active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
single issue buyers – after paying for this issue click “Physical Pentesting – Regular 07/12″ (which will show just above that text)to download your copy of the magazine
Penetration Testing in the Cloud
by Shohn Trojacek
Warning: As is usual for him, this article will be filled with egregious use of sarcasm and various
literary devices that the author probably has no business using at his young age. Please, be careful
navigating your way through this article on “Penetration Testing in the Cloud” as it can get a bit
hazy at times.
Taking the Physical Penetration Test: How to Recon a Physical Target for an Assessment?
by Ayan Kumar Pan
You purchased a brand-new laptop, where you installed anti-virus software, a firewall and
encrypted your most important files for safeguarding your private data. Now you may be thinking
that your data is safe and secure. But what if your laptop itself is stolen. This shows that you
neglected the physical security aspect for your dear data.
Physical Security Holistics
by Emerson Lima
There are things about physical security that may still surprise the most experienced professional as
well as the most self-assured business owner. In this article the author will not only remind about
the most important questions a pentester and his client should ask themselves but also you will learn
about PKI and biometrics, still “fashionable” phreaking and something that you may know as the
Physical Penetration Testing: Out of the Dark and Into the Light
by Panu Lumme
“When I get access to the console, the game is over,” I have said this more often than not to the
client and the response has almost always been glassy eyes or an innocent smile. It is almost as if
they are daring me to drop my fingers on the keyboard or pull a hard drive imager out from my bag.
But that’s the thing, the client fails to grasp what physical penetration testing really is and if they do
understand, then the chances are that they do not want to know how it is done.
The Physical Aspects of Cybersecurity and Their Importance
by Marc Gartenberg
Defense in depth is a common methodology upon which most security paradigms are based.
Ensuring that the more important assets have greater controls associated with them, not only makes
sense, but is the key to implementing an effective defense-in-depth strategy. Like all good security,
defense-in depth emphasizes the hard and crunchy outside with the soft chewy center approach.
This is the simplistic framework for effective security from a high level.
Anatomy and Mitigation of Different DOS Attacks
by Steven Wierckx
For starters I will start explaining what a DOS attack is and how it works in very simple terms for
those that might not know the subject. The article will then dive deeper into different DOS attacks
and explain them in detail. The subject of IP spoofing is explained. Finally mitigation will be
discussed and there is a section with additional information for those readers who want to expand
on the items handled in the article.
Wireless Eurynomus: A wireless (802.11) Probe Request Based Attack
by Hitesh Choudhary and Pankaj Moolrajani
In the recent years, the proliferation of laptop computers and smart phones has caused an increase in
the range of places people perform computing. At the same time, network connectivity is becoming
an increasingly integral part of computing environments. As a result, wireless networks of various
kinds have gained much popularity. But with the added convenience of wireless access come new
problems, not the least of which are heightened security concerns. When transmissions are
broadcast over radio waves, interception and masquerading becomes trivial to anyone with a radio,
and so there is a need to employ additional mechanisms to protect the communications.
Working with Exploitation Frameworks: Metasploit
by Dan Felts
I can hear you saying : “This is cool but what good is it really for?” Well let me tell you. Imagine
you are like me and my team, where we think a framework should be utilized to its fullest and at
times making changes to certain modules and plugins that allow you to do your job better. You do
not want to make changes to your framework source because if you update it, it might get over
written and you lose all your changes. By doing it this way you can add, develop and update your
own sources without the fear of losing all your hard work.
Autistic Savant Penetration Tester: The Tsunami Is Coming… Will You Be Riding the Wave
by Juli Miller
How old were you when you first tried to hack a computer? How would you react if I told you that a two-year-old boy can do pentesting faster and more effective than you. If you think this is a joke, you probably have not heard about Calvin.
2012 AT&T Cyber Security Conference
by Aby Rao
Each year this conference focuses on security areas of importance to AT&T customers as well as
other attendees. In the past couple of years, the areas of focus have been mobility and cloud. At
AT&T we have a large expertise in both of these areas, as well as in other significant areas in
security. We assemble speakers from AT&T as well as outside experts, including industry analysts.
by Dean Bushmiller
Most people know how insurance works, but do they know how hacking affects insurance? More
importantly, how is ethical hacking going to affect insurance in a positive way? This is going to take
a few paragraphs, so you need to give me a lot of rope to hang myself. Hopefully, at the end of this
article I will be standing on firm ground with my neck still intact. Hopefully, you will have a tool to
convince your customers that you can save them money or even increase profits in the future via
Save the Database, Save the World – Chapter 5
by John B. Ottman
For large institutions, rapid organizational change and growth leads to greater and greater employee anonymity as individuals fade into the masses. Such anonymity can conceal the actions of malicious hackers and challenge modern security controls.
- Register, accept the Disclaimer and choose subscription option.
By choosing the Free Account option you will only be able to download the teaser of each issue.
- Verify your account using the verification link sent to your email address.
- Check the password sent on your email address and use it to log in.
- Click the download button to get the issue.
IMPORTANT: the registration on the website includes subscription to our newsletter.