Breaking misused stream ciphers

Encryption algorithms can be classified in a couple of different ways.  A top-level distinction is between symmetric encryption algorithms (which use the same keys for encryption and decryption) and asymmetric…

Entropy calculations

Entropy is a measure of the randomness in a system.  The more random the system, the less predictable it is and the higher its entropy. Entropy and cryptanalysis Entropy is…

Blockchain and hash functions

Hash functions are cryptographic algorithms designed to protect the integrity of data.  Hash functions have a few useful properties, including: One-way: Hash functions are one-way functions, meaning that it is…

The Broader Application of Pentesting Skills

Entering or advancing in an information security career requires an investment in training and certification. Whether you’re new to infosec or interested in transitioning from another industry, a few certifications…

Blockchain and asymmetric cryptography

Blockchain technology makes it possible to solve business problems in ways that were previously impossible.  A major enabler of this is the decentralization of the blockchain’s digital ledger. Blockchain’s decentralization…

AWS APIs abuse: Watch out for these vulnerable APIs

In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate sensitive information about a target’s…

Attacking block creation

Blockchain is a relatively new technology that is achieving rapid adoption. It has a number of built-in protections and incentives designed to allow the decentralized network to maintain and secure…

Decrypting SSL/TLS traffic with Wireshark [updated 2021]

The internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information over the network without…

Dumping a complete database using SQL injection [updated 2021]

What is SQL injection? SQL Injection is a web-based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application…

Highly skilled & well-funded: The new booming threat in cybercrime

Security Magazine |  Security Magazine |  Highly skilled & well-funded: The new booming threat in cybercrime | 2021-03-01 | Security Magazine This website requires certain cookies to work and uses…