active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
single issue buyers – after paying for this issue click “PenTest StarterKit 2/11″ (which will show just above that text)to download your copy of the magazine
The December issue of Pentest Starterkit magazine is devoted primary to mobile Pentesting. First three articles are developing this subject. First article written by Nir Valtman is showing how hacker can get to your iPhone. Explains what is QR code, where is used, types of QR abuse. Author show how step by step broke to iPhone by QR. Second article – by Martyn Ruks touch subject of mobile pentesting. It is focused especially on Google Android, Apple iOS, Microsoft Phone 7, RIM Blacberry OS. It shows methods of testing this models. Third article by Prof. Steven Furnell is discussing about authentication safeguards in mobiles. It shows new possibilities and solutions different than PIN code, which seem to not protect privacy of your mobile as majority think. Second part of this issue is about social fraud. Dinesh Sheety in his article is showing social engineering from different side. He describe human being reasons to use hackers tools. Second article on this section by Garbriel Marcos shows that IT security solutions of company doesn’t need big knowledge and money but just awareness of some dangerous. Everybody should know simple and obvious things which help to keep your computer safe. Last part of this issue is about solution which you can use to protect your PC. Bart Hooper in his article is introducing one of risk management solutions – NIST Risk Management Framework. It guide how to build good protection system step by step. Start from defining company goals and finishing on creating proper assessment plan. Last article by Thejendra is showing basic hacking tools and the most popular goals of attack.
I hope articles contained on this issue will show you something new.
& Pentest team
QRbot – iPhone QR botnet
By Nir Valtman
This article is related to both social engineering and cyber-crime.
Why social engineering? Since QR usage is based on interactive actions of mobile users, which might lead to threats on their devices, as will be explained in detail later.Why cyber-crime? The actions taken by criminals not only harm the mobile phone/device users, but also may steal sensitive information or aid in launching massive actions using controlled, Zombie-based networks (Botnets), e.g. DDoS – Distributed Denial of Service attacks.In order to explain the whole process, this article begins from the basics of QR and iPhone Usage. After understanding the basics, we will dive into the actions needed to build a QRbot. Finally, avoidance recommendations will be explained.
Mobile Security Testing
by Martyn Ruks
It is a beginner’s level article, catering to the needs of professionals who which to switch or try hands on the Mobile Security Testing. It covers the 3 major platforms – Android, Windows and iOS. The text starts with a background information on mobiles, tablets and the need for their security testing, and finally drills down to “how-to” do the necessary fundamental steps as heads-up.
Mouting a Mobile Masquerade?
by Prof. Steven Furnell
This article examines the forms of protection that are available to thwart an impostor at the authentication level. Although mobile devices have offered authentication safeguards for many years, it is fair to say that many users have managed to ignore them. The reason here is often that they overlook the value and sensitivity of what they’re carrying around in data terms, and so similarly overlook the need to protect it. While the situation has improved with smartphones, there are still plenty of users whose security practices haven’t caught up with their technology usage. Indeed, if you ask an audience how many of them don’t use a PIN (or similar) to protect their mobile handset, a good number of hands normally go up.
by Dinesh Sheety
The idea of this article is simple and nice, though there
are plenty of good resources and books on social engineering (Mitnick’s
Art of Deception!) it’s an “informative” kind of article, it lacks real
examples, for instance a real example of an attack, for example describe
how a pt on an organization has been done (without disclosing sensitive
Information). Author has provided a good solid base for someone who doesnt have any clue about social engineering and by the end of the article they will have a decent amount of knowledge to go out and build upon
When Computer Attacks
By Gabriel Marcos
There is a new type of cyber threat that is catching more victims every day; many people know it is called Advanced Persistent Threats, and there is a trace of high profile victims out there to give us enough. But before taking any action we have to bring awareness to what this new kind of threat means: the only way to be protected is understanding what this means for the organizations and how it could impact their business. Undoubtedly exceptional circumstances call for exceptional actions. So, maybe it is time to acknowledge that computer attacks do not always happen to others; we need to become aware and to be prepared in advance to minimize risk exposure at this kind of attacks, protecting both our organizations and their leaders.
An Introduction to the NIST Risk Management Framework
by Bart Hopper
This article will introduce the NIST Risk Management Framework. It will cover the steps of system categorization, the selection of security controls, the implementation of the selected controls, the assessment of control implementation, and the system authorization process. Creating an effective information security program can be a daunting task. If you are lucky, you work for a company with an existing security program, clearly defined security mandates, and support from senior management. But, what do you do if you are given the task of creating a security program for your organization? This article will guide you through the process of creating an effective security program using the NIST risk management framework. Even if you are not directly responsible for creating a security program, you may find it helpful to understand how security programs are created and why certain items are prioritized by auditors.
Why is Cyber Security Important?
Until a decade ago if you had to rob a bank it was necessary to indulge in an armed invasion, take hostages, spill blood, use getaway cars, etc., along with all the associated risks of botching up the operation. Or you had to indulge in excellent forgery and duplicate paperwork to siphon off funds. But today it is not necessary for you to even visit a bank to loot it without raising any alarms for weeks. So how is it now easy for criminals to loot a bank? The simple answer is the Internet. Today, many aspects of our life like banking, purchases, communications, etc., and even the militaries depend on the internet and worldwide connectivity. While the internet offers several conveniences, it can also ruin your life in an instant with threats like identity thefts, online scams and other threats.
Comments are closed.