Articles on Tools

• Encryption What Information Security Can Learn from NYC Restaurant Inspections
  NYC's restaurant letter grades publicly signal food safety compliance, motivating improvements—72% of initially failing restaurants improved to A or B on second inspection. InfoSec could benefit from...
• Malware Reflections Upon Deception-Based Security Tactics
  Deception tactics for IT defense include network honeypots to detect lateral movement, host-based decoys like fake files and slow service emulators, and endpoint approaches that fool evasive malware...
• Tools Using Pastebin Sites for Pen Testing Reconnaissance
  Pastebin sites can aid penetration testing reconnaissance—stolen data, source code snippets, configuration details, and employee information often appear there. Tools like Pastebin Parser search...
• Incident Response When Does a Suspicious Event Qualify as a Security Incident?
  Distinguishing suspicious events from actual incidents is challenging—panicking at every alert wastes resources, while ignoring meaningful ones allows escalation. Each organization must decide its...
• Malware 8 Practical Tips for Detecting a Website Compromise for Free
  Detect website compromises using host intrusion detection tools like OSSEC, network IDS watching for anomalies, and centralized log review. Tactical measures include scanning for iframes and...
• Malware Malvertising: How Malicious Ad Campaigns Are Protected
  Attackers protect malvertising campaigns by obfuscating JavaScript and ActionScript code and timing attacks for weekends when ad network staff aren't working. Malicious logic activates after...