Dissecting The Hack
An Information Security Community
February 2011 Blog Posts (10)
The new Cyber Security Strategy for Germany
The German Department of the Interior has recently published its new Cyber Security Strategy for Germany (german version here).
Whether it's good or not that a government is…
Continue
RTFOSSTMM!
I am following many discussions on pentesting, including that one in @pauldotcom EP225. About how customers order pentests for the wrong reason (compliance checkboxing), how the word “pentest” has lost it’s original meaning and the question what we should call it instead, what penetration testing shall concentrate on, how the results shall be presented, about…
Interesting Registry Keys with FakeAV Infection
Continue
Added by Ken Pryor on February 17, 2011 at 7:41pm — 1 Comment
Intrusion Detection Mindmap Version 0.4
I just added Judy Novak to the "IDS hall of fame" of my Intrusion Detection Mindmap.
She definitely deserves a place in anybody's IDS hall of fame. ;-)
The mindmap can be downloaded here.
Just save it as IDS.mm and open it in the mindmapping tool of your choice. I personally prefer Freeplane.
If you have valuable…
ContinueAdded by d3tm4r on February 17, 2011 at 3:14pm — No Comments
Don't think you are! Know you are!
This is what Morpheus said to Neo in the movie "The Matrix". And it's so very true regarding information security.
Intruders don't care about what you're thinking about your network security. They just peek and poke until they find a hole that you would not have thought existed.
Check! Your! Facts! Know your network. If you're not sure - just check, don't speculate!
It's the same for general troubleshooting problems and for information security. I am seeing…
ContinueAdded by d3tm4r on February 15, 2011 at 4:00pm — 3 Comments
Reputation or "Cloud" Based Protection - when good Ideas go bad
Reputation Based Protection is a good idea to complement classic signature based and heuristic malware detection.
Some antivirus vendors have already added cloud based reputation services to their antivirus products.
How do those services…
Added by d3tm4r on February 13, 2011 at 10:14am — No Comments
About using 0days in pentests
The folks of Pauldotcom Security Weekly podcast inspired me to write something about using 0day exploits for pentesting.
The question was, whether or not it's a good idea or fair to use those in a pentest.
My take on this is like "hell yeah!". But there are some more aspects to that topic of course, otherwise I wouldn't have considered writing a blogpost on it.
So first off, let's discuss what the intention of using 0days in pentesting might be. For me…
ContinueAdded by d3tm4r on February 13, 2011 at 9:00am — 2 Comments
Oh, a computer virus! Let’s just delete it…
“Oh, a worm just took down all of our servers. We’ve got a problem!”
“Oh, a virus has infected all of our PCs. Let’s quickly delete it!”
“Oh, chinese hackers have pwns0red several companies. But we are fine because we’ve got IDS, IPS, Antivirus, Anti-Spam, DLP and ‘til now…
Added by d3tm4r on February 12, 2011 at 12:30pm — No Comments
Featured Blog Posts
Latest Blog Posts
- Twenty of the things I like about my industry!
- Kippo SSH honeypot over the years
- Silly Secrets(!|?)
- Knowing Normal
- Use of SE in past criminal activities related to Dutch Banks
- The Cuckoo Sandbox written by Leon van der Eijk
- Your argument is invalid! Cause I'll give you a hard time if you insist on it.
Most Popular Blog Posts
Blog Topics by Tags
- privacy (3)
- SIEM (3)
- logmanagement (2)
- APT (2)
- pentesting (2)
- IDS (2)
- IPv6 (2)
- attacks (1)
- kungfu (1)
- wingchun (1)
Latest Activity
Stratagem 13 News Feed
© 2013 Created by Marcus J. Carey.
Powered by
