Blog Posts Tagged with "Penetration Testing"

Bbb285308604bc5fbb9b43590d0501f6

Security BSides Charleston 2012: Operating In-Security

March 16, 2012 Added by:Security BSides

A combination of students, professionals, geeks and tinkerers gathering to discuss Information Security, hear awesome talks and bring security into our everyday lives. Our mission is to provide an inclusive, inspiring and motivational environment to discuss and collaborate...

Comments  (0)

1de705dde1cf97450678321cd77853d9

Out With the New, In With the Old: OS Security Revisited

March 06, 2012 Added by:Ian Tibble

Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

MS08_068 + MS10_046 = FUN UNTIL 2018

March 06, 2012 Added by:Rob Fuller

If you are on an internal penetration test and either exploit a machine or find an open share, you can create an LNK file with an icon that points at a nonexistent share on your attacking machine's IP...

Comments  (0)

1789975b05c7c71e14278df690cabf26

What They Don't Teach You in "Thinking Like the Enemy" Classes

March 06, 2012 Added by:Pete Herzog

The enemy is not homogenous. Just like there is not just one foreign language, there is not one type of enemy. Among those enemy attackers, not all think alike. Even those joined together under a common mission or goal, there is often division in how to accomplish that goal...

Comments  (1)

Cb9aade927a0abf5b0bbdd2a4aaf8716

Metadata: A Pentester’s Best Friend

February 17, 2012 Added by:Jake Garlie

Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Security BSides San Francisco: Presentation Schedule

February 13, 2012 Added by:Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...

Comments  (0)

1a490136c27502563c62267354024cd5

Brad Smith: The Power of the Ultimate Social Engineer

February 11, 2012 Added by:Malgorzata Skora

While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...

Comments  (1)

1b061b1cec6b5898e5326992d9461610

Does Offensive Security Really Exist?

February 09, 2012 Added by:Dave Shackleford

I want to refute the concept of offensive vs. defensive security staff. It's not realistic. Reason? Offense really exists for one reason – to inform defense. In my mind, this really means we’re ALL defense. We just accomplish our defensive strategy and tactics in different ways...

Comments  (0)

Ca77c9128684f4263450c6d728107608

Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)

D8853ae281be8cfdfa18ab73608e8c3f

User Assisted Compromise (UAC)

February 09, 2012 Added by:Rob Fuller

You have to wait for the user to use UAC (this does not work if someone else does, it's only for the current user HKCU). But, as a side benefit, it's a very real form of sneaky persistence as well, as it will execute our evil binary every single time they use UAC...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Security BSides San Francisco: Speakers and Topics Lineup

February 08, 2012 Added by:Security BSides

The goal of Security BSides is to expand the spectrum of conversation beyond the traditional confines of space and time. The conferences create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

Gaining Access to a Check Point Appliance

February 07, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Metasploit: The Penetration Tester's Guide

January 30, 2012 Added by:Ben Rothke

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Compliance and Security Trends

January 29, 2012 Added by:Danny Lieberman

Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Social Engineering Toolkit – User Agent Switcher – setuas.sh

January 21, 2012 Added by:Kyle Young

What if I want to clone a website that is the mobile version? What if I want to clone a website that checks to see if end users are Microsoft Windows users? This is where the Social Engineering Toolkit User Agent Switcher (setuas.sh) is applicable...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »