Hakin9 en on Demand 08 2012 Digest

7/27/2019 Hakin9 en on Demand 08 2012 Digest

1/17


2/17
http://htbridge.ch/http://www.crackhackforum.com/


3/17
http://www.crackhackforum.com/


4/174 08/2012

Usually as a basic component of an operat-ing system, a kernel can provide the low-est-level abstraction layer for the resourc-

es (especially processors and I/O devices) thatapplication software must control to perform itsfunction. It typically makes these facilities avail-

able to application processes through inter-pro-cess communication mechanisms and systemcalls.

Operating system tasks are done differently bydifferent kernels, depending on their design andimplementation. While monolithic kernels executeall the operating system code in the same addressspace to increase the performance of the system,microkernels run most of the operating system ser-vices in user space as servers, aiming to improvemaintainability and modularity of the operating

Incomputing, thekernelis the main component of most computer

operating systems; it is a bridge betweenapplicationsand the actual

data processingdone at the hardware level. The kernels responsibilities

include managing the systems resources (the communication between

hardware andsoftwarecomponents).[1]

Kernel Security

system [1]. A range of possibilities exists betweenthese two extremes (Figure 1).

Kernel SecurityThis paper introduces conceptsof the security kernels as well as

two examples of them: Kernel-ized Security Operating Systemand Honeywell Secure Commu-nications Processor. The securitykernel is a methodology that pro-vides the functionality of the operating system andgood internal security in multiuser systems. Theyare especially useful in organizations where differ-ent users are trusted on different levels. Also, se-curity kernels are able to co-operate over networkswhich is very important nowadays.

Principles o Security KernelsThe security kernels can be divided into two cat-egories: actual security kernels and trusted com-

puting bases (TCB). The security kernel is definedas an isolated portion of a computer system that isdesigned to enforce the security policy of the sys-tem. A TCB is defined as the totality of hardwareand software protection mechanisms responsiblefor enforcing the security policy of a given system.The difference is small and often security kernelsand TCBs are viewed as synonymous. However,

the little difference is that security kernels involvean isolated portion of a system architecture for se-curity functions but in TCBs, security functions maybe spread throughout various portions of a system.These are discussed in detail later on this chapter.Figure 1. Kernels role in a computer
http://en.wikipedia.org/wiki/Abstraction_layerhttp://en.wikipedia.org/wiki/Central_processing_unithttp://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/Process_(computing)http://en.wikipedia.org/wiki/Inter-process_communicationhttp://en.wikipedia.org/wiki/Inter-process_communicationhttp://en.wikipedia.org/wiki/System_callhttp://en.wikipedia.org/wiki/System_callhttp://en.wikipedia.org/wiki/Monolithic_kernelhttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Microkernelhttp://en.wikipedia.org/wiki/User_spacehttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Computer_softwarehttp://en.wikipedia.org/wiki/Kernel_(computing)http://en.wikipedia.org/wiki/Kernel_(computing)http://en.wikipedia.org/wiki/Kernel_(computing)http://en.wikipedia.org/wiki/Kernel_(computing)http://en.wikipedia.org/wiki/Computer_softwarehttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/User_spacehttp://en.wikipedia.org/wiki/Microkernelhttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Address_spacehttp://en.wikipedia.org/wiki/Monolithic_kernelhttp://en.wikipedia.org/wiki/System_callhttp://en.wikipedia.org/wiki/System_callhttp://en.wikipedia.org/wiki/Inter-process_communicationhttp://en.wikipedia.org/wiki/Inter-process_communicationhttp://en.wikipedia.org/wiki/Process_(computing)http://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/Input/outputhttp://en.wikipedia.org/wiki/Central_processing_unithttp://en.wikipedia.org/wiki/Abstraction_layer


5/17www.hakin9.org/en 5

The security kernels cannot guarantee full pro-tection. They are as efficient as the chosen policywhich is discussed. Additionally, they cannot pro-tect system from authorized, careless users. Forexample, users select quite often easily guessed

passwords or write them down which makes theintruders work relatively easy.

Reerence MonitorIn the security kernel approach, a very importantconcept is the reference monitor which is an ab-stract notation adopted from the models of But-ler Lampson. The reference monitor provides anunderlying security theory for conceptualizing theidea of protection. In a reference monitor all activeentities such as people or computer processes ref-

erence to passive entities such as documents orsegments of memory using a set of correct accessauthorizations. Every reference to passive entitiesor change of authorizations must go through thereference monitor. The access control informationis stored into a database and important securityevents are stored into the audit file (Figure 2).

Security KernelFigure 3 illustrates a general purpose operatingsystem with on-line, interactive users. The kernel

provides a relatively small and simple subset of op-erating system functions. The kernel primitives arethe interfaces of this subset to the rest of the op-erating system (supervisor mode). The supervisorprimitives provide the general-purpose operatingsystem functions used by the applications.

