• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Week 1: Course Introduction
      • Week 2: Meterpreter, Avoiding Detection, Client Side Attacks, and Auxiliary Modules
      • Week 3: Social Engineering Toolkit, SQL Injection, Karmetasploit, Building Modules in Metasploit, and Creating Exploits
      • Week 4: Porting Exploits, Scripting, and Simulating Penetration Testing
      • Week 5: Independent Study – Perform Metasploit Attack and Create Presentation
      • Week 6: Ettercap
      • Week 7: Introduction to OWASP’s WebGoat application
    • Second Half of the Semester
      • Week 8: Independent Study
      • Week 9: Introduction to Wireless Security
      • Week 10: Wireless Recon, WEP, and WPA2
      • Week 11: WPA2 Enterprise, Wireless beyond WiFi
      • Week 12: Jack the Ripper, Cain and Able, Delivery of Sample Operating Systems
      • Week 13: Independent Study – Analyze provided Operating System Samples and Create Assessment Report
      • Week 14: Deliver Assessment to Operating System Class either in person or via teleconferenc
  • Assignments
    • Analysis Reports
    • Group Project Report and Presentation
  • Webex
  • Harvard Coursepack
  • Gradebook

MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Week 04

Week 4- News Article

February 24, 2018 by Christie L Vazquez Leave a Comment

https://www.darkreading.com/vulnerabilities—threats/anatomy-of-an-attack-on-the-industrial-iot-/a/d-id/1331097

This article details an attack on an IoT device. Similar to the kill chain, the attacker follows a recon, development, execution and command and control phase. Reminds the vulnerabilities with IoTs supporting critical infrastructure.

Drupal Patches Critical Bug

February 24, 2018 by Richard Mu Leave a Comment

Developers of Drupal recently patched two critical vulnerabilities this week in its content management system platform. The first critical vulnerability is a comment reply form bug in Drupal version 8 that granted unauthorized users access to restricted content. It allowed them to view and add comments as well as content in within restricted areas. The another vulnerability that was in Drupal 7 and 9 were a Javascript function that lead to a cross-site-scripting vulnerability.

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Free Keyloggers

February 23, 2018 by Neil Y. Rushi Leave a Comment

https://www.technewsworld.com/story/85002.html

People who bought HP laptops had a free keylogger program installed but it wasn’t on purpose. A user found out while troubleshooting it, but by default it was turned off. The user contacted HP and they applied a patch to remove it. The keylogger program was found to be a software bug that wasn’t finalized before being deployed. Issues about keyloggers are consumers don’t really know what it is and if hackers or other malicious people know about it, they can expose it for their own purpose.

The SEC says companies must disclose more information about cybersecurity risks

February 22, 2018 by Joseph Feldman Leave a Comment

The SEC has issued new guidance for public companies, calling on them to be more forthcoming when disclosing cyber-security risks, even before a breach or attack happens. This expands on guidance they previously issued in 2011 and it also warns that corporate insiders must not trade shares when they have information about cyber-security issues that aren’t public. The SEC added that even though companies are not required to reveal sensitive information that could compromise cyber-security measures, they also cannot use internal or law enforcement investigations as an excuse for not informing the public. Many individuals on the SEC say the guidance doesn’t go far enough and that many public companies still provide disclosures about cyber-security risks that are far from robust and that the commission has only taken limited action. They also mention that the SEC could have helped companies formulate more meaningful disclosure for investors however the new guidance issued does not give them the ability to do so and it only provides modest changes to the 2011 staff guidance. It remains to be seen what other actions or guidance the SEC provides on cyber-security related issues.

 

The SEC says companies must disclose more information about cybersecurity risks

The United States is “vulnerable” to cybersecurity attacks said by the co-founder of the computer security firm CrowdStrike

February 22, 2018 by Shi Yu Dong Leave a Comment

Computer Security Firm “CrowdStrike” performed research and analysis of recent attacks (NotPetya, WannaCry) targeting U.S. organizations that caused million of dollars in losses. Especially, it has been found that U.S. administration as top intelligence group is most vulnerable as they can’t keep up with network security threats.

Next-Gen Firewalls with capabilities of Application layer inspection, SSL inspection, Identity Awareness, IDS/IPS, Application/URL Proxy functions play an important role in protecting not only perimeter of the organization but also internal resources by looking deep into malicious requests and traffic originated from either internal or external networks,

https://latesthackingnews.com/2018/02/18/united-states-vulnerable-cybersecurity-attacks-said-co-founder-computer-security-firm-crowdstrike/

Log in to Reply

The flu is poking holes in hospital cybersecurity, and a shot can’t save you

February 17, 2018 by Amanda M Rossetti 1 Comment

https://www.digitaltrends.com/computing/getting-flu-could-harm-cybersecurity-healh/

I never considered that that a health crisis could also cause cyber security issues but this article makes a good point about why it occurs. With anything that causes the volume of what a user is asked to do to increase, that user is going to find ways to save time. Unfortunately what the user tends to do to save time is ignore protocols put in place to protect information. As hospital personnel are seeing many more patients than usual this flu season they are doing things like leaving themselves logged into terminals and leaving doors open that require a badge to enter. This is opening hospitals up to cyber attacks and putting patient’s information at risk.

Presentations 3 and 4

February 10, 2018 by Wade Mackey 1 Comment

Advanced Penetration Testing -Week-3 Advanced Penetration Testing -Week-4

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (10)
  • Week 01 (18)
  • Week 02 (9)
  • Week 03 (13)
  • Week 04 (17)
  • Week 05 (12)
  • Week 06 (16)
  • Week 07 (2)
  • Week 08 (8)
  • Week 09 (5)
  • Week 10 (10)
  • Week 11 (5)
  • Week 12 (5)
  • Week 13 (2)
  • Week 14 (7)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in