Author: synpentestro
-
Check if an email address is valid – the telnet way
You can use telnet to check if an email is valid. You can actually send emails via telnet, but we’ll stick to checking for now. Remember that this is not a string validation but a complete check with the mail server if the user is valid. For this example we will use [email protected].
-
Attacking the lottery
This is purely a theoretical attack on a lottery system. No magic combinations or generators, no syndicates or reading the stars, just a plain attack on the system. First of all, there are some perquisites. One will need an insider or more in order to carry out the attack, but this should not be a…
-
Attacking the lottery
This is purely a theoretical attack on a lottery system. No magic combinations or generators, no syndicates or reading the stars, just a plain attack on the system. First of all, there are some perquisites. One will need an insider or more in order to carry out the attack, but this should not be a…
-
SSH tunnels, an alternative to VPN
What do you do when you need a connection to the Internet and the only thing in hand is an unsecured wireless network or hotspot? Do you realize the dangers involved? Would you trust this connection and send confidential data over it? Of course VPN is the favorite method, but what if you don’t have…
-
CISSP CBK 7 – Operations Security
Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized…
-
CISSP CBK 6 – Security Architecture & Models
Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The…
-
CISSP CBK 5 – Cryptography
Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:…
-
CISSP CBK 4 – Applications & Systems Development Security
Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables…
-
CISSP CBK 3 – Security Management Practices
Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,…
-
CISSP CBK 2 – Telecommunications & Network Security
Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model TCP/IP Application Application Presentation Session Transport Host-to-host Network Internet Data Link Network Access Physical Each layer adds its own information to the data packet.