Usually, an operating system consists of sever-al functional areas such as process management,I/O control, and file system management. Some ofthe functions are security relevant and they must

be placed into the kernel. The rules of policy mod-el, discussed in Section3, help to identify securityrelevant functions. Some of the parts of the operat-ing system must be in the kernel because the mod-el requires that these resources are virtual and that

their location be hidden from untrusted software.The functions that provide useful common utilitiesdo not manage anything shared among users andthose that address denial of service are outsidethe scope of the security policy and can generallybe in the supervisor.

Often systems require a security policy that ismore specifically tailored to their needs than thosedefined by the basic security model. This tailoredpolicy is generally exercised on a limited basis forinfrequent operations and may apply only under

special circumstances or to a special class of us-ers. If this extended policy is implemented into thekernel, usually a set of interfaces that can be in-voked by only certain trusted subjects is provided.Trusted subjects have some internal identifier, e.g.,a privilege indicator. When a running program hassuch privileges, it may be able to perform actionsnot permitted by the access checks built into nor-mal kernel functions.

Trusted subjects may be needed to perform sys-tem maintenance such as access policy controlling

for untrusted subjects. Sometimes, normal usersinvoke certain trusted subjects to perform securitysensitive functions. For example, since the basicsecurity model does not allow an untrusted subjectto lower the access class of information, the occa-sional need for downgrading a segment that a useraccidentally over-classifies is satisfied by providinga trusted subject for the user. Trusted subjects areoften implemented as asynchronous processes,called trusted processes, or as extensions of thekernel itself, called trusted functions. Regardlessof the implementation technique, trusted subjectsmust adhere to the same engineering principles asthe kernel if the security policy is to be correctlyimplemented. Other than the implementation tech-

Figure 2. Reerence monitor Figure 3. Structure o kernel-based operating system


6/176 08/2012

nique, the only difference is the specific securitypolicy enforced.

Deend against kernel malwareKernel malware, commonly known as rootkits, are

malicious applications that run in the kernel of theOS with absolute rights to system resources. Enduser devices infected with this type of applicationare open to undetectable processes that can stealdata, collect PII, and otherwise control the systemregardless of the presence of any anti-virus or per-sonal firewall software.

How kernel malware worksAccording to Kimmo Kasslin at F-Secure, there aretwo types of kernel malware infections in Micro-

soft Windows environments: full-kernel and semi-kernel (Kernel Malware: The Attack from Within,2006). Before jumping into a description of each,its important to review how Windows memory ismanaged from a system protection perspective(Figure 4).

Windows applications run in one of two modes:kernel mode or user mode. Kernel mode applica-tions perform tasks such as accessing hardwareresources on behalf of a user application. Theseapplications typically have privileged access to

system resources. Because of this, user applica-

tions are run in user mode to protect the integrity ofthe operating system. User mode applications, likeword processors and Internet browsers, are un-able to directly access hardware or protected OSservices. Rather, they must make calls to kernel

libraries or drivers that ensure resource requestsare executed on behalf of the user applications.This separation of processing tasks is enforced atthe hardware level. Kernel malware circumventsthis abstraction of privileges by running in kernelmode with direct access to all system services. Inother words, it has complete control of the infectedsystem. One attack vector is the installation of amalicious driver.

Malware running in full-kernel mode performs alltasks within the kernel layer. Although it might need

a little help from the user to get installed, once op-erational it performs its assigned tasks without fur-ther user intervention.

Semi-kernel mode malware runs in both usermode and kernel mode. One method of deploy-ment consists of placing a .dll or .exe in user modewith access to a kernel mode driver.According to Kasslin, there is a rise in popularity

of kernel malware that coincides with the move ofcyber criminals to a hacking-for-profit model. Theadvantage to criminals is that kernel malware is

usually undetectable when using standard antivi-rus and antispyware applications.

Mounting a deenseThe first line of defense is denying the local admin-istrator access to PC users. If an attacker cant takeadvantage of user privileges to install kernel-basedsoftware, the level of effort required to compromisethe PC might be high enough to encourage himto find a softer target. In addition, managementshould ensure user awareness of the dangers ofclicking on unknown links and consenting to the in-stallation of unauthorized software.Another important control is the implementa-

tion of a personal firewall on all workstations. Thiscan help prevent self-propagating infections fromspreading. It should be coupled with a strong patchmanagement process. Patching helps eliminatesoftware flaws that can be used to inject maliciouskernel code.Also, consider prohibiting the installation of any

unsigned drivers. Installation of malicious driversis a favorite method of placing kernel malware on

target systems.

