Blog Posts Tagged with "Tools"

D8853ae281be8cfdfa18ab73608e8c3f

Companies That Give Back with Free Tools

July 25, 2012 Added by:Rob Fuller

Penetration Testing / Red Teaming requires the use of a lot of tools. I don't mind getting called a "script kiddie" because I can accomplish more and faster when I don't have to code every single task I need to do. This post is to point out companies that make this possible and give a small bit of thanks...

Comments  (2)

03b2ceb73723f8b53cd533e4fba898ee

Power Pwn and DARPA Programs for Developing Hacking Tools

July 23, 2012 Added by:Pierluigi Paganini

Network analysis has never been easier. Power Pwn, which looks like a surge protector, can be controled remotely via Wi-Fi, Bluetooth, and Ethernet as it searches for network weaknesses. It’s fully manageable via a Web interface accessible through the unit's 3G radio or directly to the device via text message...

Comments  (2)

Bd623fa766512fdf6b57db66f522b741

About Antivirus, Security Awareness, Security Usability...

July 21, 2012 Added by:Ali-Reza Anghaie

No matter how many times it's warned against, most Security professionals use themselves and their contemporaries as the basis for what's "right". And as security becomes higher profile with more incidents it really starts looking like instead of having cynical contempt for the users, it's more like plain excuses...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Netstat Post Module for Meterpreter

July 20, 2012 Added by:Rob Fuller

It's real simple, first we've gotta add the GetTcpTable function to Railgun, then gauge the size of the table, then it's all just parsing the result. Also pretty straight forward. First we get the number of entries which is held in the first 4 bytes, then just parse the MIB_TCPTABLE one MIB_TCPROW...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

DEUCE: Bypassing DLP with Cookies

July 19, 2012 Added by:f8lerror

DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Energy Department Develops Tool for Electric Grid Cybersecurity

July 19, 2012 Added by:Headlines

“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”

Comments  (0)

Ebdbfa1c3de4d826bbe7fe360c211ecc

A Step-by-Step Guide for Choosing the Best Scanner

July 16, 2012 Added by:Shay Chen

There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Evidence of Compromise: Metasploit's PSEXEC

July 15, 2012 Added by:Rob Fuller

I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Free Power on the Grid?

July 15, 2012 Added by:Jayson Wylie

Sometimes the wrong people get the code and use it maliciously. It is in the nation’s best interest to keep the power infrastructure safe and keep meters fool proof, but it depends on how effective a tool is to be able to effectively manipulate the technology to an individual’s own financial advantage...

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Shodan: There is Now an App for That

July 11, 2012 Added by:shawn merdinger

Since October, 2010, Shodan has consistently made waves in the information security world. Like any security tool, Shodan can be leveraged by both malicious attackers and legitimate security operations to gain insights into the public IP exposure of an organization. Now enters the Shodan App...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Honeypots Can Help Safeguard Your Information Systems

July 10, 2012 Added by:Brent Huston

Honeypots are simple technology intended to be compromised. There is little or no production traffic going to or from the device, so any time a connection is sent it is most likely a probe, scan, or an attack. Any time a connection is initiated from the honeypot, this most likely means it was compromised...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How to Add a Local Administrator with the Arduino Leonardo

July 08, 2012 Added by:f8lerror

Security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo board which supports emulating a Human Interface Device out of the box...

Comments  (0)

D13f77e036666dbd8f93bf5895f47703

I Know What You Tweeted Last Summer...

July 04, 2012 Added by:Theresa Payton

We have mentioned before that Twitter will send every tweet to the National Archives and the Library of Congress, so watch what you tweet. Now new tools unleash a trove of data in moments. For the 140 million and growing user base that tweets over 400 million tweets per day, this might be a little more than alarming...

Comments  (0)

48062676f7b2fc521b0b32a3c6494469

Anonymity and E-Commerce in the Black Market with Tor

July 02, 2012 Added by:gaToMaLo r. amores

A skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area...

Comments  (1)

03b2ceb73723f8b53cd533e4fba898ee

CapFire4: Criminal Malware-as-a-Service Platform

June 26, 2012 Added by:Pierluigi Paganini

Cybercrime is operating as an enterprise, with tools offered for the coordination of cyber attacks such as spamming of malware, malware hosting, and for building command and control infrastructure for botnets. The latest service is called CapFire4, and it’s a good example of malware-as-a-service...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

Page « < 1 - 2 - 3 - 4 - 5 > »