Operating Systems

4eb356e09746aadc2f4800877e8c24e8

Sidestepping Microsoft SQL Server Authentication

October 21, 2012 Added by:Brandon Knight

Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...

Comments  (2)

7366c113eb2ccd38f6bbcbd5d52a6bec

How to PWN Systems Through Group Policy Preferences

September 20, 2012 Added by:Jeff McCutchan

All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...

Comments  (0)

Fd7e078e5bfb68a4be33cbfac76f4f70

Detecting Window Stations and Clipboard Monitoring Malware with Volatility

September 19, 2012 Added by:Michael Ligh

Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...

Comments  (0)

Fd7e078e5bfb68a4be33cbfac76f4f70

Recovering Login Sessions, Loaded Drivers, and Command History with Volatility

September 18, 2012 Added by:Michael Ligh

Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How to Add a Local Administrator with the Arduino Leonardo

July 08, 2012 Added by:f8lerror

Security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo board which supports emulating a Human Interface Device out of the box...

Comments  (1)

7ddc1f3000a13e4dfec28074e9e7b658

Apple's Crystal Prison and the Future of Open Platforms

June 06, 2012 Added by:Electronic Frontier Foundation

Apps that require administrative privileges are impossible to install on an iOS device without jailbreaking it. This includes apps that let you firewall your device and secure your internet traffic with OpenVPN. Jailbreaking also helps security and privacy researchers to see if apps are leaking data...

Comments  (3)

Ca77c9128684f4263450c6d728107608

Security Automation by Hand - Batch/Bash/FOR

May 15, 2012 Added by:Damion Waltermeyer

This series of articles will be entry points and ideas on how to manage your environment quickly, easily, and cheaply. We’ll also tackle some scripting languages: Batch, Bash, VBScript, Python and Powershell being the most likely for simplicity and compatibility with environments...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases OS X and Safari Security Updates

May 11, 2012 Added by:Headlines

Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

A Field Guide to Post-UDID Unique IDs on iOS

May 10, 2012 Added by:Fergal Glynn

Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple: Critical Update for Java for OS X Lion and Mac OS X

April 04, 2012 Added by:Headlines

"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Ubuntu 12.04 Will Bring OS-Level Security Options

March 14, 2012 Added by:Electronic Frontier Foundation

In the upcoming release on April 26, Ubuntu 12.04 is introducing operating system-wide settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases Multiple Security Updates

March 09, 2012 Added by:Headlines

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions...

Comments  (0)

1de705dde1cf97450678321cd77853d9

Out With the New, In With the Old: OS Security Revisited

March 06, 2012 Added by:Ian Tibble

Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

Gaining Access to a Check Point Appliance

February 07, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)

E973b16363b3de77b360563237df7e32

The Difficult Life of a Mac in the Mixed Environment

February 02, 2012 Added by:Bozidar Spirovski

We are not abandoning the Mac - it is a great tool and an asset in our little lab. But in the current state of things, it takes a lot of effort and compromise to fully migrate to a Mac platform, especially since a multi-environment knowledge is required...

Comments  (2)

959779642e6e758563e80b5d83150a9f

The Death of Antivirus Software

January 23, 2012 Added by:Danny Lieberman

Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?

Comments  (12)

Page « < 4 - 5 - 6 - 7 - 8 > »