New Realities In Aviation Security

Summary of the presentation and research done – By Hugo Teso According to Teso, there are two sub-parts when it comes to aviation systems and understanding them. Concorde airplane or the airplanes of  its time used to have all analog systems on-board and were highly isolated from the outside entities. Due to this there are […]

Authorization Bypass on LinkedIn

Summary: LinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without […]

PCI DSS for Penetration Testing

Understanding PCI DSS and PA DSS is crucial to the role of a penetration tester. Quoting the relevant PCI-DSS or PA-DSS control reference for your findings would help demonstrate the proper risk arising from common security findings such as support of older SSL versions, weak encryption when storing cardholder data, lack of proper logs from […]

Cyber Security In Civil Aviation

  From the year 2012-2025 ICAO(International civil aviation organization) have decided to transform the present aviation environment by introducing new technology which will revolutionize present aviation industry. According to ICAO, the technology responsible to do so is named NextGen (Next Generation Air Transportation System), which is developed by the United States and will be mandatory […]

Disable IIS 7.5 Banner Information

Below are the steps of how to fix the banner (version information) in IIS 7.5 Install the latest version of URLScan 3.1 (http://learn.iis.net/page.aspx/726/urlscan-overview/). Select the correct version as per your OS (64-bit or 32-bit) The reference article to setup URLScan is http://learn.iis.net/page.aspx/475/urlscan-setup/ Enable ‘ISAPI Filters’ for your webserver. This is necessary for URLScan to be […]

Logging in MySQL

Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. Getting Started: Following are the types of logs available in MySQL[1]. Log Type Information Written to Log Error log Problems encountered starting, running, or stopping mysqld General query […]

A Phishy Story

Phishing sounds similar to fishing. Fishes are to the volume of internet users today much like fishermen are to phishers. Zillions of fishes falling prey the nets is nothing less compared to internet users being phished through their own in boxes and messengers. Phishers tend to have some personal favorites – personal information, credit cards […]