• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Frederic D Rohrer

ISACA event writeup

December 12, 2018 by Frederic D Rohrer Leave a Comment

The ISACA event was a lot of fun for me. I talked to some previous ITACS graduates that have found positions in IT auditing or cyber security immediately after graduating here. I spoke with Fraser who recently started working in a SOC. Then I talked to Michael from GeoBlue, a health insurance company for people on business travel or exchange students. Michael mentioned that his company does yearly audits and that every year the quality of the audit differs, even though they use the same company. He says that due to the “gut feeling” nature of penetration tests and audits, different holes are found. Sometimes one auditor is also more or less thorough. I found this interesting as it indicates a niche in the market for penetration testing, that is to structure the testing so that it does not depend on the tester.

Social Engineering Term Paper

October 23, 2018 by Frederic D Rohrer 1 Comment

I stumbled upon this paper from three researchers in Portugal. They do a good job defining a lot of terms and definitions which are used in the Social Engineering. Especially helpful is that the paper describes many of these attacks and shows examples in Kali. On the other hand the paper is a little short and pretends to be a research piece when no new information is given. It only really describes the existing state of Social Engineering but draws no new conclusions.

https://www.researchgate.net/publication/315351300_SOCIAL_ENGINEERING_AND_CYBER_SECURITY

 

Beware of App data collection

October 10, 2018 by Frederic D Rohrer 2 Comments

https://medium.com/@kahunalu/under-the-hood-airbnb-9aceb8954f8a

Apps such as AirBnB collect a plethora of data, some of which is completely useless to the company itself. For example, the app detects the direction that the device is facing, gathered from the magnetic sensor. This information is then sent server-side. Other information is collected by third party providers through their app integration. Services such as the facebook login option gather this data, whether you use the Facebook login or not.

One way to protect yourself is to block these server’s DNS queries. You can do that by installing a DNS sinkhole in your network. These can be small devices such as a pi-hole (https://pi-hole.net/) or a virtualized option. You then just point your DNS server to the new device.

Cyber Security News Sources

September 23, 2018 by Frederic D Rohrer 2 Comments

Hello,

I’d like to discuss where everyone Cyber Security news from and find some interesting sources. Feel free to share yours even if in another language. Here are my personal top sources:

https://www.reddit.com/r/netsec/

https://krebsonsecurity.com/

https://www.bleepingcomputer.com/

https://blog.sucuri.net/

 

Also here is a nice graph of tools for intelligence gathering like we used for our last assignment.

https://i.redd.it/370mx0gln0k01.jpg

Webserver serving swap files – vulnerability

September 11, 2018 by Frederic D Rohrer 2 Comments

https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server

 

When editing on a web-server in production with an editor like Vim, that editor will create a swap file which could mistakenly be served to the public. Therefore it is

A) important to restrict the filetype that is being served (you can do this in .htaccess or php config (NodeJS doesn’t have this problem since files are served from the public folder only and html is templated first)).

B) do not edit on a production server, instead use a staging tool like Git.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in