As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so as soon as I had the idea, I tried executing the concept to see if it would work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.
ProCircular founder and Chief Executive Officer, Aaron Warner is slated to speak at the first annual Awareness Con, an information security conference hosted by Black Hills Information Security (BHIS). The event will be hosted on Wednesday, November 20th in Adel, Iowa at the Adel Public Library. The purpose of Awareness Con is to draw attention to the profession of ethical hacking, commonly referred to as Penetration Testing, and the benefits this practice can have for organizations of all types. Penetration Testing is a simulated attack on an organization's computer and physical security systems to ensure that existing security measures in place are effective.
Let’s just say there’s a lot to learn from history without quoting Sun Tzu… again. Especially in information and cybersecurity. While much of the birth of cyber realm revolves around the military - many of the members of our community are current or former members of various armed forces - many of us still refer to the military influence of old when working through our business planning and various actions revolving around cybersecurity. A great example is the common use or reference to Boyd’s OODA (Observe–Orient–Decide–Act) loop flow chart in both attack and defensive security applications. In sticking to a military theme, I want to touch on a story from World War II and its applicability in today’s modern cybersecurity world.
Not because budding entrepreneurs haven’t heard the horror stories, but it seldom ranks highly among things that directly generate cash or hurry a company to market. Like so many other priorities, cybersecurity often falls to the wayside in the early business stages.