View All Publications

A Pentester's Guide to Hacking ActiveMQ-Based JMS Applications
Enterprise messaging systems (EMS) are highly reliable, flexible, and scalable systems that allow asynchronous message processing between two or more applications. This paper provides guidance on penetration testing techniques to assess the security of ActiveMQ-based EMS written using the Java Message Service API.
Topics: Foundstone

Achieving Security through Compliance - Part 1: Policies, plans, and procedures
This is the first part of a six-part series on compliance-driven security. This paper will illustrate how a well-structured security governance program with fully developed and implemented policies, plans, and procedures will strengthen an organization’s security posture.
Topics: Foundstone

Building and Maintaining a Business Continuity Program
Business continuity planning is a critical function that involves many different personnel and departments over multiple phases. As with many business continuity programs, an iterative process is most effective in developing a refined set of procedures and plans.
Topics: Foundstone

McAfee ePolicy Orchestrator: Creating an Apache HTTP Repository
This document describes how to configure Apache and Samba running on a Linux operating systems (OS) platform for the purpose of creating an Apache HTTP Repository for McAfee ePolicy Orchestrator. The Apache repository will allow customers to meet the requirement to have a Linux repository.
Topics: Foundstone, Security Management

Detecting Botnet Propagation
This paper explains botnet propagation techniques uncovered during a recent investigation along with the tools and techniques used to quickly evaluate two separate events.
Topics: Foundstone

PCI Guidance: Microsoft Windows Logging
Logging is normally something that is done to help troubleshoot system availability issues. This paper helps system administrators meet PCI logging requirements by capturing who did what and when, establishing alerts to detect issues that could indicate a system breach and exposure of credit card data.
Topics: Foundstone

A Pentester’s Guide to Hacking OData
The Open Data Protocol (OData ) is an open web based RESTful protocol for querying and updating data. This paper discusses OData penetration testing methodology and techniques.
Topics: Foundstone

Bypassing CAPTCHAs by Impersonating CAPTCHA Providers
CAPTCHA providers allow websites to integrate anti-automation mechanisms by offering CAPTCHA generation and verification services along with the libraries to consume those services.
Topics: Foundstone

Emergency Incident Response: 10 Common Mistakes of Incident Responders
This paper summarizes the top 10 incident response mistakes in the field, highlights issues so you can review your incident response practices, and determines whether you suffer from these shortcomings.
Topics: Foundstone

Know Your Digital Enemy
In this paper, you will learn the dangers of the Gh0st RAT malware.
Topics: Foundstone