Everyone is talking about Windows 10, and articles pop out left and right informing people about the new and technically the "last version of" Windows you will ever need! Well, to rephrase that, Microsoft is presenting Windows 10 as "the last version of Windows" you’ll ever need to get. After that, you will receive regular feature updates and product improvements.
InfoSec, SecNews, AppSec, Best Practices, Project Ideas, Source Code, etc. || Dr. Grigorios Fragkos, follow: @drgfragkos
Wednesday, 29 July 2015
Monday, 27 July 2015
shell: command in Windows - Did you know?
I recently discovered that not many people are aware of the shell: command in Windows. Windows Explorer (not the Internet Explorer) recognises the command shell: allowing you to open specific system folders. (you can also use: shellnew: instead of shell:)
For example, type the command shell:startup in the address bar and hit Enter.
This action will open the StartUp folder which under Windows 8.1, it is located here:
C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Thursday, 23 July 2015
Burp Suite - Error handshake alert: unrecognized_name
This is the first time I had to deal with this error in Burp and I was trying to figure out what was the problem. It seems there is a problem with Java which causes Burp to fail when accessing some specific websites. This is the screen you get when this particular error occurs.
Figure 1 - Burp Error handshake alert: unrecognized_name
If you ever stumble upon this problem the solution is easy once you know what to do. As a start, make sure you have the latest version of Java installed.
Tuesday, 21 July 2015
What is the process to verify a particular certification?
I recently had people coming to me asking me what is the process to verify a particular certification and if I knew of a centralised way for doing this.
Unfortunately (or fortunately as some may say) there isn't a centralised way where you could query for a particular certification.
For example, the PCI Security Standards Council (PCI SSC) maintain a list of all certified companies and Qualified Security Assessors which is constantly up-to-date. If you want to verify a consultant's certification the only thing you need to do is to visit this link.
Anyhow, this blog post is intended as a reference guide to the various webpages where you can verify a particular certification. If you do know of any other or you found that the list needs to be be updated just send me a message on Twitter and I will update it as soon as possible.
Below, the certifications are listed Alphabetically according to the respective company which have issued each certificate.
Thursday, 16 July 2015
Critical Patch by Microsoft - MS15-078
Vulnerability in Microsoft font driver could allow remote code execution. This vulnerability requires immediate remediation (16 July 2015).
Microsoft patch MS 15-078 addresses a serious security flaw found in the way Windows products read certain types of fonts.
An attacker can send you an office document or ask you to visit a specific web page with a specific font being used. The attack is straight forward and simple to execute, and for that reason it is highly important to patch immediately.
The attack is possible because it focuses on the Windows Adobe Type Manager Library and the way it deals with OpenType fonts, allowing Remote Code Execution.
Please note that this vulnerability affects all modern versions of Windows. Also, if you install a language pack after you install this update, you must reinstall this update. Therefore, install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Subscribe to:
Posts (Atom)