Blog Posts Tagged with "Penetration Testing"

D8853ae281be8cfdfa18ab73608e8c3f

Sticky Keys and Utilman Against Network-Level-Authentication

July 02, 2012 Added by:Rob Fuller

If you can get physical or SYSTEM/Admin access and enable + reach RDP, you can very easily gain a level of persistence without the need of a pesky password. However, this doesn't work so well with the advent of NLA or Network-Level-Authentication. StickyKeys don't work so well if you have to authenticate first...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

B64e021126c832bb29ec9fa988155eaf

Wireshark: Listening to VoIP Conversations from Packet Captures

June 24, 2012 Added by:Dan Dieterle

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

SecureState Contributes to the SQLMap Project

June 18, 2012 Added by:Spencer McIntyre

Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

1b061b1cec6b5898e5326992d9461610

Infosec Subjectivity: No Black and White

June 04, 2012 Added by:Dave Shackleford

Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

The Biggest Attack Surface is US

May 30, 2012 Added by:Infosec Island Admin

As technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)

71d85bb5d111973cb65dfee3d2a7e6c9

Guessable Passwords: The Unpatchable Exploit

May 20, 2012 Added by:f8lerror

During penetration assessments the tester attempts to compromise systems. Many users take short cuts with passwords, this is because they feel they are not a target, not important, or their access doesn’t matter. Penetration testers know this and so do the attackers...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

The Color of Intent

May 17, 2012 Added by:Jayson Wylie

If I said "hacker", everyone knows what goes along with that, and the audience may be impressed or annoyed depending on their fanfare or if they have been victimized. People still think hacker when they hear "pentester" and do not believe the in the existence of pure "white hats"...

Comments  (1)

Page « < 3 - 4 - 5 - 6 - 7 > »