Security Analytics Using ELK
Few months back, I had the opportunity to conduct two workshops at BSidesDelhi and CSI Mumbai on the above topic. Both sessions were great experiences […]
Author: Wasim Halani
Hunting Phish Domains
Most organizations face a barrage of attacks every day from threat actors around the globe. Among the various vectors, attackers have found relatively high degree […]
Exfiltration Using Powershell & Outlook
Introduction When an attacker compromises an end-point system in an organization, he needs some sort of confirmation that: his code was executed on the targeted […]
PCI DSS Penetration Testing Guidance
The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under […]
ATM Application Whitelisting Security Assessment
During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the Windows XP ATMs of one […]
Insecure Implementation of Guest Wireless Networks
Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions etc. Certain points should be […]
Disable IIS 7.5 Banner Information
Below are the steps of how to fix the banner (version information) in IIS 7.5 Install the latest version of URLScan 3.1 (http://learn.iis.net/page.aspx/726/urlscan-overview/). Select the […]
Does Your DLP Implementation Keep You Awake At Night?
With the boundary-less work culture of the 21st century, organizations have started to wake up to the fact that they cannot withhold information within the […]
Info-Letter vol.2
Hi all, This month’s reading list. Make sure to check out the tools sections. Traditional Pen-testing is Dead: A frank look at the state of affairs […]
Info-Letter vol. 1
Hi all, We are starting with a monthly reading-list for people who are unable to keep up with the latest in the field of IT […]