KERNEL SECURITY IN WINDOWSToday you will come to know about how to securethe kernel by implementing some security level inFigure 4. Kernel malware work mode
http://blogs.zdnet.com/wp-admin/Kernel%20malware,%20commonly%20known%20as%20rootkits,%20are%20malicious%20applications%20that%20run%20in%20the%20kernel%20of%20the%20OS%20with%20absolute%20rights%20to%20system%20resources.%20%20End%20user%20devices%20infected%20with%20this%20type%20of%20application%20are%20open%20to%20undetectable%20processes%20that%20can%20steal%20data,%20collect%20PII,%20and%20otherwise%20control%20the%20system%20regardless%20of%20the%20presence%20of%20any%20anti-virus%20or%20personal%20firewall%20software.http://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdfhttp://www.f-secure.com/weblog/archives/kasslin_AVAR2006_KernelMalware_paper.pdfhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://blogs.zdnet.com/wp-admin/Kernel%20malware,%20commonly%20known%20as%20rootkits,%20are%20malicious%20applications%20that%20run%20in%20the%20kernel%20of%20the%20OS%20with%20absolute%20rights%20to%20system%20resources.%20%20End%20user%20devices%20infected%20with%20this%20type%20of%20application%20are%20open%20to%20undetectable%20processes%20that%20can%20steal%20data,%20collect%20PII,%20and%20otherwise%20control%20the%20system%20regardless%20of%20the%20presence%20of%20any%20anti-virus%20or%20personal%20firewall%20software.



windows for which you can use these given mainsecurity points below:

Put Password on Power On Password in thesystem.

Put Password on BIOS. Deep-Freezer

BIOS PASSWORD SETUP (For KernelSecurity)BIOS HistoryIn IBM PC compatible computers, the Basic Input/output System (BIOS), also known as the systemBIOS orROMBIOS is the de facto standard de-fining a firmware interface. The name originatedfrom the Basic Input Output System used in the

CP/M operating system (released in 1976), wherethe BIOS was loaded from disk, with only a smallboot loader program stored in read-only memory.

The BIOS software is built into the PC, and isthe first code run by a PC when powered on (bootfirmware). When the PC starts up, the first job forthe BIOS is the power-on self-test, which initializ-es and identifies system devices such as the CPU,RAM, video display card, keyboard and mouse,hard disk drive, optical disc drive and otherhard-ware. The BIOS then locates boot loadersoftware

held on a peripheral device (designated as a bootdevice), such as a hard disk or a CD/DVD, andloads and executes that software, giving it controlof the PC.[2] This process is known as booting, orbooting up, which is short forbootstrapping.A BIOS has auser interface(UI), typically a menu

system accessed by pressing a certain key on thekeyboard when the PC starts. In the BIOS UI, auser can:

congure hardware set the system clock enable or disable system components select which devices are eligible to be a poten-

tial boot device set various password prompts, such as a pass-

word for securing access to the BIOS user in-terface functions itself and preventing mali-cious users from booting the system from un-authorized peripheral devices.

The role of the BIOS has changed over time. Asof 2011, the BIOS is being replaced by the more

complex Extensible Firmware Interface (EFI) inmany new machines, but BIOS remains in wide-spread use. EFI booting has been supported inonly Microsoft Windows versions supporting GPT[2], the Linux kernel 2.6.1 and later, and Mac OS

X on Intel-based Macs [2]. However, the distinc-tion between BIOS and EFI is rarely made in ter-minology by the average computer user, makingBIOS a catch-all term for both systems.

The first BIOS virus wasCIH, whose name match-

es the initials of its creator, Chen IngHau. CIH wasalso called the Chernobyl Virus, because its pay-load date was 1999-04-26, the 13th anniversary oftheChernobyl accident.

CIH appeared in mid-1998 and became active inApril 1999. It was able to erase flash ROM BIOScontent. Often, infected computers could no longerboot, and people had to remove the flash ROM ICfrom the motherboard and reprogram it. CIH tar-geted the then-widespread Intel i430TX mother-board chipset. The then-widespread Windows 9x

operating systems allowed direct hardware accessto all programs.

Modern systems are not vulnerable to CIH be-cause of a variety of chipsets being used whichare incompatible with the Intel i430TX chipset, andalso other flash ROM IC types. There is also ex-tra protection from accidental BIOS rewrites in theform of boot blocks which are protected from acci-dental overwrite or dual and quad BIOS equippedsystems which may, in the event of a crash, use abackup BIOS. Also, all modern operating systems

such as Linux, OS X, Windows NT-based WindowsOS like Windows 2000, Windows XP and newer,do not allow user-mode programs to have directhardware access. As a result, as of 2008, CIH hasbecome essentially harmless, at worst causing an-noyance by infecting executable files and from an-tivirus software. Other BIOS viruses remain possi-ble, however; [2] since most Windows home userswithout Windows Vista/7s UAC run all applicationswith administrative privileges, a modern CIH-likevirus could in principle still gain access to hard-ware without first using an exploit. The operatingsystem OpenBSD prevents all users from havingthis access and the grsecurity patch for the linuxkernelalso prevents this direct hardware accessby default, the difference being an attacker requir-ing a much more difficult kernellevel exploit or re-boot of the machine.

What is BIOS?A BIOS password will make sure you need to entera password when you make changes to the BIOSsettings.

