Issue 10 January 2014
Issue 7
  • network Security
    TCP Idle Scans in IPv6

    You Can Be Anything You Want To Be:
    Bypassing "Certified" Crypto in Banking Apps

    Practical Attacks Against Encrypted
    VoIP Communications
  • database Security
    Attacking MongoDB:
    Attack Scenarios Against a NoSQL Database
  • Application Security
    Random Numbers.
    Take Two: New Techniques to Attack Pseudorandom Number Generators in PHP

    Hunting for OS X Rootkits in Memory

    Revealing Embedded Fingerprints:
    Deriving Intelligence from USB Stack Interactions

    Diving Into IE 10's Enhanced Protected Mode Sandbox

    Exploiting XML Digital Signature Implementations

    Defeating Signed BIOS Enforcement
  • Computer Forensics
    Dynamic Tamper-
    Evidence for Physical Layer Protection

    A Forth for Security Analysis and Visualization
  • Computer Security
    Under the Hood:
    How Actaeon Unveils Your Hypervisor
  • Mobile Security
    Introduction to Advanced Security Analysis
    of iOS Applications with iNalyzer
Issue 9 November 2012
Issue 7
  • Windows Security
    Bot Wars
    - The Game of Win32/64 System Takeover

    Memory Copy Functions in Local Windows Kernel Exploitation
  • mobile Security
    Android Persistent Threats
  • HARDWARE Security
    Does the Analysis of Electrical Current Consumption of Embedded Systems could Lead to Code Reversing?

  • Web Application Security
    To Hack an ASP.Net Site?
    It is Difficult, but Possible!
  • Mobile Security
    A Brief Introduction to VEGA
Issue 8 Feb - April 2012
Issue 7
  • featured article
    Online Security at the Crossroads
  • Network Security
    The Exploit Distribution Mechanism
    in Browser Exploit Packs

    Reverse Shell Traffic Obfuscation
  • Windows Security
    The Story of CVE-2011-2018 exploitation
  • CISSP ® Corner
    Jobs and Certifications Looking
    at the 2012 Landscape

  • From the Bookshelf
    Practical Malware Analysis

    The Tangled Web
  • Book review
    A Bug Hunter's Diary
Issue 7 October 2011
Issue 7
  • Cover Story
    What Would We Do Without Enemies
  • Database Security
    Extending SQL Injection Attacks Using
    Buffer Overflows – Tactical Exploitation
  • Windows Security
    Windows Security Hardening Through
    Kernel Address Protection
  • Professional Development
    CISSP® Corner 34

  • Application Security
    Beyond Fuzzing:
    Exploit Automation with PMCMA
  • Network Security
    Intrusion as a Service
    Using SHODAN

    Studies on Distributed Security
    Event Analysis in Cloud

Issue 6 May 2011
Issue 6
  • Cover Story
    Social Security 42
  • Events
    HITB 2011 Amsterdam

    Random Data Gets In The Box
  • Web Security
    Next Generation Web Attacks –
    HTML 5, DOM (L3) and XHR (L2)
  • Network Security
    Botnet-Resistant Coding
  • Linux Security
    The Story of Jugaad
  • Windows Security
    Windows Numeric Handle
    Allocation In Depth
  • Application Security
    Hardening Java Applications
    with Custom Security Policies

  • Professional Development
    CISSP® Corner

  • Interview
    Vulnerability Reward Program
Issue 5 January 2011
Issue 5
  • Cover Story
    Windows Security
    Windows CSRSS Tips & Tricks
  • Linux Security
    Investigating Kernel Return Codes
    with the Linux Audit System
  • Network Security
    Secure Shell Attack
    Measurement and Mitigation

    ARP Spoofing Attacks & Methods
    for Detection and Prevention

    Exploiting Web Virtual Hosting
    Malware Infections

  • Professional Development
    CISSP Corner - Tips and Trick on
    becoming a Certified Information Systems
    Security Professional

  • Interview
    Rolf Rolles
Issue 4 October 2010
Issue 4
  • Cover Story
    network security
    Notorious Datacenter Servers Support
    Systems Pwning Through Outer Sphere

  • Windows Security
    Custom console hosts on Windows 7

    Windows Objects in Kernel Vulnerability Exploitation
  • information Security
    Stepping Through a Malicious PDF Document

    Decrypting TrueCrypt Volumes with a Physical Memory Dump
  • mobile Security
    Reconstructing Dalvik applications using UNDX
  • Book review
    Ubuntu For Non-Geeks
    Review by Dhillon Andrew Kannabhiran
  • Interview
    Aditya Sood
Issue 3 July 2010
Issue 3
  • Cover Story
    information security
    Using Kojonet Open Source Low
    Interaction Honeypot

    A Brief Overview on Satellite Hacking
  • Malware Analysis
    Chinese Malware Factory
  • Windows Security
    Reserve Objects in Windows 7
  • Application Security
    Javascript Exploits with Forced Timeouts

    Non-Invasive Invasion
    Making the Process Come to You

    IAT and VMT Hooking Techniques
  • Web Security
    URL Shorteners Made My Day!
  • Book review
    ModSecurity Handbook
    Review by Gynvael Coldwind
  • Interview
    Barry Wels
Issue 2 April 2010
Issue 2
  • Cover Story
    Web Security
    Open Redirect Wreck Off
    Web Traffic Forwards
  • Malware Analysis
    Dynamic Instrumentation
    An Application to JavaScript Deobfuscation
  • Information Security
    Time Stamping
    What & Who... But Also When

    Integrity Policies
    An Old Idea with a Modern Implementation
  • Windows Security
    Windows Objects in Kernel
    Vulnerability Exploitation
  • Security Toolbox
    Automated Malware Analysis
    An Introduction to Minibis
  • Interviews
Issue 1 January 2010
Issue 1
  • Cover Story
    LDAP Injection
    Attack and Defence Techniques
  • Exception Detection on Windows
  • The Art of DLL Injection
  • Xprobe2-NG
    Low Volume Remote Network Information Gathering Tool
  • Malware Obfuscation
    Tricks and Traps
  • Reconstructing Dalvik Applications
    Using UNDX



HITB Quarterly 
HITB Quarterly Magazine
Download HITB Quarterly