PCI-DSS and Vulnerability Management

Last August 1, 2015, I presented about a known security standard for credit cards. The Payment Card Industry Data Security Standard (PCI-DSS) is a standard used to protect data of merchants and banks that utilize the credit card facility. There are 12 requirements of PCI-DSS. I focused my presentation on the vulnerability management side since … Continue reading PCI-DSS and Vulnerability Management

Advertisements

Detecting Command and Control Traffic Using Botnet Correlator Module

Last June 8, 2015, I presented a paper entitled "Detecting Command and Control Traffic Using Botnet Correlator Module" in Kuala Lumpur, Malaysia. The paper was a product of a project in APC together with my students in INFOSEC. The trip was entirely sponsored by the school (thank you so much!) and the experience was very … Continue reading Detecting Command and Control Traffic Using Botnet Correlator Module

Attack of the Day: The FTP Bounce Attack

I encountered an IDS signature stating that a user accessed an FTP site but a possible FTP Bounce Attack might occur. Why is that so? The severity of this attack is high because it indicates potential port scanning activities as well as bypassing basic packet filtering services and export restrictions through FTP. (Fortiguard, 2006) How … Continue reading Attack of the Day: The FTP Bounce Attack