Raspberry Pi As A Hacking Arsenal

IMG 04731 Raspberry Pi As A Hacking Arsenal

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Recon-ng – advanced reconnaissance framework

Starting recon ng 1024x621 Recon ng – advanced reconnaissance frameworkMy buddy Aamir Lakhani wrote about a cool reconnaissance tool called recon-ng. This tool can automate researching a target using multiple sources. The original post can be found HERE

Reconnaissance techniques are the one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro Using Metasploit To Bypass Anti Virus Software   Generating and Obfuscating Payloads

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (5 votes cast)

Expert Metasploit Penetration Testing [Video]

3664OS Video Expert Metasploit Penetration Testing [Video]

I’ve been asked about suggested training for penetration testing. The most popular programs are the Certified Ethical Hacker CEH (found HERE) and SANs courses (found HERE). There are many books such as the one I wrote with my buddy Aamir (HERE) as well as others I have recommended HERE.

I was provided access to a video series through Packt Publishing titled “Expert Metasploit Penetration Testing [Video]” and found it to be pretty useful for those looking to learn how to use Metasploit. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HEREheartbleed OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.

Here is what you need to know:

  • This is a very serious vulnerability.
  • It harms personal computers and everyday users. Attackers could possibly steal user information. 
  • Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
  • The bug is found on most systems and has been present since 2012.
  • Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
  • Patching and updating systems will not protect owners from attackers who have already captured data.

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Launching and Preventing Denial of Service Attacks – DDoS / DoS

Dos Launching and Preventing Denial of Service Attacks – DDoS / DoS

I have recently seen a uptick in DDoS / DoS attacks against my customers and asked questions such as “how easy is it to perform these attacks?”, “who launches these attacks?” and “how can I defend against such attacks?”. I have spoke about this topic in the past however will provide both the executing and defending side of DoS in this post. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

The Darknet

shhh The Darknet

I’ve had people ask about the Darknet and decided to provide a brief overview. To summarize, the Darknet is not some evil network designed to cause chaos. I find it funny when articles refer to the Darknet as some form of attack or thing to watch out for. To put it simply, the Darknet is a closed or hidden network meaning you can’t access webpages using standard Internet browsers. In order to find dark resources, you need specific software and sometimes special permission to access parts of the network. The next screenshot is one method using a TOR browser. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)