Blog Posts Tagged with "IPS"
Using Meterpreter Script – StickyKeys.rb
July 18, 2011 Added by:Kyle Young
This script places a backdoor onto a Windows victim system. The sethc.exe program is the sticky keys program. To activate you just have to hit the shift key 5 times and sethc.exe will be executed. While this can be useful for those who are disabled, there is also an abuse for this feature...
Comments (2)
Implementing Complex Systems for Testing Application Logic
March 07, 2011 Added by:Rafal Los
Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...
Comments (0)
Do Too Many Controls Increase Risk?
January 09, 2011 Added by:Mark Gardner
Implementation of controls such as IDS / IPS / AV or non-technical controls such as screening of individuals are examples of controls that may work on implementation, but unless they are updated or re-screened over time, they do not take account of changes in circumstances...
Comments (1)
Random Highlights From PCI DSS 2.0
December 01, 2010 Added by:Anton Chuvakin
Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment and according to the PA-DSS Implementation Guide – this is useful for... ahem... reminding merchants about it...
Comments (1)
Requirements That Are Never Not Applicable
November 24, 2010 Added by:PCI Guru
At the end of the day, the bottom line here is that all organizations are required to ensure that wireless networking is either not present on their network or, if present, it is only their wireless devices and that those wireless devices are appropriately implemented and secured...
Comments (4)
Using ProFTPd for Core Processing Anywhere?
November 11, 2010 Added by:Brent Huston
If so, you might want to pay attention to this announcement of a critical remote vulnerability in the daemon. A patch is now available and should be applied quickly if you have core processes using this application. You can read the entire alert here...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox