http://www.foundstone.com/rss/rssnews.xml Latest news rss feed for foundstone.com Founstone.com http://www.htciaconference.org/ Foundstone's Mike Spohn will be a keynote speaker at the International High Technology Crime Investigation Association Conference & Expo in Atlanta on September 20, 2010. Mike will speak on the topic Effective Incident Response Management. https://dev.issa.org/Library/Journals/2010/January/Hau-How%20Virtualization%20Affects%20PCI%20DSS.pdf Foundstone's How Virtualization Affects PCI-DSS whitepaper was featured in the ISSA Journal. This article highlights the top five issues and concerns that PCI Qualified Security Assessors (QSAs) have about virtualization technology. http://www.foundstone.com/us/resources/proddesc/csniffer.htm McAfee CSniffer is a free tool which will scan your infrastructure to discover if you have unencrypted Perforce passwords which could be stolen and used to penetrate your source code library. One of the exploits of the Aurora vulnerability is exfiltration of intellectual property via source code management tools like Perforce so this tool can help identify any potential attack vectors. http://resources.mcafee.com/forms/Aurora_VDTRG_WP This white paper provides unparalleled detail and insight into Operation Aurora, what was learned, and how to prevent such attacks from being successful in the future. http://www.carolinacon.org/ Something Smells Phishy: The Evolution of Social Engineering Abstract: This presentation is on the evolution of social engineering and some tips on what organizations can do to determine how vulnerable their employees are to social engineering. We will cover the main types of social engineering, including physical, telephone, email and media based attack vectors as well as some newer techniques employed by hackers such as utilizing social networks to increase their chances of success. Examples of these methods employed by hackers and penetration testers will be illustrated. http://www.foundstone.com/us/education-coursesdescription.asp Both the Ultimate Hacking: Wireless and Ultimate Hacking: Web classes are now 4 days long and boast loads of new content, as well as new labs and minilabs. Foundstone is pleased to announce significant updates to both Ultimate Hacking and Ultimate Hacking: Expert. Both classes have been updated to include new exploits, tools, and scripts. In additional the classes will be using tweaked versions of Backtrack 4 (and Windows XP) to help enable our students to further improve their penetration testing skills. The Ultimate Hacking: Wireless class covers an overview of the IEEE 802.11 protocol and current attacks against common wireless protocols. Several new modules focus exclusively on Bluetooth tools, discovery and attacks; as well as RFID. For more details visit http://www.foundstone.com/us/education-coursesdescription-ultimate-wireless.asp. Our web hacking class takes students through the Foundstone Web Application Penetration Testing Methodology and dives deep into data validation attacks and other common attack vectors. Extended sections include automated tools, Web 2.0, thick client testing, and mobile device applications. For more details visit http://www.foundstone.com/us/education-coursesdescription-ultimate-web.asp. Although this class was recently rewritten from the ground up, we continually update it to reflect the changing hack and defend landscape. You will see new exploits; improved tools; and lots of time in the driver seat. This course builds on the success of our student hands-on approach and offers numerous minilabs, as well as 3 challenging labs. For more details visit http://www.foundstone.com/us/education-coursesdescription-ultimate-hacking.asp. Our pinnacle hacking class has also undergone some recent changes. Students will build on their hacking skills as they learn the theory and implementation of cutting edge network, host, and application exploitation and countermeasures. One of the most exciting additions to this class is the Penetration testing with Metasploit module. This module covers just about everything you will need to know to hit the ground running (fast) with Metasploit and its utilities. This course places a special emphasis on flying under defensive radars and other advanced hacking techniques, while discussing and experimenting with effective countermeasures. For more details visit http://www.foundstone.com/us/education-coursesdescription-ultimate-expert.asp. http://www.foundstone.com/us/resources/downloads/foundstone_ir_kit.zip Download Foundstone's IR kit including our How to Evict a Hacker cheat sheet based on the OSI Layers. http://www.foundstone.com/us/resources/proddesc/sitedigger.htm What's New in SiteDigger 3.0 - Improved user interface, signature update and results page. - No longer requires Google API License Key. - Support for Proxy and TOR. - Provides results in real time. - Configurable result set. - Updated signatures. - Ability to save signature selection and result set. http://www.issa.org/Library/Journals/2009/October/ISSA Journal October 2009.pdf#page=36 Foundstone's Brad Smith's discusses the risk public information systems and other kiosks in October edition of the ISSA Journal. Using a sample interactive kiosk as an example, Brad provides strategies on identifying threats and uncovering common vulnerabilities. http://www.foundstone.com/us/resources/whitepapers/wp_mobile_application_pen_testing.pdf Foundstone's latest whitepaper discusses methodologies, tools and techniques for testing the security of mobile device based applications. http://www.foundstone.com/us/resources/whitepapers/wp_insecure_trends_in_web_technologies.pdf A new Foundstone whitepaper discusses insecure deployment trends in a number of rich internet application technologies. http://www.softwaremag.com/L.cfm?Doc=1224-9/2009 People, process, and technology elements interact to create a holistic program; organizations need to evolve toward developing a program that truly works for them. In this article Foundstone Director Rudolph Araujo discusses what it takes to build an effective Software Security Program. http://www.foundstone.com/us/resources/whitepapers/fs_wp_managing_a_malware_outbreak.pdf Foundstone's incident response team documents a real world case study of managining a malware outbreak - Sality. Read on for interesting insights in detecting, responding and preventing outbreaks. http://www.foundstone.com/us/resources-case-studies.asp Read a case study of how Foundstone worked with PMI Mortgage Insurance Company to help them assure their customers that customer data was being securely stored and processed. http://www.foundstone.com/us/education-forensic-incident-response.asp Foundstone's Incident Response classes get a major update. http://www.foundstone.com/us/resources-whitepapers.asp Struggling with PCI and Virtualization - see our whitepaper series on this hot topic. http://www.foundstone.com/us/resources/whitepapers/wp_dlp_program.pdf Read our whitepaper on Data Loss Prevention Program Development that discusses the key steps in preventing loss of confidential or proprietary data from your organization. http://www.softwaremag.com/L.cfm?Doc=1174-10/2008 Learn how to implement a software security training program. http://www.foundstone.com/us/resources/proddesc/diredetectinginsecurelyregisteredexecutables.htm Detect insecurely registered executables. http://www.foundstone.com/us/resources/proddesc/socketsecurityauditor.htm Identify insecurely bound sockets on your local system. http://www.foundstone.com/us/company-events.asp Foundstone participates in industry tradeshows and events worldwide, all year long. Visit our website for up-to-date information about where Foundstone executives and consultants will be speaking and presenting on industry-leading topics. http://www.foundstone.com/us/education-computer-based-training.asp Foundstone Training goes Computer-Based. Check out the courses!