Items Tagged with "Hacking"


DEUCE: Bypassing DLP with Cookies

July 19, 2012 Added by:f8lerror

DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...

Comments  (0)


Integration of Mimikatz into Metasploit Stage One

July 10, 2012 Added by:Rob Fuller

One of the powers of Metasploit is its ability to stay memory resident through the use of reflective DLL injection, even keeping new functionalities the attack loads from ever touching disk. I want get to that same level with Mimikatz. Here is my first step to that end: A Railgun based Meterpreter script...

Comments  (0)


Sticky Keys and Utilman Against Network-Level-Authentication

July 02, 2012 Added by:Rob Fuller

If you can get physical or SYSTEM/Admin access and enable + reach RDP, you can very easily gain a level of persistence without the need of a pesky password. However, this doesn't work so well with the advent of NLA or Network-Level-Authentication. StickyKeys don't work so well if you have to authenticate first...

Comments  (0)


How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)


EFF Staff to Present at Hackers on Planet Earth

July 01, 2012 Added by:Electronic Frontier Foundation

Technologies are transforming our society, and when our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. Hackers On Planet Earth (HOPE), one of the most creative and diverse hacker events in the world...

Comments  (0)


CapFire4: Criminal Malware-as-a-Service Platform

June 26, 2012 Added by:Pierluigi Paganini

Cybercrime is operating as an enterprise, with tools offered for the coordination of cyber attacks such as spamming of malware, malware hosting, and for building command and control infrastructure for botnets. The latest service is called CapFire4, and it’s a good example of malware-as-a-service...

Comments  (0)


The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)


Wireshark: Listening to VoIP Conversations from Packet Captures

June 24, 2012 Added by:Dan Dieterle

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...

Comments  (0)


Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)


Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)


Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)


Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)


West New York Mayor Arrested for Hacking

May 25, 2012 Added by:Headlines

The mayor of West New York, N.J., and his son were arrested for allegedly hacking into an e-mail account and website associated with a movement to recall the mayor, and have been charged with gaining unauthorized access to computers and conspiracy...

Comments  (0)


Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)


Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)


Fear and Loathing in Infosec: The Black Mass

May 02, 2012 Added by:Infosec Island Admin

Gesticulating and making odd sounds, the hackers milled and jerked around like some strange species of black raptors. Babbling incoherently about arcane knowledge in the hopes of one upping the other hapless technoweens in the room....

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »