Five years ago, using a software system to monitor Internet usage may have been seen in some quarters as the preserve of large companies, and not so much of a concern to SMBs. Productivity loss, time wasted on non-work related browsing and excessive use of video streaming, are a few reasons why more and more …
I will be giving a lightning talk at Brucon next week. My goal is to give a quick overview on the vast amount of tests possible before you have permission to test a target. This is particularly useful if you are given a short test window but you are willing to put the extra effort …
Intro The terrific guys at informática64 put together the FOCA tool (for mostly automated metadata extraction in the free version) quite a while ago and they just keep improving it continously. The Pro version is just 100€ + VAT and you get a lesson from Chema Alonso along the way so worth considering too :). …
I also posted this guide as a wiki entry on the BeEF project page here. Installing BeEF on a Windows System might be a bit confusing for some users: There is not a typical windows installer where you click “Next Next Finish” and then everything works. You need to perform a series of manual steps …
Update 08/08/2011: Added link to further evidence of Shon Harris spamming via blog comments from ittraining blog at the bottom of the post. I have maintained this blog for some time. I appreciate comments but sometimes there is spam that unfortunately gets in: In particular, I was interested in the CISSP spam: The CISSP post …
This is just a quick note to let you know that I recently put together a Backtrack 5 Installation Script on the BeEF project wiki here. You won’t have to install BeEF by hand on your Backtrack 5 H4x0r server farms and clouds anymore ;).
When you are running a business, you depend on technology, devices and IT services, you need to be aware of several security implications. The greater the level of access to the numerous systems you have in place, the greater the number of security precautions you must take to protect each and every part of the …
Let’s imagine the following fictional scenario: You are operating on a shoe string security budget. An old Windows XP SP0 machine was compromised and you are tasked with acquiring a raw hard drive image so that you can perform some forensics on that image later on. To keep things simple we are leaving memory forensics …
A nice tool for SSL cipher testing is this Perl script: ssl-cipher-check.pl, however, in Backtrack and also on other distros you may get this error the first time you run it: ssl-cipher-check.pl -vw my.exampledomain.com 443 … ERROR: Unable to find /usr/bin/gnutls-cli-debug. Please install the gnutls-devel package To avoid that simply install the missing package as …
In a recent pen test, after compromising the host machine I faced the fact that LM hashes were disabled, and the passwords in use were relatively strong so the normal dictionary and brute-force attacks would not work straightaway. Because it was a long pen test, I had an idea: I could use the meterpreter key …