CISSP Study Plan

CISSP: My Study Plan

I sat for the CISSP exam on May 16, 2009. The exam was not easy, but I was prepared. And had the positive energy to complete it successfully. It was a long exam – 6 hours. Equally mentally exhaustive as much as physically demanding. Add to that the constant slight buzzing sound (read noise!!) of something in the hall.

All these in place, I took the whole 6 hours & completed & checked, rechecked the question paper & checked, rechecked the bubbles in the answer sheet. Someone must be wondering why would I check & recheck the question paper. Please read on to know why.

Tools

Lynis v1.2.6 – Security & System Auditing Tool

Project information:

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

Analysis

wepawet – Analyzing Web-Based Malware

One of the most prevalent mode of infection is headed through malicious web-sites. An attacker may chose to host his own site & use it for malware propagation. Or better still, exploit vulnerabilities in other web site(s) & host his malware code on them.

There are different ways to verify if a site is hosting malicious script(s) – varying from tedious manual inspection of code, to using tools such as Malzilla (http://malzilla.sourceforge.net/) & several others, or verifying with Google Safe Browsing.

Read on.

Welcome

Welcome to iPositive Security

Welcome to my website!

The main content will address InfoSec updates on Exploits, Tools, Security Incidents, Analysis & experiences in the domains of Security Research,