The most basic BIOS password will prevent peo-ple from making changes to your BIOS settings.In the BIOS you can define the boot order of hard-ware. In practice this means you tell the computerthat you want him to look for bootable data in a cer-
http://en.wikipedia.org/wiki/IBM_PC_compatiblehttp://en.wikipedia.org/wiki/Read-only_memoryhttp://en.wikipedia.org/wiki/De_facto_standardhttp://en.wikipedia.org/wiki/De_facto_standardhttp://en.wikipedia.org/wiki/Firmwarehttp://en.wikipedia.org/wiki/CP/Mhttp://en.wikipedia.org/wiki/Personal_computerhttp://en.wikipedia.org/wiki/Power-on_self-testhttp://en.wikipedia.org/wiki/Central_processing_unithttp://en.wikipedia.org/wiki/Random-access_memoryhttp://en.wikipedia.org/wiki/Video_display_cardhttp://en.wikipedia.org/wiki/Computer_keyboardhttp://en.wikipedia.org/wiki/Mouse_(computer)http://en.wikipedia.org/wiki/Hard_disk_drivehttp://en.wikipedia.org/wiki/Optical_disc_drivehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Boot_loaderhttp://en.wikipedia.org/wiki/Peripheral_devicehttp://en.wikipedia.org/wiki/Hard_diskhttp://en.wikipedia.org/wiki/CDhttp://en.wikipedia.org/wiki/DVDhttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Bootstrapping_(computing)http://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/System_clockhttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Extensible_Firmware_Interfacehttp://en.wikipedia.org/wiki/Extensible_Firmware_Interfacehttp://en.wikipedia.org/wiki/Extensible_Firmware_Interfacehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/GUID_Partition_Tablehttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Linux_kernelhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Apple%E6%89%AEtel_architecturehttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/CIH_(computer_virus)http://en.wikipedia.org/wiki/Chernobyl_accidenthttp://en.wikipedia.org/wiki/Windows_9xhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/OS_Xhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/OS_Xhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Windows_9xhttp://en.wikipedia.org/wiki/Chernobyl_accidenthttp://en.wikipedia.org/wiki/CIH_(computer_virus)http://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Apple%E6%89%AEtel_architecturehttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/Linux_kernelhttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/GUID_Partition_Tablehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Extensible_Firmware_Interfacehttp://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/System_clockhttp://en.wikipedia.org/wiki/User_interfacehttp://en.wikipedia.org/wiki/Bootstrapping_(computing)http://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/DVDhttp://en.wikipedia.org/wiki/CDhttp://en.wikipedia.org/wiki/Hard_diskhttp://en.wikipedia.org/wiki/Peripheral_devicehttp://en.wikipedia.org/wiki/Peripheral_devicehttp://en.wikipedia.org/wiki/Boot_loaderhttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Optical_disc_drivehttp://en.wikipedia.org/wiki/Hard_disk_drivehttp://en.wikipedia.org/wiki/Mouse_(computer)http://en.wikipedia.org/wiki/Computer_keyboardhttp://en.wikipedia.org/wiki/Video_display_cardhttp://en.wikipedia.org/wiki/Random-access_memoryhttp://en.wikipedia.org/wiki/Central_processing_unithttp://en.wikipedia.org/wiki/Power-on_self-testhttp://en.wikipedia.org/wiki/Personal_computerhttp://en.wikipedia.org/wiki/CP/Mhttp://en.wikipedia.org/wiki/Firmwarehttp://en.wikipedia.org/wiki/De_facto_standardhttp://en.wikipedia.org/wiki/De_facto_standardhttp://en.wikipedia.org/wiki/Read-only_memoryhttp://en.wikipedia.org/wiki/IBM_PC_compatible


8/178 08/2012

tain order (e.g. Floppy -> DVD -> HDD). After yourcomputer is first installed you probably want to onlyallow it to boot from you hard disk and disallow toboot from USB or DVD. Removing these from theboot order will also speed up the boot process of

your computer since he will not be checking thesedevices for bootable media.

Normally you will not have a need to boot regu-larly from DVD or USB since you could just as wellinstall these operating systems on virtual systems.Once your PC has been properly set up the onlyreason to boot from other media would be in caseof restoring a failing computer (e.g. Windows Res-cue Disks) or if your computer has a failing harddisk. When this is the case you just go to the BIOSsettings, change the boot order to include DVD or

USB, enter the password and reboot.Preventing changes to the boot order and remov-

ing DVD and USB (and floppy or anything else thanhard disk) from the boot order will make sure yourcomputer boots the OS as you have it installed andnot something else. An attacker would need physi-cal access in order to put some kind of media inyour computer (e.g. A DVD disk).

There are some BIOS manufacturers that also al-low putting a password in the BIOS that is neededor simply booting the computer, you need to enter

this password every time you boot the computerno matter what media you boot it from. You couldcompare this to the login screen you might have tolog into the OS after booting.

When do we need this?I would advice that a BIOS password be set forall laptops because it enhances the security lev-el on Kernel Layer so that any individual can by-pass it easily. Laptops are designed to be carried

and are often left alone (e.g. in your hotel room) inplaces where you have little control over the peo-ple that have access. I would also advice to do iton all computers that are in public places or plac-es where there is little or no control on who has

access or where lots of people have access (e.g.workplaces).

