HackDig : Dig high-quality web security articles for hacker

UNIX and Linux setUID advice and guidance

It is a topic that often comes up on client engagements, usually when running structured build reviews of Linux “gold builds”, but occasionally when trying to explain in detail how we used a Linux system to pivot internally. SetUID and setGID files are inevitably a risk, potentially allowing attackers to elevate privileges to root from a basic us
Publish At:2017-10-27 17:20 | Read:4115 | Comments:0 | Tags:Blog AIX analysis auditing blueteam FreeBSD Linux root Solar

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:3322 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

padmin to root: Roles on AIX

Following a recent post from a consultant at IBM discussing how how privileged access should be performed on VIOS, I figured it was time to share some of our research in this arena. Those of you that are regular readers will know that I love root. For those of you that are new, welcome aboard. Let’s start by defining what VIOS is. VIOS is a subsystem t
Publish At:2015-10-03 05:00 | Read:3527 | Comments:0 | Tags:Blog AIX analysis auditing exploit root UNIX

Oracle security chief to customers: Stop checking our code for vulnerabilities

Oracle's chief security officer is tired of customers performing their own security tests on Oracle software, and she's not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.Perhaps thinking that all the security researchers in the world were busy recovering from Bla
Publish At:2015-08-11 19:40 | Read:2413 | Comments:0 | Tags:Risk Assessment Technology Lab auditing oracle software lice

Weaknesses in Air Traffic Control Systems are a serious issue for FAA

A GAO report to FAA reveals that the systems adopted in the Aviation industry are still affected by weaknesses that could be exploited by hackers. A report published by Government Accounting Office (GAO) in January urges the Federal Aviation Administration (FAA) to adopt a formal process to “Address Weaknesses in Air Tra
Publish At:2015-03-04 17:30 | Read:3223 | Comments:0 | Tags:Breaking News Security auditing cyber security cyber threats

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 1 of 2)

Posted January 12, 2015   Scott LangBefore we start, let’s agree on three fundamental principles of protecting data:1. Data is the most valuable asset your organization has (besides the folks who work for you anyway)2. Data is like water – it will find the path of least resistance out of its current location3. Based on its value and portabilit
Publish At:2015-01-13 06:25 | Read:2603 | Comments:0 | Tags:Privileged Account Management Auditing least privilege Ponem

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud