Recent Twats
- @PatrickElOso Today I don't feel like doing anything I just wanna lay in my bed Don't feel like picking up my phone, so leave a message...
- RT @RealGilbert: The RIP Eddie Murphy reports are false! The cops found a dead black guy and just assumed it was either Eddie Murphy or ...
- Why Twitter’s new policy is helpful for free-speech advocates - http://t.co/lMFgD7F1
Archives
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
Category Archives: pentest
Hacking to pwn a cop car
My boy Kevin Finisterre recently made headlines while doing a penetration test on a city’s infrastructure. (Kevin and I knew each other from past lives) It turns out Kevin discovered a way to access video dumps from a police dash … Continue reading
Posted in news, pentest, security
Leave a comment
Simplifying Information Security Risk Assessments
There’s a free webcast available from Accuvant’s Doug Landoll on Simplifying your Risk Assessments available here. Some of the highlights are: First, data and system owners need to be included on discussions to set protection requirements based on their criticality … Continue reading
Posted in news, pentest, security
Leave a comment
The Power of GPU’s
There’s been a lot of talk recently about using graphics processing units (GPU) to crack passwords. This was due to a recent paper published by a researchers from the Georgia Tech Research Institute. Long story short: Make sure your passwords are … Continue reading
win32 memory capture & analysis cheat sheet
A high level overview to perform live memory captures and analysis: capture memory via moonsol’s win32dd parse memory snapshot with mandiant’s memoryze analyze results via audit viewer or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation
One more vulnerable web project….
Back in November I posted a list of intentionally vulnerable web applications for educational purposes. You can find that list here: http://www.system7.org/2009/11/05/test-your-web-pentest-skillz/ A new one to add to the list is OWASP’s Broken Web Application Project. There was a great … Continue reading
Posted in pentest, security
Leave a comment
Quickly assess your PHP infrastructure security: PHPSecInfo
From their homepage: PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of … Continue reading
Posted in pentest, security
Leave a comment
Pen Testing 101 Presentation
PaulDotCom has an excellent penetration testing presentation covering your primary 6 tools: nmap, nessus, hydra, pass-the-hash, metasploit, and cain & abel. Check it out here: http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf
Posted in pentest
Leave a comment
Successfully running De-Ice on a virtual machine….
I’ve seen several folks wondering how to setup the De-Ice pentest environments in a virtual machine. It’s actually a fairly simple setup and I’ve included the steps needed below…. Here’s the config I used to get level 1(1.100) working: Configure … Continue reading
Penentration Test Scenario’s
I’ve recently been trying to teach my young cousin the basics of computer security. I started by having him get the Backtrack live-cd which is geared for penetration testing. Once you have Backtrack running you need a dummy machine to … Continue reading
Posted in pentest, security
4 Comments