Penetration testing magazine - This week focus on "Malware"- Aug 2012 - Second Week











Sponsored Links:

Are you sure you know everything about malware?

Check if you know:
• how to find and control flash cookies 
• how to use MsfPayload&MsfEncode 
• how to manually indetify malware 
• how to use malware during a penetration test
That's not all!
Read what do pentesters sell and how they do it.
All in new PenTest Regular. 


This issue focuses on following topics:

Flash Cookie
by Ayan Kumar Pan
If you think you have deleted all the cookies from your computer, then think again. There are certain genres of persistent cookies that do not get terminated by the commonly used 'Clear Your Recent History' option. One of them is a flash cookie.

MsfPayload & MsfEncode
by Pankaj Moolrajani and Hitesh Choudhary
Malicious code or software are not at all new terms in the present era. Antivirus companies are trying hard to make the Internet safe and free from malware, but still the tight bond between flaws and features comes in between.

How to Manually Identify Malware
by Adam Kujawa
During the course of Penetration Testing, you may find yourself faced with a suspicious file or series of files which are not detected by any antivirus solution, in which case being able to manually determine whether a file is malicious or not is very important.

Using Malware During a Penetration Test
by Trajce Dimkov and Henri Hambartsumyan
Malware is frequently used by cyber criminals to send spam, obtain account information, show unwanted advertisements, steal credit card numbers and obtain remote access to the internal network.

The Physical Aspects of Cybersecurity and Their Importance
by Marc Gartenberg
NISPOM as a whole is designed to "prescribe the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information." That's it. Plain and simple.

Exploitation Techniques: How You Should Start
by Fabian "@samuirai" Faessler
Have you ever dreamed about writing your own 0day exploit? I really want to do it, and I work hard to learn everything I can about it. This article is about the experiences I have had so far in learning about exploit techniques, and I want to share some of the noteworthy sources I stumbled upon in order to support other beginners.

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
by Jeff Weaver
Have you ever wanted to reverse engineer malware to see exactly what it does when it infects its host? To understand how malware propagates, or even understand the malware enough to write custom signatures for your IDS/IPS to save your network?

Damballa Failsafe: More Than a Malware Protection System
by Rishi Narang
Advanced malware, persistent threats (APTs), and zeroday targeted attacks are the buzz of today's security industry. Big and small corporates to vast infrastructuresor SMEs are all victims to these stealthy targeted attacks.

Some might call me a security expert: Interview with Marcin Kleczynski, CEO of Malwarebytes
by Aby Rao
He started as a computer technician. Frustrated with criminal software he worked on a simple tool. This tool has been downloaded 200 millions times and he is a CEO of a company that stops advanced malware hands down.

It Is All About the Content: SecTor Conference
by M.A. Hervieux
SecTor, the brainchild of founders of TASK, led by an impressive advisory committee composed of leading industry experts, is preparing for its 6th annual event coming this October.

Selling Services of Penetration Testing
by Dean Bushmiller
As you are doing your test, you ARE doing the sales activity. Your task is difficult because you sell intangible – you are selling TRUST. You are saying, "Please trust us enough to attack your network."

Save the Database, Save the World – Chapter 6
by John B. Ottman

No comments: