Quick update: Botnet lab test

It took quite a time to get this src up and kickin’, and finally this seems to be working just fine, if not great. I had been planning to take up the botnet session, upon which I posted earlier here Botnet: The Silent Threat I and

Botnet: The Silent Threat II

read more

Botnets – The Silent Threat

I had been planning for delivering a training. And I had to decide on a subject. So, here it is - Botnets.

Topics I will cover here:

+ What is a Botnet
+ Top Botnets
+ Why Botnet?
+ Elements
+ Features
+ Protocols used
+ Categories
+ Applications of an Attack
+ Elements of an Attack
+ Stages of an Attack
+ Detecting a Bot
+ Defending against Botnets

Read on

read more

CISSP: My Study Plan

I sat for the CISSP exam on May 16, 2009. The exam was not easy, but I was prepared. And had the positive energy to complete it successfully. It was a long exam - 6 hours. Equally mentally exhaustive as much as physically demanding. Add to that the constant slight buzzing sound (read noise!!) of something in the hall.

All these in place, I took the whole 6 hours & completed & checked, rechecked the question paper & checked, rechecked the bubbles in the answer sheet. Someone must be wondering why would I check & recheck the question paper. Please read on to know why.

read more

Congratulations!! You passed the CISSP examination.

Finally, the much-awaited mail arrived this early morning at 1:02 am. It went straight to the archive & got labeled to ISC2. I didn’t noticed & had slept waiting for it yesterday. And as I opened my eyes & logged on, I hurried to check if there is any email there looking for me. Ah, there it was – 1 unread in ISC2.

read more

SQL Injection: A primer

SQL Injection is a query / code injection technique which exploits a vulnerability in the database of an application. The database back-end can be Microsoft SQL Server, Oracle, or mysql; i.e. any database which understands the Structured Query Language (SQL: http://en.wikipedia.org/wiki/SQL).
The vulnerability is present when the user input is not filtered properly for string literal escape characters. This user input usually is acting as the variable for constructing a SQL query when it reaches the back-end.
read more

Lynis v1.2.6 – Security & System Auditing Tool

Project information:

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

read more