Items Tagged with "Hacking"


D8853ae281be8cfdfa18ab73608e8c3f

Integration of Mimikatz into Metasploit Stage One

July 10, 2012 Added by:Rob Fuller

One of the powers of Metasploit is its ability to stay memory resident through the use of reflective DLL injection, even keeping new functionalities the attack loads from ever touching disk. I want get to that same level with Mimikatz. Here is my first step to that end: A Railgun based Meterpreter script...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Sticky Keys and Utilman Against Network-Level-Authentication

July 02, 2012 Added by:Rob Fuller

If you can get physical or SYSTEM/Admin access and enable + reach RDP, you can very easily gain a level of persistence without the need of a pesky password. However, this doesn't work so well with the advent of NLA or Network-Level-Authentication. StickyKeys don't work so well if you have to authenticate first...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

EFF Staff to Present at Hackers on Planet Earth

July 01, 2012 Added by:Electronic Frontier Foundation

Technologies are transforming our society, and when our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. Hackers On Planet Earth (HOPE), one of the most creative and diverse hacker events in the world...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

CapFire4: Criminal Malware-as-a-Service Platform

June 26, 2012 Added by:Pierluigi Paganini

Cybercrime is operating as an enterprise, with tools offered for the coordination of cyber attacks such as spamming of malware, malware hosting, and for building command and control infrastructure for botnets. The latest service is called CapFire4, and it’s a good example of malware-as-a-service...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

B64e021126c832bb29ec9fa988155eaf

Wireshark: Listening to VoIP Conversations from Packet Captures

June 24, 2012 Added by:Dan Dieterle

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

West New York Mayor Arrested for Hacking

May 25, 2012 Added by:Headlines

The mayor of West New York, N.J., and his son were arrested for allegedly hacking into an e-mail account and website associated with a movement to recall the mayor, and have been charged with gaining unauthorized access to computers and conspiracy...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)

09dae715e355968a0e90ebddf038ad56

Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

Fear and Loathing in Infosec: The Black Mass

May 02, 2012 Added by:Infosec Island Admin

Gesticulating and making odd sounds, the hackers milled and jerked around like some strange species of black raptors. Babbling incoherently about arcane knowledge in the hopes of one upping the other hapless technoweens in the room....

Comments  (0)

1a490136c27502563c62267354024cd5

Advanced Methods of Bypassing Website Security

May 01, 2012

There are many methods of defense which admins use to block access to their sites or to the parts of the site's functionality. Among such methods there are use of CAPTCHAs and blocking by IP. But not all such methods are reliable enough, and there are ways to bypass them...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »