Milad Kahsari Alhadi Publication
Home MyBlog PGP Key Courses Publications
Published Articles:

Enhance Security of ICS Systems with Virtualization

Virtualization is the creation of a virtual -- rather than actual -- version of something, such as an operating system, a server, a storage device or network resources. Virtualization security is the collective measures, procedures and processes that ensure the protection of a virtualization infrastructure / environment.

It addresses the security issues faced by the components of a virtualization environment and methods through which it can be mitigated or prevented. In this article, We discuss about how we can make our ICS systems secure against some types of attacks like ICS malware and network haacking operations.

-- Download Article: [PDF in Persian] -- [PDF in English]

SHA-1 Vulnerability Impact on Secure Communication Ecosystem

In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST. SHA-1 produces a 160-bit (20-byte) hash value known as a message digest. A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long.

On February 23, 2017 CWI Amsterdam and Google announced they had performed a collision attack against SHA-1, publishing two dissimilar PDF files which produce the same SHA-1 hash as proof of concept. In this article, I overview SHA-1 vulnerability which Google Project Zero Team and CWI Amsterdam uncovered. In this article, I disccus about the impact of the vulnerability upon secure communications in computer securtiy ecosystem.

-- Download Article: [PDF in Persian] -- [PDF in English]

Published Books:

Practical Malicious Software Analysis

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malicious Software Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

-- Buy: [Shop Link]

Metasploit - The Penetration Tester's Guide

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users.

Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

-- Buy: [Shop Link]

BurpSuite - The Penetration Tester's Guide

Burp Suite is a well-known integrated platform for performing security testing and is considered the de-facto standard for testing web applications. This book is a practical, hands-on guide that can help you take advantage of the Burp Suite, a powerful web security tool.

Thanks to its step-by-step examples, you will quickly learn how to efficiently discover web application vulnerabilities such as SQL Injection and Cross-site scripting. From intercepting your first web request, you will soon be able to inspect parameters, perform tampering, and eventually discover security flaws.

You will also learn how to use the numerous tools available in Burp Suite in order to enumerate all web application entry points, perform scans, and automatically detect security flaws. Then test your sites with automated customized attacks, analyze the randomness of application data, decode data in multiple formats, and much more.

-- Download Book: [PDF]

Wireshark - The Penetration Tester's Guide

Covers details of filters, statistical analysis, and other important tasks. Also includes advanced topics like decoding captured data, name resolution, and reassembling In Detail Wireshark is by far the most popular network traffic analyzing tool.

It not only provides an interface for traffic capture but also provides a rich platform for an in-depth analysis of the traffic. The GUI provides a very user-friendly and interactive media that simplifies the process of network forensics. This concise book provides a perfect start to getting hands-on with packet analysis using Wireshark.

Wireshark - The Penetration Tester's Guide is the perfect guide for new learners who are willing to dive into the world of computer networks. Walking you through from the very start, it transitions smoothly to cover core topics like filters, decoding packets, command line tools, and more. It covers every inch of Wireshark in a concise and comprehensive manner.

Wireshark - The Penetration Tester's Guide has been designed keeping basic learners in mind and written as a practical guide. Wireshark - The Penetration Tester's Guide will show you all you need to know to effectively capture and analyze network traffic.

-- Download Book: [PDF]

Sandbox - The Penetration Tester's Guide

Cuckoo Sandbox is a leading open source automated malware analysis system. This means that you can throw any suspicious file at it and, in a matter of seconds, Cuckoo will provide you with some detailed results outlining what said file did when executed inside an isolated environment.

Cuckoo Malware Analysis is a hands-on guide that will provide you with everything you need to know to use Cuckoo Sandbox with added tools like Volatility, Yara, Cuckooforcanari, Cuckoomx, Radare, and Bokken, which will help you to learn malware analysis in an easier and more efficient way.

-- Download Book: [PDF]

Wed Sep 20, 2017 1:05 am