Blog Posts Tagged with "Tools"

B64e021126c832bb29ec9fa988155eaf

Wireshark: Listening to VoIP Conversations from Packet Captures

June 24, 2012 Added by:Dan Dieterle

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

SecureState Contributes to the SQLMap Project

June 18, 2012 Added by:Spencer McIntyre

Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....

Comments  (0)

48062676f7b2fc521b0b32a3c6494469

What Are ToR Hidden Services?

June 15, 2012 Added by:gaToMaLo r. amores

In the ToR-.onion network, the client asks to use a website's services, then starts a handshake at a rendezvous point (onion relay) - not at the server/IP. They're never on the site/server when in OnionLand, can’t do a WhoIs and get an IP and cannot find a geo-location. If they can’t find you, they can't hack you...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SNORT in an ICS Environment

May 23, 2012 Added by:Infosec Island Admin

A major obstacle for ICS security is how to test and deploy security tools in the ICS space. Now, the open-source IT security research community has paired with ICS teams, DHS, NESCO, and other stakeholders to research ICS network threats and produce tools to address them...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Spring Cleaning Your PC

May 18, 2012 Added by:Robert Siciliano

If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...

Comments  (2)

B64e021126c832bb29ec9fa988155eaf

Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)

94c7ac665bbf77879483b04272744424

Network Anomaly Detection Takes a NAP

May 07, 2012 Added by:Marc Quibell

ADS are still used for investigative purposes - after the data has passed - taking correlated log data and running an analysis against historical data to see if anything abnormal happened. Well that's cool, except it already happened - the damage is already done in most cases...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Getting Started Securing Industrial Assets

May 04, 2012 Added by:Infosec Island Admin

Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Checking Your System for the DNS Changer Malware

April 23, 2012 Added by:Headlines

The deadline for for systems infected with the DNS Changer malware is fast approaching. Failure to rid a device of the malware prior to the July 9 deadline could result in loss of Internet connectivity. To see if your system is infected, simply visit the following website...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases Flashback Malware Removal Tool and Patches

April 17, 2012 Added by:Headlines

Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware for OS X Lion v10.7.3, OS X Lion Server v10.7.3. Mac OS X v10.6.8 and Mac OS X Server v10.6.8...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Exploit for Liferay XSL Code Execution Released

April 11, 2012 Added by:Spencer McIntyre

Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

April 09, 2012 Added by:Headlines

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

EU: Possession of Hacking Tools to Become a Criminal Offense

April 04, 2012 Added by:Headlines

Cyber attacks on IT systems would become a criminal offense punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offense...

Comments  (5)

Page « < 2 - 3 - 4 - 5 - 6 > »