fbpx

This website uses cookies to ensure you get the best experience. More Information...

SECURITY LABS

Using UDF in Penetration Testing Part 2

Before continuing, we are assuming – again – that we have already gained access to a MySQL administration interface (the way we did that, is out of the scope of this post) and we want to acquire a command shell in order to penetrate further into the system. Finally, we are assuming that the MySQL […]

READ MORE
Using UDF in Penetration Testing

During a penetration test, we might throw ourselves into a situation where we have SQL administrative access only. As usual, we want to dive deeper into the network. Sometimes the only way to accomplish that is to execute commands on the system that serves the current SQL server. If the server happens to be an […]

READ MORE
Cyprus Computer Society Conference Whitepaper

It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these […]

READ MORE
Cyber-Insurance

Today, infrastructure encompasses computer technology and key business processes and        is increasingly web-based. Thus, the availability and security of computer networks and web sites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure.  […]

READ MORE
Critical Infrastructure Protection

Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to loss of confidentiality, integrity and availability of the critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust, […]

READ MORE
PKI Roadmap – A guideline for government institutions

PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government […]

READ MORE
Lawful Interception

The need for protection of information, one of the most valuable assets in the modern society, has increased dramatically in the last decade. ‘However, hand by hand with any technological and economic advancement new fraud and crime committing methods appear, targeting at our valuable information assets. Cryptography is one of the key technologies for ensuring […]

READ MORE
Information Security User Guide

This Information Security Guide is meant for all users in the organization. The Guide summarizes the most central basic issues of information security and gives practical advice for the implementation of information security in one’s own work. If you need more information you should first check the organization’s IS Policy manual. Link to guideline

READ MORE
Risk Analysis – A valuable tool for organizations / comparative analysis

Over the past few years there has been a rapid development of Global IT infrastructures, which has fundamentally shifted the way information is managed today. In this dynamic environment new dependencies and new risks are born. Information is a valuable business asset and organizations must make sure that information remains available and trustworthy yet protected […]

READ MORE