You have an idea for an article about information security?
Submit articles to shortinfosec _at_ gmail dot com.
Please include author name, brief bio and a link to your blog/site
The general policy of gust articles are:
- We accept submissions for articles by other bloggers, as long as they are connected to the topics of information security or information technology.
- The author receives full reference, in the about the author section (at the end of the article). In the same section you can provide one link to the author's personal blog or site.
- The link provided for reference cannot be used to link to third party site or commercial company.
- If the guest author wishes to provide a link to a third party company, that is a chargeable feature. Please contact us to discuss pricing.
- Every submission will be reviewed prior to publication, and any offending elements to this policy will be edited out.
- We reserve the right to add images and modify the paragraph structure to approach the style of the blog more closely
Welcome to the downloads page. Here you can browse and download all template documents and blueprints published by Shortinfosec
Compiled tools (win32 exe)
Policies and Procedures Templates (PDF)
- Information Security Policy
- Corporate Firewall Policy
- Business Continuity Plan for Brick & Mortar Businesses
- Software Acceptance Testing Log
- Computer Forensics Helix_Evidence_Collection_Sample_Logs.zip
- Verification sums:
- SHA1SUM c7d189a78a715fd96127677d39d5ace1d5854ea5
- MD5SUM 9b61fad0cf4418175cb7e387c6962c49
Author: Bozidar Spirovski
- Occupation: Information Security Expert
- CISSP #301565
- MCSA, MCP ID# 2448347
- ITIL v3 Foundations Certified
- Age: 34
- Send comments, requests or general inquiry to shortinfosec _at_ gmail dot com
- Visit my LinkedIn profile at
- All tutorials, solutions and opinions stated on the blog should be credited only to the author, and do not reflect the position nor are in relation to the author's employer.
- All examples and scenarios, unless referring to publicly available information are of fictional nature and have no intention to be related real situations in any company.
- All personal information and names presented on this site, unless referring to publicly available information are of fictional nature and cannot to be related real persons.
- All tutorials, solutions and opinions are of an informative purpose and should be used as a guideline only. Specific implementation level solutions must be prepared per individual case.
- Any sponsored articles will be clearly marked with the name of the sponsor. When writing sponsored articles, we reserve the full right to publish objective opinions and/or reviews, including identification of poor performance or negative issues encountered during the writing of the article.
This site does not collect any information from a visitors' computer other then the following:
- 1st 3 octets of the IP address
- Name of ISP to whom the IP class is assigned to
- Operating System Version
- Browser Type and Version
- Screen Resolution
- Referral Information
- Entry page
- Exit page
- Visit time
- This site does not collect personal information and does not require user registration.
- Any personal or contact information submitted by the visitor to the site's owner via the contact e-mail address will be used only in mutual communication and for a periodic newsletter with opt-out option.
- Personal or contact information will not be sold, transferred or used for commercial promotion.
- The comments are publicly accessible - Any personal or contact information submitted by the visitor on the a comments page is not protected by the owner of this site.
Corporate Security Process
- Hunting for hackers - Google fraud style
- Corporate Security - Are the hackers winning?
- The call records theft - security of batch processing
- Real and Bizarre Information Security Situations
- Be Aware of Security Risks of USB Flash Drives
- Tutorial - Measures for minimizing Spear Phishing Attacks
- Is Skype a good Corporate Tool?
- Citibank PIN Heist - Sources of Security Breach
- Personal Data Protection - Anonymizing John Doe
- 8 Tips for Securing from the Security experts
- GPS Fleet Tracking - Risks or Benefits?
- Information theft - Minimize targets of opportunity
- Internet Social Engineering - Avoid Con Tricks
- 3 Rules to Avoid Problems due to Changes in Development
- Nobody's safe - Google's personal data stolen
- 4 Controls to Avoid Risks of Fully Trusting a System
- 3 Controls to Secure Corporate Off Computers
- Control Delegated Responsibility
- Caveats of strong perimeter security
- Portrait of Hackers
- 8 Steps to Better Securing Your Job Application
- Information Disposal Procedure
- Security Concerns Cloud “Cloud Computing”
- Securing an Application Backend - always forgotten
- Dissecting Social Engineering - Free Product Scam
- Tutorial - Secure Web Based Job Application
- Email security - leaks in corporate e-mails
- Google Voice - No Privacy Remains?
- 3 Things no book about hacking will ever tell you
- 5 Minute Security Assessment
- 5 biggest mistakes of information security
Business Continuity and Disaster Recovery
- Business Continuity Plan for Blogs
- Business Continuity Plan for Brick & Mortar Businesses
- Example Business Continuity Plan For Online Business
- Business Continuity Analysis - Communication During Power Failure
- High Availability - Clusters have Issues
- Know the Difference - Backup vs. Archive
- iPhone Failed - Disaster Recovery Practical Insight
- Google's Ratproxy Web Security Tool for Windows
- Web Site that is not Easy to hack - Part 2 HOWTO - the web site attacks
- Web Site that is not that easy to hack - Part 1 HOWTO - the bare necessities
- Checking web site security - the quick approach
- Strategic Choice - Proper Selection of Web Hosting
- Protecting from Meddling Web Applications
- Tutorial - Using Ratproxy for Web Site Vulnerability Analysis
- Tutorial: Making a Web Server
- Creating Your Own Web Server
- Template to Regulate your Firewall Configurations
- Obtaining a valid MAC address to bypass WiFi MAC Restriction
- Example - Bypassing WiFi MAC Address Restriction
- 5 Rules to Home Wi-Fi Security
- Template - Corporate Information Security Policy
- San Francisco WAN Lockout - Pointing Fingers at Everyone Responsible
- Network Access Control - A Solution with Problems
- Example - SMTP message spoofing
- Tutorial - Mail Header Analysis for Spoof Protection
- DHCP Security - The most overlooked service on the network
- Whisperbot - No thanks, I'll use e-mail
- Whisperbot analysis - Revisited
- Custom Encryption - No Thank You!
- System Hardening Process Checklist
- WMI Scanning - Excellent Security Tool
- Controlling Firefox Through Active Directory
- Creating secure CD/DVD media for transport using Truecrypt
- TrueCrypt Full Disk Encryption Review
- Check Your DNS Zone Transfer Status
- Stopping a Corporate IT Infrastructure in a Single Blow - are you safe?
- Tutorial - A Poor Man's Secure USB
- No Privacy - Saw You Cheating on Image Search
- When Will Your Mobile Phone get Hacked?
- 5 rules to Protecting Information on your Laptop
- Hardware Security Module for Dummies
- Keep Your Security Systems Patched
- 3 Rules to Prevent Backup Headaches
- Risk of losing backup media - real example
- 6 steps to securing your backup media
- Cracking a TrueCrypt Container
- Tutorial - Hidden Operating System with Truecrypt
- Quick and Basic Security Assessment for Databases
- Cloud Backup - A gamble on several levels
- Security risks and measures in software development
- Security challenges in software development
- Creating Good Software - Align expectations and development
- Application security - too much function brings problems
- Information Risks when Branching Software Versions
- 3 rules to keep attention to detail in Software Development
- Measures for Improving Data Integrity through Application Version Control
- Software Response Evaluation Methodology
- The Cost of Datacenter Physical Security Blueprint
- Datacenter Physical Security Blueprint
- Dead-man Door Blueprint
Forensics and Information Investigations
- Scalpel - File Carving from Partially Wiped Evidence Disk
- Understanding Penetration Testing Methodology
- Hiding Information in Plain Sight - Steganography
- New Helix3 Forensic CD - Welcome
- Thrown in the Fire - Database Corruption Investigation
- Competition - Computer Forensic Investigation
- Competition Results - Computer Forensic Investigation
- Tutorial - Computer Forensics Evidence Collection
- Tutorial - Computer Forensics Process for Begginners
- Security Information Gathering - Brief Example
- BackTrack 4 Penetration Test Distro - First Glance
- Creating BackTrack4 Pentest Virtual Machine