Tag: Security

Learn | Teach Open Source Technologies

Thousands Linux and FreeBSD Servers Infected with Mumblehard Spamming Malware

The sophisticated Mumblehard spamming malware infects thousands of Linux and FreeBSD servers going under the radar for at least five years. In the last seven months, several thousand Linux and FreeBSD machines have been infected with a sophisticated malware dubbed Mumblehard. The infected machines were part of a botnet used, in the last five years, to…
Read more

The Ethics of Information Security

The ethical vision of security testing constitutes rules of engagement that have to be followed by an auditor to present professional, ethical, and authorized practices. These rules define how the testing services should be offered, how the testing should be performed, determine the legal contracts and negotiations, define the scope of testing, prepare the test…
Read more

Social Engineering

Practicing the art of deception is considerably important when there is no open gate available for an auditor to enter the target network. Thus, using a human attack vector, it is still possible to penetrate the target system by tricking a user into executing malicious code that should give backdoor access to the auditor. Social…
Read more

Types of Penetration Testing

Although there are different types of penetration testing, the two most general approaches that are widely accepted by the industry are the black box and white box. These approaches will be discussed in the following sections.  Black box testing

DataBase Auditing with Open Source Tool DBPwAudit

DBPwAudit is a Java-based tool designed to audit passwords for Oracle, MySQL, MS-SQL, and IBM DB2 servers. The application design is greatly simplified to allow us to add more database technologies, as required. It helps the pentester to discover valid user accounts on the database management system, if not hardened with a secure password policy.…
Read more

How to Audit Information Security using Open Source Security tool OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, root-kit detection, real-time alerting and active response. It runs on most operating systems, including Linux, Mac OS, Solaris, HP-UX, AIX and Windows.

How to Test WordPress Security using Open Source Security tool WP-SCAN

Before I dive in this post, I would like to say that everything here for educational purposes only! Now we can move on. WordPress is exceptionally prevalent, on the grounds that is the most easy to use CMS (Content Management System) in the World. Numerous essential organizations or superstars are utilizing WordPress for their sites,…
Read more

WordPress 4.0.1 Security Release

Posted November 20, 2014 by Andrew Nacin. Filed under Releases, Security. WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Snort RPM Based Installation with SnortSnarf and Snort Rule Creation Methods on Linux RHEL /CentOS / Fedora

RPM Based Installation of Snort with SnortSnarf and Snort Rule Creation Methods: written by: Muhammad Farrukh Siddique Snort is an open source Network Intrusion Detection System Snort can also act as Sniffer and Logger In this section we will discuss the more beneficial part of Snort that is Intrusion Detection System (IDS) Snort can also…
Read more