Blog Posts Tagged with "Linux"
Investigating In-Memory Network Data with Volatility
September 25, 2012 Added by:Andrew Case
This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...
Comments (0)
Analyzing the KBeast Rootkit and Detecting Hidden Modules with Volatility
September 18, 2012 Added by:Andrew Case
KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...
Comments (0)
Analyzing the Average Coder Rootkit, Bash History, and Elevated Processes with Volatility
September 16, 2012 Added by:Andrew Case
This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...
Comments (0)
Pentoo 2012: A Penetration Testers Distro of Gentoo Linux
September 09, 2012 Added by:Dan Dieterle
I’ve never seen Pentoo before, but couldn’t resist taking a peek. Basically Pentoo is Gentoo Linux with a bunch of security focused tweaks. I am married to Backtrack and am not interested in switching to another Linux Security Distro, but Pentoo looks enticing...
Comments (0)
Metasploitable 2.0 pt 4: Cracking Linux Passwords and Pentesting with Grep
August 20, 2012 Added by:Dan Dieterle
Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...
Comments (0)
Recovering tmpfs from Linux and Android Memory Captures with Volatility
August 14, 2012 Added by:Andrew Case
Tmpfs is interesting from a forensics perspective for a few reasons. The first is that, in a traditional forensics scenario, the investigator expects that he can shut a computer off, images its disk(s), and get back the filesystem at the time of when the computer was running. With tmpfs, this is obviously not true...
Comments (3)
The Rise of Multi-Platform Malware
July 12, 2012 Added by:Pierluigi Paganini
Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...
Comments (0)
Multi-Platform Backdoor Malware in the Wild
July 11, 2012 Added by:Headlines
"The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files... the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively..."
Comments (0)
Metasploitable: Gaining Root on a Vulnerable Linux System
May 22, 2012 Added by:Dan Dieterle
Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...
Comments (1)
Practice Linux Penetration Testing Skills with Metasploitable
May 18, 2012 Added by:Dan Dieterle
Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...
Comments (0)
Adobe Releases Critical Updates Reader and Acrobat
April 12, 2012 Added by:Headlines
Adobe has released critical updates to address multiple vulnerabilities in Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh...
Comments (0)
ICS-CERT: Wago IPC Multiple Vulnerabilities
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
Comments (0)
Researchers Successfully Hacked Online Voting System
March 07, 2012 Added by:Headlines
"Within 48 hours of the system going live, we had gained nearcomplete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days..."
Comments (0)
Adobe Releases Critical Updates for Flash Player Vulnerability
March 06, 2012 Added by:Infosec Island Admin
Adobe has released critical updates for Android, Windows, Linux and Solaris operating systems to mitigate vulnerabilities in the company's Flash Player software that may have allowed attackers to inflict a denial of service or take control of a targeted system...
Comments (0)
Encryption: A Buzzword, Not a Silver Bullet
February 16, 2012 Added by:Danny Lieberman
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...
Comments (0)
Did the 2006 Symantec Breach Expose RSA's SecurID?
February 10, 2012 Added by:Kevin McAleavey
The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...
Comments (23)
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor
- Enterprise Software Security - The Fake Choice Between Fast and Secure
- BSidesLV Preview: Vulnerabilities in Application Whitelisting
- Scangate Re-visited: Vulnerability Scanners Uncovered