JudulTipsDiposting
The importance of good threat intelligence

Firstly, let’s look at why we need good threat intelligence. Threat
intelligence drives at least some of the detection capabilities in
many of our preventative controls (for example, Intrusion Detection
Systems) and without a regularly updated feed of intelligence the

Senin, 08 Jun 2015
Some brief technical notes on Venom

Like you, I was displeased by the lack of details on the "Venom"
vulnerability, so I thought I'd write up what little I found.
...
It comes down to a typical heap/stack buffer overflow (depending),
where the attacker can write large amounts of data past the e

Jumat, 05 Jun 2015
Writing a Metasploit post exploitation module

Metasploit is the “World’s most used penetration testing software”,
it contains a huge collection of modules, but it is not complete and
you can customize it by writing your own modules.

Even if you manage to compromise a machine, you may ask yourself: &ldquo

Jumat, 05 Jun 2015
Latest Microsoft Security Intelligence Report Now Available

This volume of the SIR focuses on the second half of 2014 and
contains longer term trend data as well. SIR volume 18 contains data,
insights and practical guidance on a range of global and regional
cybersecurity threats including vulnerability disclosures, malware and
unwa

Jumat, 05 Jun 2015
What one may find in robots.txt

During the reconnaissance stage of a web application testing, the
tester (or attacker) usually uses a list of known subdirectories to
brute force the server and find hidden resources.
...
These files are usually set up at the root of the web server and
indicates whic

Jumat, 05 Jun 2015
Are Artificial Pancreas vulnerable to cyber attacks?

Dr. Kudva explained that data must be encrypted to avoid tampering
that could allow attackers to change the insulin level with serious
repercussion on the health of the patient.

“I think the most important issue to get security people more
involved,” said Kud

Jumat, 05 Jun 2015
PyPhisher – Python Tool for Phishing

If you are looking to make a phishing testing or demonstration you
can check PyPhisher. This tool is python based that provide user a way
to send emails with  a customized template that he design. you can
have an html format that is similar to any organization and replace

Jumat, 05 Jun 2015
Pwning a thin client in less than two minutes

These clients run a Linux-based HP ThinPro OS by default and I had a
chance to play with image version T6X44017 in particular, which is fun
to play with it, since you can get a root shell in a very short time
without knowing any password...

Normally, HP ThinPro OS interf

Jumat, 29 May 2015
Broken, Abandoned, and Forgotten Code, Part 1

This series of posts describes how abandoned, partially implemented
functionality can be exploited to gain complete, persistent control of
Netgear wireless routers. I'll describe a hidden SOAP method in the
UPnP stack that, at first glance, appeared to allow unauthenticated<

Jumat, 29 May 2015
Malware Analysis Basics: Static Analysis

Starting here, I would like to share the results of my recent
research into malware analysis. We will begin with some basics and
proceed to advanced levels. In this first installment, we will discuss
the techniques involved in static analysis of malware. I will also
includ

Jumat, 29 May 2015
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: