Blog Posts Tagged with "Hacking"
The Perils Of Automation In Vulnerability Assessment
June 25, 2012 Added by:Ian Tibble
“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...
Comments (5)
Wireshark: Listening to VoIP Conversations from Packet Captures
June 24, 2012 Added by:Dan Dieterle
A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...
Comments (0)
Post Exploitation with PhantomJS
June 17, 2012 Added by:Rob Fuller
PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...
Comments (0)
Recovering Clear Text Passwords – Updated
June 13, 2012 Added by:Dan Dieterle
When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...
Comments (0)
Recovering Remote Windows Passwords in Plain Text with WCE
June 05, 2012 Added by:Dan Dieterle
After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...
Comments (1)
Metasploit: The Penetration Tester’s Guide - A Review
May 28, 2012 Added by:Dan Dieterle
The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...
Comments (0)
West New York Mayor Arrested for Hacking
May 25, 2012 Added by:Headlines
The mayor of West New York, N.J., and his son were arrested for allegedly hacking into an e-mail account and website associated with a movement to recall the mayor, and have been charged with gaining unauthorized access to computers and conspiracy...
Comments (0)
Practice Linux Penetration Testing Skills with Metasploitable
May 18, 2012 Added by:Dan Dieterle
Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...
Comments (0)
Hacking-Kung Fu: Aims and Objectives Part 2
May 06, 2012 Added by:Quintius Walker
A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...
Comments (3)
Fear and Loathing in Infosec: The Black Mass
May 02, 2012 Added by:Scot Terban
Gesticulating and making odd sounds, the hackers milled and jerked around like some strange species of black raptors. Babbling incoherently about arcane knowledge in the hopes of one upping the other hapless technoweens in the room....
Comments (0)
Recovering Windows Passwords Remotely in Plain Text
April 26, 2012 Added by:Dan Dieterle
There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. The passwords for anyone who has logged into a machine can be displayed...
Comments (0)
Observations on Lack of Research in Social Engineering
April 19, 2012 Added by:Bozidar Spirovski
The attack was performed by multiple phone calls which created contact with multiple targets. Each call was a probing attempt to collect as much information possible. The first and second stage of the attack was aimed at the same targets but with several days delay between stages...
Comments (0)
Security BSides Chicago 2012 Presentation Lineup
April 19, 2012 Added by:Security BSides
Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...
Comments (0)
Hacking-Kung Fu: Aims and Objectives
April 15, 2012 Added by:Quintius Walker
Understanding Kung Fu-Hacking enables you to realize that there is more to it than merely learning form or exploits. Understanding will lead you, if you are still not able to defend yourself in real world situations or compromise systems outside lab environments, to ask why...
Comments (0)
Governments and Gaming Platforms: It's Time for Warfare
April 10, 2012 Added by:Pierluigi Paganini
The U.S. Navy has reported that scope of the project is to hack into consoles to access to sensitive information exchanged through their messaging services. They have offered guarantees that the spying technology will be used only on nations overseas...
Comments (11)
OWASP Releases Zed Attack Proxy (ZAP) 1.4.0
April 09, 2012 Added by:Headlines
"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)