Blog Posts Tagged with "Tools"
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
June 15, 2012 Added by:gaToMaLo r. amores
In the ToR-.onion network, the client asks to use a website's services, then starts a handshake at a rendezvous point (onion relay) - not at the server/IP. They're never on the site/server when in OnionLand, can’t do a WhoIs and get an IP and cannot find a geo-location. If they can’t find you, they can't hack you...
June 13, 2012 Added by:Dan Dieterle
When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...
June 08, 2012 Added by:Brent Huston
The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...
June 05, 2012 Added by:Dan Dieterle
After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...
May 23, 2012 Added by:Infosec Island Admin
A major obstacle for ICS security is how to test and deploy security tools in the ICS space. Now, the open-source IT security research community has paired with ICS teams, DHS, NESCO, and other stakeholders to research ICS network threats and produce tools to address them...
May 18, 2012 Added by:Robert Siciliano
If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...
May 18, 2012 Added by:Dan Dieterle
Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...
May 07, 2012 Added by:Marc Quibell
ADS are still used for investigative purposes - after the data has passed - taking correlated log data and running an analysis against historical data to see if anything abnormal happened. Well that's cool, except it already happened - the damage is already done in most cases...
May 04, 2012 Added by:Infosec Island Admin
Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...
April 23, 2012 Added by:Headlines
The deadline for for systems infected with the DNS Changer malware is fast approaching. Failure to rid a device of the malware prior to the July 9 deadline could result in loss of Internet connectivity. To see if your system is infected, simply visit the following website...
April 17, 2012 Added by:Headlines
Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware for OS X Lion v10.7.3, OS X Lion Server v10.7.3. Mac OS X v10.6.8 and Mac OS X Server v10.6.8...
April 11, 2012 Added by:Spencer McIntyre
Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...
April 09, 2012 Added by:Headlines
"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."
April 04, 2012 Added by:Headlines
Cyber attacks on IT systems would become a criminal offense punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offense...
April 03, 2012 Added by:Headlines
"Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for 'clean,' 1 for 'malicious,' or 'UNKNOWN.' The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers..."
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015