TABLE OF CONTENTS
Kali Linux on a Raspberry Pi
by Scott Christie – CISSP, CISA, GCIH, CEH
The Raspberry Pi is a small low cost computer originally designed as an educational tool to teach children about computing. The Raspberry Pi now has a large following of hobbyists and hackers using the little computer for various projects from home theater Pcs to home appliance automation. While the Raspberry Pi does not have the greatest specs by contemporary computing standards, it does have a tiny form factor and at $35.00, it is hard to find a better value.
Mapping Kali Usage to NIST800-115
by Jeff Weekes and Carlos Villalba
Kali is an invaluable platform that when coupled with a sound methodology can make a penetration tester’s life that much easier. In some cases Kali provides so many tools that novice penetration testers may struggle with how all the tools fit together and how they can be used to truly meet a client or internal customer’s penetration test objectives.
How to Create Bootable Kali Linux USB
by Rajesh Kumar
Universal USB Installer aka UUI is a Live Linux USB Creator that allows you to choose from a selection of Linux Distributions to put on your USB Flash Drive. The Universal USB Installer is easy to use. UUI can create a Bootable UFD containing most of the OS available.
Practical Approach to Achieve ISO27001 Certification
by George Lewis
In his article our expert, George Lewis, will go through an ISO27001 advisory engagement delivered to one of his clients while working with consulting companies including Big 4 as well as cover a practical approach to implement ISO27001:2005 and will discuss the transition phase to the new ISO27001:2013.
Root Cause Analysis: The Top 5 Reasons ISO 27001 Certified Organizations are Breached
by Praveen Joseph Vackayil
Explore the Top 5 root causes for organizational breaches even after ISO 27001certification and learn more about how each of the described root causes is materialized, who the related entities are, and how to overcome them.
Introduction to Cloud
by Muhammad Saleem
Penetration testing in cloud computing is a big challenge for security practitioners due to its shared resources, service delivery methodology, and borderless presence. This article presents the basic concept of cloud computing and its usage.
Pentest Amazon Cloud Instances Like a Pro
by Anthony Siravo
As with any penetration testing engagement, you need to define the scope of the test. This can get tricky when dealing with cloud services. If you are engaging the provider directly, it’s relatively easy and you can work out the scope of what they wanted tested between the two of you as they have total control of everything in their environment (assuming they can support testing and not interfere with their customer’s business), however if you are dealing with a customer of the provider, things can get trickier. First off, you’ll have to understand just what the relationship is with the cloud provider.
Using Nmap for Pentration Testing
by Ayotayo Tayo Balogun A.J
Even though computers and computer networks were not necessarily engineered from inception with security in mind, it did not take long to discover the need for securing both. For anyone who cares to find out, the art of penetration testing has been in existence since the 1960s. The first documented penetration test occurred in 1967 when the Department of Defense (DoD) commissioned one, but the need for it became apparent when the Systems Development Corporation (SDC), a United States government contractor, discovered that one of its employees could override the system protections added to the AN/FSQ-32 time-sharing computer system.
Denial of Service Primer via Sockstress
by Roger Coon, Angela Hoffman, Charles Chapman & Timothy Hoffman
Effective. Efficient. Lean and Mean. These words can all be used to describe Sockstress: a type of Denial of Service attack that zeroes right in via TCP to wreak havoc on large or small systems. The idea behind Sockstress is simple: where there is a TCP stack, there is inherent vulnerability. In this article, we are going to examine a bit of the history of this interesting attack and explore its more recent use. We will also describe our execution of the attack that was set up in a laboratory environment to measure the effectiveness of this as a Denial of Service (DoS) attack tool.
SCADA Security: An overall Insight
by Maneli Parsi
In recent years, reported attacks against supposedly well protected ICS (Industrial Control Systems) have been growing noticeably leaving security and safety of SCADA (Supervisory Control and Data Acquisition) systems highly questionable. SCADA systems which monitor large amount of machines and sensors over large distances have become highly strategic to major industries and the consequences of system security vulnerabilities may prove catastrophic.
SCADA Security: The Threat and the Solution
by Micheal Sheldon
Complex and distributed SCADA systems now control vast swaths of industry and infrastructure. While an attacker targeting a traditional IT network can shut down a prominent web site, steal personal or confidential information, an attacker who hacks into a SCADA network can control real world equipment; opening valves, running large, powerful motors, posing a safety risk to plant operators and potentially the community at large.
How to Use eEye Retina Against Red Hat/UNIX/Linux Systems
by Rebecca Wynn
You can use eEye Retina against Red Hat/UNIX/Linux systems. There are some hints and tips how to make it.
Another Deadly Tool Against Smartphones. Physiognomy of an ASttack
by Massimo Sembiante
The increasing use of mobile devices is leading to an alarming observation: our security and privacy is seriously at risk because of a number of bugs and leaks in the mobile software. On the other hand, many users are not able to configure and protect their smartphone using the correct settings and features. A new Tool called SPF (Smartphone Pen-test Framework) is an open source tool designed to allow users to assess the security of the smartphones.