Please take note that online voting for 2013-2014 Executive Council of ISOC MY will take place on the 29th of May 2013.

We will be using the database on portal.isoc.org to send out instructions for online voting on the morning of the 29th of May.

Kindly ensure that your email address is current and updated at portal.isoc.org -> under Malaysia Chapter.

We will be using the list of addresses registered at portal.isoc.org as of 27th of May 2013,…

Please take note that online voting for 2013-2014 Executive Council of ISOC MY will take place on the 29th of May 2013.

We will be using the database on www.isoc.org to send out instructions for online voting on the morning of the 29th of May.

Kindly ensure that your email address is current and updated at www.isoc.org -> under Malaysia Chapter.

We will be using the list of…

As a catchword, cybersecurity is frighteningly inexact and can stand for an almost endless list of  different security concerns, technical challenges, and “solutions” ranging from the technical to the legislative. While buzzwords like cybersecurity may make for good headlines, serious discussions  of security and the Internet require a shared understanding of what is meant by cybersecurity.

The landscape covered by the term cybersecurity includes many types of problems and an even…

Hey There,

This is just the list about the differences in the OWASP Top 10 for 2010 and 2013. The OWASP Top 10 2010 was:

A1: Injection

A2: XSS

A3: Broken Auth and Session Mgmt

A4: Insecure Data Object References

A5: CSRF

A6: Security Misconfiguration

A7: Failure to restrict URL Access

A8: Insecure Cryptographic Storage

A9: Insufficient Transport Layer Storage

A10: Unvalidated Redirects and…

Hey there,

I was presenting at a local conference about the basics of penetration testing. Someone in the audience asked me the question that's been there in many minds for a really long time, and I am sure, has also been answered a zillion times! 

The question was: Isn't a Vulnerability Scanner enough to ensure security? Why do we need to perform manual penetration testing?

Yes, many companies buy a scanner or use an open source one, and run it a…

We have 14 nominees todate !

Reminder that nominations closes at 6pm on the 24th of May 2013

Details available at http://www.isoc.my/profiles/blogs/nominations-to-serve-on-the-executive-council-of-isoc-my

If you are in ICT or Security, you'll most probably have used wireshark... or might have at-least heard about it, and looking for an opportunity to use it. It's a remarkably capable tool which can be used for sniffing almost every kind of protocol. You can download wireshark from http://www.wireshark.org and give it a try.

In the case of wired networks, you will be default in the promiscuous mode (sniff…

Whether you appreciate the underlying concepts of SQL Injection or not, one tool which you cant afford to not appreciate is SQLMAP. This is THE tool for hackers who use any variant of sql injection as an attack vector. (I might be a little biased here, but for most part of it, correct!)

So let's look at what's improved in the latest and greatest... The latest version of the tool is 0.9 as of this scribe. It can be downloaded for Win, Lin and Mac at …

Hey there,

I dont think there is any blog which talks about the intricacies involved in installing both DVWA and Mutillidae on the same Backtrack machine (VM or otherwise). I have been laboring on this for almost the whole of labor day (May 1 ;O), but thankfully, with success.

So let's go in for the steps:

AMP comes default with Backtrack (Apache, MySQL and PHP) since many tools need them. This can itself be used for DVWA. But for Mutillidae, it seems to…

DCD KL 2013 event is happening on the 21st May 2013 at Intercontinental Hotel.

2 FREE conference passes are up for grabs to all ISOC-MY members,all you need to do is state in 100 words or less why you should be selected to attend this conference.

Conference details available at …

Nominations for the ISIF Asia Awards close in less than 30 days!

Nominations close on 15 May 2013 and must be submitted before this deadline to be considered for an Award.

The ISIF Asia Awards recognize five innovative projects that used the Internet as a social development tool to promote access, openness, inclusion, and human rights.

Winners will be awarded AUD 3,000 to support continuation of their project plus a travel grant to attend the awards ceremony at the 8th…

The OSI model (Open Systems Interconnection) is a theoretical model with seven layers which can help better understand how networks work. But for college purposes, you need to by-heart this and so many people are looking for ways in which to get hold of it... (it helps in interviews as well, especially if you are a fresher).

So I searched on the net, checked out Wiki etc, and here's the best of what I could find... not all of this is my work, but has been consolidated from…

'msfupdate' issue after the git migration...

Who doesn't love Metasploit... Now there's the new Metasploit Pro which has tons of web exploits integrated within, and so its much much more powerful. Also it caters to testing the OWASP Top 10 2013!!

But I think while doing this integration and also due to the Metasploit update moving to git from the earlier update method, there has been a…

Hey Guys,

Feels great to be back, I was down with fever for the last week, and was really missing blogging :o(

So here are a few tips for using Linux more effectively:

1. Extracting audio from video: Why would you want to do this? - So that you can move your audio files to listen on your smart phone or ipod etc... or bluetooth it to the car

Simple command to do this: ffmpeg -i my_video_file.avi extracted_audio.mp3

2. Task Manager for Linux:…

Hi There,



There’s always a confusion regarding what the terms Uniform Resource Identifier (URI), Uniform Resource Locator (URL) and Uniform Resource Name (URN) mean… here’s (hopefully) a simple way to remember this, once and for all ☺





·         URI: This is the complete address along with the protocol – this is the one Google Indexes or the DNS server maintains - …

Hey,

Have you used Google Sets? Google Sets was one of the very first Google Labs experiments. However, this got closed a couple of years ago. (Then why the hell are we talking about it?... Patience please!)

How it used to work:

1.       You would need to go to …

I am really thrilled to be upgrading my system to Kali Linux! For noobs, this is the latest and the greatest that Backtrack has to offer!

For starters though, I want to install it on a USB drive as a live USB and also want it as a persistent image (so that I can save files etc on this image). How to do this is told amazingly at the Kali…

Infosec News & Tips For You (#03-2013)…