesting data/statistics.
So to sum things up:
First attack on Monday, 26-Jul-2010, 09:11 AM
Total login attempts 474433
Distinct source IP…
Added by Leon van der Eijk on December 24, 2012 at 7:56am — No Comments
Every now and then somebody starts an argument about whether or not it should be a secret which security products you are using.
I will tell you my opinion on that right away:
1.) Unless your risk profile is extremely high and you are one of the five or so organizations in the world who really have super awesome wicked OPSEC in place, don't even bother starting to think about keeping secret the fact that you…Continue
Added by d3tm4r on October 13, 2012 at 2:23am — No Comments
This article was originally posted on my Digital Forensics Blog.
I heard talk at the SANS DFIR Summit a couple weeks ago about "knowing normal". What does that mean? Knowing what your systems and networks are doing each day and what their stats should look like. That way, even if you don't really know how to recognize…Continue
This is my first post on DTH. I got to know about DTH due to my exploratory research on SE and I think this site provides a lot of useful info. Hopefully one of you can help me too, therefore I will shortly explain my research object.
Sorry for my bad English by the way...
I am currently researching (historical) practices that point towards the use of Social Engineering in relation to criminal practices that have occurred within Dutch banks.…Continue
Added by Jayson E. Street on April 5, 2012 at 1:55am — No Comments
Today I read a blogpost by Fefe in which he rants about how folks just give up on trying to develop more secure code or even fix all bugs in their software but instead draw resources from bugfixing teams in benefit of building mitigations like sandboxing technologies.
Fefe criticizes Adobe's security chief Arkin for saying the following sentence:
“My goal isn’t to find and fix every security bug, I’d…Continue
Added by d3tm4r on February 11, 2012 at 7:44am — No Comments
I am lost - lost in an area of conflict.
Not that there were no solutions to solve the conflict.
In fact the conflict isn't as bad as it seems in the first place - at least this is my opinion.
You may be asking yourself exactly what am I talking about.
I am talking about the fact that we tell politicians and those in charge of IT:
Added by d3tm4r on October 2, 2011 at 3:00pm — No Comments
A friend who wants to start a career in information security asked me which books are a "must read".
It goes without saying that the one and only "must-read" is of course Jayson's book.
Since you found your way to this site, you'll probably already know that. ;-)
Up front I would like to say that I really doubt there are…Continue
A few definitions
(for later debate)
Secure (se kur) adjective , unobtainable state
-Complete removal of every threat of Possible Injurious Event (PIE), known and unknown, now and in the future.
(See also - Unusable)
Security (se kur a te) verb , non continuous state
-Constant valid attempt to be secure.
(See also - Valiant…
Added by Darrin Ford on August 28, 2011 at 3:42pm — No Comments