Blog Posts Tagged with "Penetration Testing"


What Do You Call a BlackHat in Amsterdam?

March 16, 2012 Added by:Javvad Malik

It was my first BlackHat and I’d agreed to cover the event for Infosec Island. Those in attendance would have seen me with Jim Shields of Twist & Shout lugging around camera’s lights, microphones trying to convince people to say a few words to the camera...

Comments  (1)


Security BSides Charleston 2012: Operating In-Security

March 16, 2012 Added by:Security BSides

A combination of students, professionals, geeks and tinkerers gathering to discuss Information Security, hear awesome talks and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring and motivational environment to discuss and collaborate...

Comments  (0)


Out With the New, In With the Old: OS Security Revisited

March 06, 2012 Added by:Ian Tibble

Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...

Comments  (0)


MS08_068 + MS10_046 = FUN UNTIL 2018

March 06, 2012 Added by:Rob Fuller

If you are on an internal penetration test and either exploit a machine or find an open share, you can create an LNK file with an icon that points at a nonexistent share on your attacking machine's IP...

Comments  (0)


What They Don't Teach You in "Thinking Like the Enemy" Classes

March 06, 2012 Added by:Pete Herzog

The enemy is not homogenous. Just like there is not just one foreign language, there is not one type of enemy. Among those enemy attackers, not all think alike. Even those joined together under a common mission or goal, there is often division in how to accomplish that goal...

Comments  (2)


Metadata: A Pentester’s Best Friend

February 17, 2012 Added by:Jake Garlie

Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...

Comments  (0)


Security BSides San Francisco: Presentation Schedule

February 13, 2012 Added by:Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...

Comments  (0)


Brad Smith: The Power of the Ultimate Social Engineer

February 11, 2012 Added by:Malgorzata Skora

While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...

Comments  (1)


Does Offensive Security Really Exist?

February 09, 2012 Added by:Dave Shackleford

I want to refute the concept of offensive vs. defensive security staff. It's not realistic. Reason? Offense really exists for one reason – to inform defense. In my mind, this really means we’re ALL defense. We just accomplish our defensive strategy and tactics in different ways...

Comments  (0)


Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)


User Assisted Compromise (UAC)

February 09, 2012 Added by:Rob Fuller

You have to wait for the user to use UAC (this does not work if someone else does, it's only for the current user HKCU). But, as a side benefit, it's a very real form of sneaky persistence as well, as it will execute our evil binary every single time they use UAC...

Comments  (0)


Security BSides San Francisco: Speakers and Topics Lineup

February 08, 2012 Added by:Security BSides

The goal of Security BSides is to expand the spectrum of conversation beyond the traditional confines of space and time. The conferences create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration...

Comments  (0)


What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)


Gaining Access to a Check Point Appliance

February 07, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)


Metasploit: The Penetration Tester's Guide

January 30, 2012 Added by:Ben Rothke

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...

Comments  (1)


Compliance and Security Trends

January 29, 2012 Added by:Danny Lieberman

Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...

Comments  (1)

Page « < 5 - 6 - 7 - 8 - 9 > »