CommentaryEvil Bytes
-
Managing The Local Admin Password Headache
March 15, 2013 Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging, but many tools are out there to help
-
Defending Local Admin Against Physical Attacks
March 13, 2013 Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
-
Defending Local Administrator Accounts
March 01, 2013 One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation
-
OPSEC Lessons From The Courtroom Sidebar
February 25, 2013 Jury duty leads to interesting observations on courtroom technology and operational security practices
-
Black Hat, BSides, Def Con: Defenders, Take Note
July 24, 2012 Summer security conferences include defense-related topics on top of the usual offensive fare
-
Analyzing Android, iOS Apps For Weak Data Protection, Cleartext Passwords
May 04, 2012 Analysis reveals mobile apps designed to protect files and passwords do a poor job, often storing them in plain text and use weak obfuscation techniques.
-
Quick-Start Guide: Compiling Mac-Robber For iOS Vuln Research
April 05, 2012 How to compile, copy, and run mac-robber on jailbroken iOS devices
-
Quick-Start Guide: Compiling Mac-Robber For Android Vuln Research
April 02, 2012 How to compile, copy, and run mac-robber on rooted Android devices
-
Forensic Approach To Mobile App Vulnerability Research
March 30, 2012 Intro to a unique approach for vulnerability research on mobile apps using traditional PC forensic tools
-
Fun With REMnux -- And New Malware Analysis Book
March 22, 2012 "Practical Malware Analysis" provides in-depth knowledge on malware analysis and includes useful lab exercises. We take REMnux for a spin with the labs
-
Linux Live Environments: Cool Tools Even For Windows Folks
February 14, 2012 Preconfigured Linux environments provide powerful tools to aid in pen testing, mobile security testing, malware analysis, and forensics
-
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
February 03, 2012 Passive network analysis can reveal OS, service, and even vulnerabilities -- just by sniffing the network
-
Penetration Tests: Not Getting 'In' Is An Option
November 28, 2011 Pen testers must get beyond just breaking in, and clients need to understand how the tester's results map to business risk
-
Plugging The Kiosk-Sized Security Hole
November 15, 2011 Companies like to set up Internet kiosks for customers and job applicants, but their convenience can be their undoing
-
Basic Baselining For Quick Situational Awareness
October 28, 2011 Baselines can be extremely valuable in knowing what's going on within your network, but they can't help if they're not created -- start with the basics
-
DerbyCon Fosters Community -- Videos Available Online
October 07, 2011 DerbyCon's successful first year reminds us of what the security community is all about: sharing and learning from others, promoting new ideas, and advancing the art of security
-
0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk
September 16, 2011 Italian researcher releases 0-day SCADA exploits leaving companies vulnerable to exploit; Emerging Threats project releases update to help detect attacks
-
Metasploit Gets Covert Forensics And PXE Boot Attack Capabilities
September 09, 2011 New Metasploit modules released during the Vegas security conferences add cool, new features, like covert forensics and PXE boot pwnage
-
Smartphones And Tablets Targets For Getting 'Juiced'
August 29, 2011 Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
-
Medical Device Security Under Fire At Black Hat, DefCon
August 18, 2011 New research on medical device security is shining light on potentially deadly vulnerabilities
-
WarVOX Gets An Overhaul; Wardialing Added To Metasploit
August 12, 2011 Rewrite of WarVOX brings new features, better audio fingerprinting, and a Ruby VoIP stack that has been integrated into Metasploit
-
New Metasploit Tools Help Find Security Blind Spots
June 27, 2011 Upcoming vSploit modules for the Metasploit Framework imitate compromised or vulnerable hosts in the network
-
WAFs Have Benefits, But Are Not A Security Cure-all
June 15, 2011 WAFs can provide a good layer of defense against attacks, but they can't solve all Web app-sec problems the way vendors would like you to think
-
Logging Isn't Hard -- Getting Started Is
June 02, 2011 The biggest hurdle for SMBs with logging is taking the first step
-
The Power Of Open-Source Security Tools
February 25, 2011 Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.