Category Archives: pentest

Hacking to pwn a cop car

My boy Kevin Finisterre recently made headlines while doing a penetration test on a city’s infrastructure. (Kevin and I knew each other from past lives) It turns out Kevin discovered a way to access video dumps from a police dash … Continue reading

Posted in news, pentest, security | Leave a comment

Simplifying Information Security Risk Assessments

There’s a free webcast available from Accuvant’s Doug Landoll on Simplifying your Risk Assessments available here. Some of the highlights are: First, data and system owners need to be included on discussions to set protection requirements based on their criticality … Continue reading

Posted in news, pentest, security | Leave a comment

The Power of GPU’s

There’s been a lot of talk recently about using graphics processing units (GPU) to crack passwords.  This was due to a recent paper published by a researchers from the Georgia Tech Research Institute.  Long story short: Make sure your passwords are … Continue reading

Posted in news, pentest, privacy, security | Tagged , , | Leave a comment

win32 memory capture & analysis cheat sheet

A high level overview to perform live memory captures and analysis: capture memory via moonsol’s win32dd parse memory snapshot with mandiant’s memoryze analyze results via audit viewer or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation

Posted in forensics, malware, microsoft, pentest, security | Tagged , | Leave a comment

One more vulnerable web project….

Back in November I posted a list of intentionally vulnerable web applications for educational purposes.   You can find that list here: http://www.system7.org/2009/11/05/test-your-web-pentest-skillz/ A new one to add to the list is OWASP’s Broken Web Application Project.  There was a great … Continue reading

Posted in pentest, security | Leave a comment

Quickly assess your PHP infrastructure security: PHPSecInfo

From their homepage: PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of … Continue reading

Posted in pentest, security | Leave a comment

Pen Testing 101 Presentation

PaulDotCom has an excellent penetration testing presentation covering your primary 6 tools: nmap, nessus, hydra, pass-the-hash, metasploit, and cain & abel.  Check it out here: http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf

Posted in pentest | Leave a comment

Successfully running De-Ice on a virtual machine….

I’ve seen several folks wondering how to setup the De-Ice pentest environments in a virtual machine.  It’s actually a fairly simple setup and I’ve included the steps needed below…. Here’s the config I used to get level 1(1.100) working: Configure … Continue reading

Posted in pentest | 1 Comment

Penentration Test Scenario’s

I’ve recently been trying to teach my young cousin the basics of computer security.  I started by having him get the Backtrack live-cd which is geared for penetration testing. Once you have Backtrack running you need a dummy machine to … Continue reading

Posted in pentest, security | 4 Comments