Setting up Power-On PasswordBefore the Windows 7 (or any other OS) operat-ing system loads, the computer goes through abrief procedure known as the Power-On Self-Test.This function makes an inspection of any changesmade to the hardware installed on your computer.The Basic Input Output System stores the settingspertaining to such hardware. In addition, you may

set a user password that takes place before saidinspection, which also prevents the operating sys-tem from loading.

Step 1Turn on your Windows 7 computer. Access the BI-OS screen by pressing the appropriate keyboardkey, which generally varies by motherboard makeand model.

Step 2

Go to the BIOS Security or Privacy section.While the layout presented greatly depends by itsMotherboard manufacturer, all information and set-tings are generally similar (Figure 5).

Step 3Enter the desired Power-On password, and re-typeit into the confirmation field if necessary.

Step 4Exit the BIOS menu through its respective Saveand Exit function, typically executed by pressingF10 on your keyboard (Figure 6).

Setting up BIOS PasswordYour computers BIOS is the first program that isrun when your computer starts. You can tell theBIOS to ask for a password when it starts, thus re-stricting access to your computer.

To enter the BIOS setup program, sometimescalled CMOS setup:

Turn on or reboot your computer. Than press F8and one screen will display a series of diagnostics

and a memory check.A message like Hit the key to enter the

BIOS setup program will appear.When you do hit DEL at the right time [1] youll

see a menu screen something like this: Figure 7.

Figure 5. Congure Power-On Password

Figure 6. Power-On Password Login window



NoteSome BIOS versions use a graphical type menuwith icons (a GUI) or have a text interface thatappears different to the one shown, the principlehowever is exactly the same.

As you can see there are two options that re-late to passwords, Supervisor Password and Us-er Password, these relate to controlling access tothe BIOS Setup Program and the Machine Bootrespectively.

Note that not all BIOSs have this password feature;your bios may not have it in which case you wont beable to restrict access to your computer in this way.

Select SUPERVISOR PASSWORD and youll beprompted to enter a password:

You should now enter a password of up to eight

characters (most BIOSs are limited to eight char-acters unfortunately). I recommend you use thefull eight but take care that you choose somethingyoull not forget.

The BIOS will then prompt you to confirm thepassword, just type the same thing again (Figure 8).

Now youll want to set your system to ask for thatpassword every time it boots, so select the BIOSFEATURES SETUP option, to see a menu some-thing like this:Fairly obviously, its the Password Check option

were interested in, so select it and change the set-ting to ALWAYS.

Now navigate back to the main menu and selectSAVE & EXIT SETUP. Your machine will then rebootand youll be prompted for the password (Figure 9).

Each and every time you boot youll be asked forpassword you chose (Figure 10).

Please note that this method of restricting accessto your computer is not completely full proof, thereare ways around it. But it will stop or at least delaythe majority of casual attempts to get access.

If you forget your BIOS password, consult yourmotherboard manual or if you dont have one, con-sult the website of the BIOS manufacturer.

Its not always the DEL key some BIOSs use F2or F10 or another key combination, check yourmotherboard manual.

Figure 7. BIOS Setup

Figure 8. Set password on Supervisor Password

Figure 9. Saving changes and exit

Figure 10. BIOS Login Screen


10/1710 08/2012

Ways to deeat BIOS passwords?There are many ways to defeat a BIOS password:

remove the CMOS battery to clear the pass-word

reset the jumpers for the BIOS to clear thepassword

try one of the master BIOS passwords to by-pass the user placed BIIOS password

use a BIOS password cracking utility

As you notice all these actions will require physi-cal access to the computer and in case of remov-ing the battery or using the jumpers on the moth-erboard to clear the password the attacker wouldeven need to open your computer. You cannot up-

date a BIOS remotely on normal computer hard-ware, you can on some servers but to my knowl-edge that requires extra hardware to be installedon the said server. Most of these actions also taketime (the exception being the master or gener-ic passwords that manufacturers put in as backdoors)

ConclusionA BIOS password is a good investment since ittakes very little time or knowledge to set up and

it might stop an attacker since he will need a cer-tain amount of time to get past the BIOS password(opening the computer or looking at the manufac-turer and then trying possible master passwordstakes time). Also if the BIOS password is clearedit will be visible to you that an attack on your sys-

tem has happened and you can take appropriateaction.

If your BIOS allows you to set a password that isrequired for booting the computer I would certainlyuse that option, it will take an extra step to log in

(you need to enter the password) but it does addan extra hurdle and more time for an attacker togain access to your computer.

I firmly believe security should be layered andthere should always be more than one level ofprotection on each functionality of your computer.Therefore, a BIOS password will always be a goodinvestment. The fastest possible way I see an at-tacker getting past this security measure would in-clude him knowing you use a BIOS password, afirst investigation on what the manufacturer of your

BIOS is, a search for the manufacturer masterpassword(s) (it is possible that there are none foryour BIOS) and then he needs physical access toyour computer to (re-)boot, change the BIOS set-tings (using the password), reboot from other me-dia, do his evil stuff, reboot and change the BIOSsettings back to the original settings, reboot andput the computer back in the state it was when hefound it (probably powered down). I think this wouldtake 10 minutes at the least.

Hiren Live CD Tool -A way to hack BIOSPasswordHiren is a Live CD Tool by which you can crackBIOS Password. I am telling you some steps by

Figure 11. Start Hiren Live CD tool

Figure 12. Select option 9 or next

Figure 13. Select option 2 or BIOS/CMOS Tools

Figure 14. Select option 8 or More



which you can crack it by using it. For crackingyour systems BIOS password you are supposedto follow these given steps which you will find inpictures step by step.

Step 1Put Hiren Live CD tool into CD-Rom and rebootyour system.

Step 2You have to choose 2nd option Start BootCD (Fig-urte 11).

Step 3Choose 9th option fornext(Figure 12).

Step 4Choose 2nd option forBIOS/CMOS Tools. (Fig-ure 13).

Step 5Choose 8th option forMore.. (Figure 14).

Step 6Choose 1st option for Kill CMOS (Wipe CMOS)

(Figure 15).

Step 7Select yes for cracking your BIOS password (Fig-ure 16).

You will be successful in cracking the BIOS Pass-word by following these steps.

Deep-Freezer ToolDeep Freeze works on Kernel Layer and helps

eliminate computer damage and downtime bymaking computer configurations indestructible.Once Deep Freeze is installed on a computer,any changes made to the computer regard-less of whether they are accidental or malicious

are never permanent. DeepFreeze providesimmediate immunity from many of the problemsthat plague computers today inevitable config-

Figure 15. Select option 1 or Killing CMOS Inormation

Figure 16. Final process to kill CMOS inormation

Figure 17. Deep-Freezer Introduction

Figure 18. Deep-Freeze installation step 1

Figure 19. Accept License Agreement or installing purpose


12/1712 08/2012

uration drift, accidental system misconfiguration,malicious software activity, and incidental systemdegradation.

System RequirementsDeep Freeze protects the computers that are setto boot from the hard drive. Configure the CMOSto boot from the hard drive only. The CMOS mustbe password protected to prevent unauthor-ized changes. Deep Freeze protects the Mas-ter Boot Record (MBR) when the computer isfrozen.

Attended InstallComplete the following steps to perform an attend-ed install.

Double-click DFStd.exe to begin the installa-tion process (Figure 18).

Click Next. Click I agree to the terms in the Li-cense Agreement. Click Next(Figure 19).

Enter the License Key or select the Use Evalu-ation check box to install Deep Freeze in Eval-uation mode (Figure 20).

Choose the drives to Freeze from the dis-played list. Click Next(Figure 21).

Click Installto begin the installation.

The computer restarts immediately after the in-

stallation is complete.

Install Using ImagingDeep Freeze has been designed to work with allmajor imaging and desktop management software.Use either an Attended Install or the Silent Installto install Deep Freeze on a master image.

Deep Freeze must be prepared for deploymentbefore finalizing a master image. To prepare themaster image for deployment complete the follow-ing steps:

Restart the computer into a Thawedstate. Launch Deep Freeze using the keyboard short-

cut CTRL+SHIFT+ALT+F6. Alternatively, press SHIFTand double-click the Deep Freeze icon

in the System Tray. Enter the password and click OK. Click Set Flagin the Status tab. The message The ag has been set successful-

ly. Do you want to reboot your computer now?

Is displayed. Click Yes to reboot the comput-er immediately. Click No to reboot the computerlater.After imaging, the computers require an addition-

al restart for Deep Freeze to correctly detect thechanges in disk configuration. If the computers areimaged in an unattended mode, steps should betaken to ensure the computers are restarted to al-low the configuration to update.

KERNEL SECURITY IN LINUX

Kernel Security through password protectGRUB ENTERIESBoot loader is a software code that runs beforethe Operating System and helps in loading theOperating System. Boot loaders usually containseveral ways to boot the Operating System ker-neland also contain commands for trouble-shoot-ing or passing some values to the kernel whilebooting.

When a computer with Red Hat Enterprise Linuxis powered on, the Red Hat Enterprise Linux Oper-ating System is loaded into memory and started by

a boot loader. A boot loader program is located onthe systems primary hard drive and the boot load-er has the responsibility of loading the Linux kernelwith its required necessary files into the comput-ers memory.Figure 21. Select Drive or implementing Deep-Freezer efect

Figure 20. Put License Key or use Evaluation or Demo mode
http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/http://www.makeuseof.com/tag/how-to-password-protect-grub-entries-linux/



Red Hat enterprise editions for different hard-ware architecture use different boot loaders. Thefollowing table shows the different boot loaders fordifferent hardware platforms (Table 1).

The GRUB (GNU GRand Unified Boot loader) is

the default boot loader for AMD32, AMD64, Intelx86 and Intel EMT64T based hardware platforms.GRUB (GNU GRand Unified Boot loader) enablesthe selection of the installed operating system atboot time. GRUB also allows the user to pass ar-guments to the kernelwhile booting.

Linux Booting Levels

1. The Stage 1 or primary boot loader is read in-to memory by the BIOS from the Master Boot

Record (MBR). The primary boot loader ex-ists on less than 512 bytes of disk space with-in the MBR and is capable of loading either theStage 1.5 or Stage 2 boot loader.

2. The Stage 1.5 boot loader is read into memory

by the Stage 1 boot loader.3. The Stage 2 or secondary boot loader is read

into memory. The secondary boot loader dis-plays the GRUB menu and command environ-ment. This interface allows the user to selectwhich kernel or operating system to boot, passarguments to the kernel, or look at system pa-rameters.

4. The secondary boot loader reads the operat-ing system or kernel as well as the contents of/boot/sysroot/ into memory. Once GRUB de-

termines which operating system or kernel tostart, it loads it into memory and transfers con-trol of the machine to that operating system.

5. init program is initiated and it will read the init-tab le (/etc/inittab) and set up the appropri-ate run level.

Working with grub.con confguration fleA sample grub.cof file is shown Listing 1. The linesbeginning with a # are comments.

Table 1. A sample grub.co le

Architecture Boot Loaders

AMD32, AMD64, GRUB

Intel x86, EMT64T GRUB

Intel Itanium ELILO

IBM eServer System i OS/400

IBM eServer System p YABOOT

IBM System z z/IPL

Listing 1. grub.co Shellcode

### Beginning of grub.conf ###

# grub.conf generated by anaconda

#

# Note that you do not have to rerun grub after making changes to this le

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, eg.

# root (hd0,0)

# kernel /vmlinuz-version ro root=/dev/sda2

# initrd /initrd-version.img

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

#####First Operating System#####

title Red Hat Enterprise Linux Server (2.6.18-8.el5)

root (hd0,0)

kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/ rhgb quiet

initrd /initrd-2.6.18-8.el5.img

#####Second Operating System#####

titleRedHat Operating System 2

root(hd1,0)

kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/sdb2 rhgb quiet

initrd /initrd-2.6.18-8.el5.img

### End of grub.conf ###


14/1714 08/2012

The grub.conf configuration file is explained in

detail below.

The default=0directive points to the rst stan-za, which is the default Operating System to

boot. The timeout=5 directive species the time, in

seconds, for GRUB to automatically boots thedefault operating system.

The splashimage directive locates the graphi-cal GRUB screen.

The hidden menu directive means that theGRUB options are hidden.A stanza begins with a title, (the text to be dis-played in boot menu for selecting the Oper-ating System) and the next three lines spec-

ify the location of the /boot directory, the ker-nel, and the initial RAM disk (The initial RAMdisk (initrd) is an initial root le system that ismounted prior to when the real root le systemis available), respectively.

root (hd0,0) Species the boot directory is inrst hard disk, rst Partition.

kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/rhgb quiet Species the kernel locationwhich is inside the /boot folder. This loca-tion is related to the root(hd0,0) statement.

The ro option species the kernel should beopened as read only to protect it from any ac-cidental writes from the initial RAM disk and

rhgb enables the Red Hat Graphical bootoption.

initrd /initrd-2.6.18-8.el5.img Initial RAMdisk.

Setting up GRUB password in LinuxGRUB security features allow you to lock down theediting of boot options accessed by pressing thee key and they allow you to password protect se-lected or all boot entries.

Follow the steps below to see how to passwordprotect GRUB entries:

Fire up the terminal. Type grub and press en-ter. The prompt would change to somethinglike grub>.

Enter md5crypt at the GRUB prompt. Type inthe password when prompted for and pressenter. The command will return you passwordencrypted as an md5 hash. You will need thisso make a note of it or copy to the clipboard(Figure 22).

Now we need to edit the /boot/grub/menu.lstle. You are advised to make a backup of thele before editing it in case something goeswrong (Figure 23).

Enter the line password md5 before the line that reads:BEGIN AUTOMAGIC KERNEL LIST (actual-ly it just needs to come before any of the bootmenu entries, so you can write it anywhere aslong as it is before them).

Figure 24. Securing kernel Layer through grub.con leFigure 23. Making password backup

Figure 22. Putting password on GRUB
http://www.isaffuari.com/


15/17www.hakin9.org/en

If you save the le at this moment without anyfurther edits you would have locked down inter-active editing in GRUB. The administrator or inthis case you would have to press p key andenter the correct password to access these ad-vanced options.

If in addition you want to lock down specicmenu entries so that anyone without the knowl-edge of the correct password cannot boot intothat operating system you should add the wordlockall by itself on a separate line just after the

title specication for each entry in the menu(Figure 24).

The next time anyone tries to select the lockedmenu entry he/she will be required to enter apassword before he/she can boot into the cor-responding operating system.

To lock the recovery mode entries it is bestto change the line lockalternative=false tolockalternative=true. This will lock down allfuture recovery mode entries as well even ifyou update the kernel.

