Lenny Zeltser not only created some great security cheatsheets, he compiled a list of some good reference guides developed by others.
Why should you trust his FREE cheatsheets? Lenny leads a security consulting practice, teaches malware analysis, explores security topics at conferences and in articles, and volunteers as an incident handler at the Internet Storm Center.
So whether you want to learn more about specific security practices or just have a quick reference, you’ll want these cheatsheets.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Free, How to..., Security
Tagged as cheatsheet, checklist, command line, DDOS, developers, Ed Skoudis, google hacking, history of technology, incident response, jeremy stretch, lenny zeltser, log review, malware, netcat, owasp, reverse-engineering, sans, Security, sql injection, tcpdump
TrustWave Inc. analyzed data gathered from over 1900 penetration tests and over 200 data breach investigations and concluded that the top 3 ways to sneak into a network in 2009 were via:
Continue reading →
Like this:
Like Loading...
Filed under Security
Tagged as CIO magazine, data breach, marcus ranum, old flaw, patch management, pentration tests, remote access, security survey, sql injection, trusted connection, trustwave
If you work in information security or IT audit (and I don’t mean IT SOX audit), I’d advise you to carry a “get-out-of-jail” (GOOJ) card at all times. In short, get permission before you do your dirty work.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Security
Tagged as assessment, dumpster diving, get-out-of-jail, GOOJ, hacking, pentesting, scanning, security configuration, sql injection, stay out of jail, tools, vulnerability
ITauditSecurity 