You may have heard the term OSINT(“Open Source Intelligence”) The basics is that you can use public sources to get information about a target during your recon. There are many tools that are available to perform this task such as Google, Maltego, SHODAN etc, one of the tools that really puts a perspective not only […]
Hello Everyone, There has been a new security flaw found in the WPA2 stack a security researcher was able to manipulate handshake packets in the 4 way WPA handshake and perform a key re-installation attack. 1.)T he basics of this attack is that an attacker would need to be in close range of your network
In my day to day Job, I have been responsible for mitigating DDoS attacks and making sure that they are detected in a timely manner. The company I work for has an awesome platform to mitigate DDoS attacks which have an alert system and analytics but I came across a public tool that you can
Hey, Everyone, I have been AFK for a bit I had some laser eye surgery done. Or as I like to say patches for my buggy eyes! I am recovering well and I am pretty much back to normal I am still having some blurred vision when looking at my PC but it’s minimal now
When it comes to DDoS attacks there are 2 primary types. A Volumetric attack with the goal of saturating the pipe on the target network. A Trickle attack with the goal of tying up the resources of the target network while generating the least amount of bandwidth. These 2 methods manifest in different ways where volumetric attacks
A SYN attack is an exploit of the TCP/IP stack where by an attacker send SYN packets and suppresses the SYN -ACK packet. This type of attack can be Volumetric where by the attacker send a large amount of data to a link to saturate the link . It can also be a trickle attack
If you are running a UTM or firewall and are not inspecting SSL traffic I am sorry to say your firewall is useless. Why is this? well first of all most traffic now is going over HTTPS even malware sites the fact of the matter is that just like you and I can get an
Hello Everyone Recently I came across this new tool from WordFence this tool is quite awesome it scans your server remotely for vulnerabilities. The tool is located at https://www.gravityscan.com I have run a tool against my own site here is a snapshot of what the results look like. the below is the results of the
I highly suggest you pick up this book I picked up this book at my local Library I have read many books on this topic such as Maximum security which is another great book This book has a great outline using OWASP Mod security rules and settings and many others. You can
One of the best books I have read Web Application Defender’s CookbookRead More »
I’ve heard this question many times. Let me tell you now that the Security field has many different realms and there is a ton to learn anyone who says they know everything about security is a flat out liar. Think of it a number of applications and systems out there can you honestly think one person can
By now I am sure you have heard the news, WannaCRY Ransomware Yesterday there was a huge Ransomware outbreak that struck across Europe the Wannacry Ransomware made its rounds the targets were hospitals in the UK the Russian Police and many others Even Microsoft started making patches for older systems like XP !!! when I read that
Well, another year another conference and this one was just as good as last years top vendors in many different security realms. Application security, Data security, writeupCloud, Mobile you name it they were there. Top vendors in many different security realms.Application security, Data security, writeupCloud, Mobile you name it they were there. One of my
Tomorrow I will be at the Data connectors Toronto Tech Security Conference I cant wait to see all the vendors and all the upcoming and new products I will also be in all of the seminars I am particularly excited for the presentation from Sophos See my updates on Facebook and other social media accounts
I will be at the Toronto Tech Security ConferenceRead More »
Cacti is an opensource network monitoring system the runs on a LAMP stack or a WAMP stack in the below video I show you how you can install this system so that you can monitor your network via SNMP and other methods.
Hello Everyone, With malware such as DNS changer and others that infect a machine and re-direct traffic to a different DNS server you can implement simple rules ahead of time to stop the traffic in the first place see my latest video on how to accomplish this In the video, I am using untangle