On the Web[1] http://en.wikipedia.org/wiki/Kernel_(computing)

[2]http://en.wikipedia.org/wiki/BIOS

VIKAS KUMAR | ETHICAL HACKER | SPEAKERVIKAS KUMAR (ISHAN) is one o the lead-

ing computer security experts available

in India. VIKAS KUMAR born on 26 July

1990 in a town called Meerut, UP (India).

VIKAS KUMAR started his Group hack-

ers4u on Facebook in year 2010 and in

two years he bangs the World Wide Web

with good computer ethical hacking articles and going

to launch the website on Cyber Security & Ethical Hack-

ing and working with an Anti-Hacking Community I-

hackers4u. The 22 year old guy has the capability to

compete with the best people in the business so called

Ethical Hacking. Workshops and Seminars: VIKAS KU-

MAR has trained more than 1350 people rom all around

the world, rom countries like Thailand, Australia, Can-

ada, Ghana, United States, South Arica, China, Malay-

sia, Singapore, Omen, Yemen, Indonesia, Korea, Iran and

etc. www.cyber-hunt.com | Blog: www.cyber-hunt2012.

blogspot.com | LinkedIn Profle: https://www.linkedin.

com/profle/view?id=71569482&trk=tab_pro | Facebook:

https://www.acebook.com/hackers4u | BackTrack Fan

Club Page: https://www.acebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?re=tn_

tnmn | Facebook Page: https://www.acebook.com/

vikas7852?re=tn_tnmn | Email ID: vikas_ind2008@ya-

hoo.in | [email protected]

16th INTERNATIONAL SECURITY AND RFID EXHIBITION16th INTERNATIONAL FIRE,EMERGENCY RESCUE EXHIBITION

SMART HOUSES AND BUILDING AUTOMATION EXHIBITION

OCCUPATIONAL SAFETY AND HEALTH EXHIBITION

INFORMATION, DATA AND NETWORK SECURITY EXHIBITION

The Most ComprehensiveExhibitionof the Fastest Growing Sectors of recent years

in the Center of Eurasia

SEPTEMBER 20th - 23rd, 2012IFM ISTANBUL EXPO CENTER (IDTM)

THIS EXHIBITION IS ORGANIZED WITH THE PERMISSIONS OF T.O.B.B.

IN ACCORDANCE WITH THE LAW NUMBER 5174.
http://en.wikipedia.org/wiki/Kernel_(computing)http://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/BIOShttp://www.cyber-hunt.com/http://www.cyber-hunt2012.blogspot.com/http://www.cyber-hunt2012.blogspot.com/https://www.linkedin.com/profile/view?id=71569482&trk=tab_prohttps://www.linkedin.com/profile/view?id=71569482&trk=tab_prohttps://www.facebook.com/hackers4uhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/vikas7852?ref=tn_tnmnhttps://www.facebook.com/vikas7852?ref=tn_tnmnmailto:[email protected]:[email protected]:[email protected]://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/http://www.isaffuari.com/mailto:[email protected]:[email protected]:[email protected]://www.facebook.com/vikas7852?ref=tn_tnmnhttps://www.facebook.com/vikas7852?ref=tn_tnmnhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan-Club/395372283859684?ref=tn_tnmnhttps://www.facebook.com/hackers4uhttps://www.linkedin.com/profile/view?id=71569482&trk=tab_prohttps://www.linkedin.com/profile/view?id=71569482&trk=tab_prohttp://www.cyber-hunt2012.blogspot.com/http://www.cyber-hunt2012.blogspot.com/http://www.cyber-hunt.com/http://en.wikipedia.org/wiki/BIOShttp://en.wikipedia.org/wiki/Kernel_(computing)


16/17

PLEASE SEE WWW.UAT.EDU/FASTFACTS FOR THE LATEST INFORMATION ABOUT DEGREE PROGRAM PERFORMANCE, PLACEMENT AND COSTS.

[ GEEKED AT BIRTH. ]

www.uat.edu > 877.UAT.GEEK

LEARN:

Advancing Computer Science

Artifcial Lie Programming

Digital Media

Digital Video

Enterprise Sotware Development

Game Art and Animation

Game DesignGame Programming

Human-Computer Interaction

Network Engineering

[ IT'S IN YOUR PULSE. ]

You can talk the talk.

Can you walk the walk?

Network Security

Open Source Technologies

Robotics and Embedded Systems

Serious Game and Simulation

Strategic Technology Development

Technology Forensics

Technology Product DesignTechnology Studies

Virtual Modeling and Design

Web and Social Media Technologies
http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12http://www.uathackad.com/Nov12


17/17

140+Checklists,tools&guidance

150

Localchapters

20,0

00builders,brea

kersanddefenders

Cita

tions:NSA,DH

S,PCI,NIST,FF

IEC,CSA,CIS,

DISA,ENISAan

dmore..

Le

arnMore:http:

//www.owasp.o

rg

Wehe

lpprotectcriticalinfrastructureonebyteatatime
http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/http://owasp.org/

Date post:	14-Apr-2018
Category:	Documents
Upload:	christian-valdes
View:	220 times
Download:	0 times

Hakin9 en on Demand 08 2012 Digest

Documents