Archive for January, 2016


Professional WordPress – Design and Development Review….

January 15, 2016

Professional WordPress - Design and Development







Professional WordPress – Design and Development Review….

The WordPress source code features many different PHP , Javascript , and CSS code files. Each file serves a specific purpose in WordPress. The beauty of open source software is that all code is publicly available , which means you can easily explore the code to better understand how WordPress functions. The best resource for learning WordPress is the WordPress software itselft.

WordPress comes with three directories by default: wp-admin , wp-content , and wp-includes.Core files are all files in the wp-admin and wp-includes directories and the majority of the files in the root WordPress directory, The wp-content directory holds all of your custom files , including themes , plugins , and media. This directory contains the code that controls content manipulation and presentation in WordPress. WordPress HTML content , such as pages and posts , is stored in the MySQL database along with metadata such as tag and category structures, both of which are covered in detail in Chapter 6.

The most important file in any WordPress installation is the wp-config.php file. This file contains all database connection settings , including the database name , username , and password to access your MySQL database. This file also stores additional database and other advanced settings. The wp-config.php file was originally named wp-config-sample.php. Renaming the file to wp-config.php is one of the first steps to installing WordPress.

The wp-config file is typically stored in the root directory of WordPress. Alternatively , you can move the wp-config file out of the WordPress root directory and into the parent directory. So if your WordPress directory is located here,


you can safely move the file to here:


WordPress looks for the wp-config file in the root directory first , and if it can’t find that file it looks in the parent directory. This happens automatically so no settings need to be changed for this to work.

Initially , you set up WordPress in the document root of your local Apache.If you wanted more than one local website , you could set each website in its own folder. This works and you use it for many development sites. However ,  you can also set up each web server to respond to a local “fake” domain name. Sometimes , when moving to production , using this method makes the conversion from development to production easier.

p/s:- This is some of the excerpt of the article taken from the book – Professional WorPress – Design and Development – written by Brad Williams , David Damstra and Hal Stern – publish by John Wiley and Sons Inc ..





Seven Deadliest USB Attacks Review …..

January 15, 2016

seven deadliest usb attacks








Seven Deadliest USB Attacks Review…..

The Universal Serial Bus (USB) Hacksaw was devised by a posse of self-proclaimed “IT-Ninjas” acting on behalf of the Hak.5 organization. The Hacksaw is one mutation of many USB-related hacks that have been released on this site.

The U3 smart drive was co-developed by SanDisk and M-Systems in 2005. U3 smart drives are USB flash drives with a unique hardware and software setup. The flash-drive hardware configuration causes Windows disk management to provide dual partitions. An emulated read-only CD drive partition contains the autorun.inf and LaunchPad software. The additional drive is a standard file allocation table (FAT) partition , which includes a hidden “SYSTEM” folder for installed application. This configuration allows a U3 flash drive to launch automatically when inserted into a computer.

The regulation of the U3 platform did not stop the hacking community from targeting it. Instead , they utilize a modified U3 LaunchPad called the Universal Customizer , which can overwrite the existing U3 software , enabling an open-source platform for global development with minimal governance. Many administrative and forensic-type applications are finding their way onto this and other open-source versions.

The USB Hacksaw tool is designed to work with Windows 2000 , XP . or 2003 systems only . although some success has been achieved on Vista. The program will manually install onto Windows 7 although Stunnel v4.11 is not compatible , resulting in a failure to establish a connection to the e-mail server. A Windows XP operating system was used to build the Hacksaw version outlined in the next section. In order to get the programs on the U3 drive , you must replace the launcher with the open-source code. The tool is designed to run automatically if autorun has not been disable by the user policy.

An antivirus (AV) kill script was initially released for the original verion of the USB Switchblade. It has since been taken down from the site due to mounting inconsistencies and failure caused by vendor updates and adaptations. Some AV vendors have already tagged the AV kill program released on the Hak.5 web site (csrss.exe) for the USB Switchblade as a virus , rendering it ineffective from the get-go. Since administrator access is required for Switchblade to run successfully , there are other techniques that can be used to disable AV before the payload execution.

p/s: – Some of the excerpt are taken from the book – Seven Deadliest USB Attacks – written by Brian Anderson and Barbara Anderson – publish by Syngress.

  • Just finish interview with iContro Software Sdn Bhd – Position : Software Developer at Kota Damansara  this week….