Category Archives: hardware & software

Assault on PHP Applications

Posted on 8-Oct-2009 by .

This is a must read if you’re a pen tester or PHP developer. Some great things on PHP security including file include, upload vulnerabilities, command execution, and of course SQL injection… Assault on PHP Applications Blackhat Forums Author: Aelphaeis Mangarae … Continue reading →

Posted in hardware & software, security | 1 Comment

Setting up Windows Honey Pot Shares

Posted on 12-Sep-2009 by .

I recently setup a honeypot share on a Windows server. I put some very “interesting” files and directories in there (financial information, PII etc) and then enabled audit logging in Windows. There’s a very powerful but mostly unknown Windows tool … Continue reading →

Posted in microsoft, security | Leave a comment

Reduce ssh brute force attempts…

Posted on 26-Jul-2009 by .

In case you’re still running sshd on port 22 (which you should change!) you’re probably getting hammered with brute force attempts. Take a peak at /var/log/secure or /var/log/wtmp or the “last” command and have a looksy. There’s a great little application … Continue reading →

Posted in linux, security | 1 Comment

Penetration Testing & Capture the Flag

Posted on 23-Jul-2009 by .

Penetration Testing Nowadays penetration testing is where it’s at. Whether trying to learn security, becoming a white hat, or consulting it’s a must have skill. However, it can be intimidating on where to start. Besides picking up books the next … Continue reading →

Posted in forensics, hardware & software, news | 1 Comment

Malware Analyzers Part deuce

Posted on 17-Jul-2009 by .

Several weeks ago I posted about different free malware analyzers (sandbox environments). I’ve stumbled across another free tool from Mandiant which is their Red Curtain offering. Red Curtain will scan a given local directory or drive and analyze each file … Continue reading →

Posted in hardware & software, malware | Leave a comment

Google Hacking

Posted on 15-Jul-2009 by .

Google hacking has been around for a while but unfortunately it is still very relevant. Basically because the Google crawler is so powerful you can use this to your advantage to discover sensitive data. You can find password files as … Continue reading →

Posted in google | Leave a comment

UNetbootin: Live CDs to thumb drives made easy

Posted on 7-Jul-2009 by .

I’ve always found it a major pain to correctly install a Live CD on a thumb drive. You want to do this because of SPEED. Have you tried running Backtrack from a thumb drive? Load times are incredible and there’s … Continue reading →

Posted in hardware & software, news | Tagged backtrack, helix, live cd, unetbootin | Leave a comment

Unlock iPhone: Run unofficial applications

Posted on 4-Jul-2009 by .

I just came across these steps in Wired to unlock your iPhone: 1. Update iTunes and Iphone app installe 2. Download Pwnage Tool 3. Select “simple mode” and install Cydia *If anything goes wrong you can reverse the process using … Continue reading →

Posted in apple | Leave a comment

Google Wave

Posted on 14-Jun-2009 by .

At the recent Google I/O conference in San Francisco the next big Google project was announced, Google Wave. Imagine being able to instant message and collaborate with multiple people in real time. Now chat rooms have been around for a … Continue reading →

Posted in google, news | 1 Comment

SSL Strip

Posted on 13-Jun-2009 by .

There’s a nice tool that will perform SSL man in the middle attacks. In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can … Continue reading →

Posted in hardware & software | Tagged mitm, ssl, wireshark | Leave a comment