directory

application

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal   1. Denial of service The Denial of …

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Read More »

Linux-Forensics

Linux Forensics

Linux forensics refers to performing forensic investigation on a Linux operated device. To do so, the investigators should have a good understanding on the techniques required to conduct live analysis; to collect volatile and non-volatile data, along with knowledge of various shell commands and the information they can retrieve. The investigators should also be aware of the Linux log files, their storage and location in the directory, as they are the most important sources of information …

Linux Forensics Read More »

File-System-Analysis-Using-Autopsy

File System Analysis Using Autopsy

File System Analysis Using Autopsy is a digital forensics platform and graphical interface to The Sleuth Kite and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Autopsy is an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Some of the …

File System Analysis Using Autopsy Read More »

Learn-about-CD-ROMDVD-File-System

Learn about CD-ROM/DVD File System

Learn about CD-ROM/DVD File System in this article computer systems require file systems, such as NTFS or UNIX, to exchange and access the data contained in files easily and quickly. They divide data stored on CD-ROMs into sectors, containing both user data and error correction codes, Users need not worry about which data is stored in which sector, but should have an understanding of the CD-ROM fife structure. ISO 9660 ISO (International Organization for Standardization) …

Learn about CD-ROM/DVD File System Read More »

Overview-of-Mac-OS-X-File-Systems

Overview of Mac OS X File Systems

Overview of Mac OS X File Systems in this article Apple’s Mac OS X uses a different approach in storing the data, when compared to the Windows and Linux. This section will make investigators aware of the file systems that different versions of Mac operating systems use. Mac OS X File Systems 1. Hierarchical File System (HFS) Apple had developed the Hierarchical File System (HFS) in September 1985 to support the MAC OS in its …

Overview of Mac OS X File Systems Read More »

Learn All About Linux File Systems

Learn All About Linux File Systems

In this blog explain Linux File System Architecture, File system Hierarchy atandard (FHS), Extended File System (EXT), Second Extended File System (EXT2), Second Extended File System (EXT2) (Cont’d), Second Extended File System (EXT2) (Cont’d) etc… Linux OS uses different file systems to store the data. As the investigators may encounter the attack source or victim systems to be running on Linux, they should have comprehensive knowledge regarding the storage methods it employs. The following section …

Learn All About Linux File Systems Read More »

Ways To Learn Finding Default Content Of Web Server Effectively-infosavvy

Ways To Learn Finding Default Content Of Web Server Effectively

Finding Default Credentials of a Web Server Ways To Learn Finding Default Content Of Web Server Effectively is the admins or security personnel use administrative interfaces to securely configure, manage, and monitor web application servers. Many web server administrative interfaces are publically accessible and are located within the web root directory. Often these administrative interface credentials aren’t properly configured and remain set to default. Attackers attempt to identify the running application interface of the target web server …

Ways To Learn Finding Default Content Of Web Server Effectively Read More »

Web-Server-Attacks

Web Server Attacks

The Web Server Attacks which is an attacker can use many techniques to compromise a web server such as DoS/DDoS, DNS server hijacking, DNS amplification, directory traversal, Man-in-the-Middle (MITM)/sniffing, phishing, website defacement, web server misconfiguration, HTTP response splitting, web cache poisoning, SSH brute force, web server password cracking, and so on. This section describes these possible attacks in detail. Web Server Attack Module is part of Certified Ethical Hacker training at Infosavvy – We look at …

Web Server Attacks Read More »

Identity-and-Access-Management

What is Identity and Access Management?

Modern enterprises currently need fast, easy and secure access to IT resources, from anywhere and at any time, provided with effective security controls on IT assets that protect from both internal and external threats. Advancement in technologies like IoT (Internet of Things), M2M Communication, Bring Your Own Device (HOD) pose a variety of internal and external threats and vulnerabilities to the organizations. Identity and Access Management solutions have become an important part of IT strategic …

What is Identity and Access Management? Read More »