A nice tool for SSL cipher testing is this Perl script: ssl-cipher-check.pl, however, in Backtrack and also on other distros you may get this error the first time you run it: ssl-cipher-check.pl -vw my.exampledomain.com 443 … ERROR: Unable to find /usr/bin/gnutls-cli-debug. Please install the gnutls-devel package To avoid that simply install the missing package as …
In a recent pen test, after compromising the host machine I faced the fact that LM hashes were disabled, and the passwords in use were relatively strong so the normal dictionary and brute-force attacks would not work straightaway. Because it was a long pen test, I had an idea: I could use the meterpreter key …
When Testing for HTTP Methods and XST a common vulnerability to find is XST. When you manually verify that this vulnerability is truly present (i.e. not a tool false positive) you can use tools like netcat but sometimes the web server is using SSL and netcat will not work straightaway. You can get around this …
Unlike previous Backtrack versions Nessus now comes installed by default on Backtrack 5. This is very cool because all that is left for you is to activate Nessus! If that was not enough, when you upgrade Backtrack the instructions to register are just shown to you: …. root@bt:~# apt-get upgrade … – Please run /opt/nessus/sbin/nessus-adduser …
In case you missed it, I put together a blog post last week on the OWASP AppSec EU Security Conference in Trinity College, Dublin, Ireland with slides, pictures and experience Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “I would recommend to store at least half a …
Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Crytography Privacy Security FAIL General Outrageous Funny / Hilarious Hacking Incidents / Cybercrime Document claims LulzSec has obtained 2011 UK Census records [www.v3.co.uk] Infamous hacking group LulzSec is claiming to have obtained the entire …
Update 02/07/2011: Arian Evans recently clarified he is really “Arian Evans” and not “Adrian Lane”, so I fixed that in the post below. Arian Evans gave the talk on the Six Application Security Metrics. Apologies for confusing the names :). Update 23/06/2011: Dreyer just clarified to me that int3pids were really third and not first …
Smile! it’s Friday! 🙂 In case you missed it I put together a blog post last week regarding my personal experience on the CISSP certification process, etc: CISSP exam, materials, preparation and experience Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “A pen test should …
Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Forensics / Reverse Engineering Cryptography Wireless Security Mobile Security Cloud Security Privacy / Censorship Security FAIL Off Topic Funny Hacking Incidents / Cybercrime Incident Analysis: Million Dollars Lost In A Minute [carnal0wnage.attackresearch.com] Dudes, I and two …
Update 02/08/2011: This post tends to receive spam in the comments. I am sorry about that and I try to remove it as soon as I see it. You can read about where the spam is coming from here. Summary: I recently got word that I passed the CISSP exam. It took exactly 1 month …
