My Buddy Aamir Lakhani wrote a awesome Installation guide for kali Linux. This is a updated version of what is available in our book. Check out the original post HERE via www.drchaos.com
Introducing kali Linux
The creators of BackTrack have released a new, advanced penetration testing Linux distribution named kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system. Continue reading →
I published an article for PenTest magazine’s November 2013 issue. The article is titled “Launching Social Media Based Attacks”. Below is the introduction from the article. You can find the complete article at http://pentestmag.com/. Continue reading →
A few weeks ago Aamir Lakhani put up a blog post on how to install and configure Snort on Security Onion with Snorby. Since the release of the article He has received numerous requests on how to disable some of the rules. Here is a post on tuning by Aamir. The original post can be found HERE.
My buddy Aamir Lakhani and I performed a penetration test using social media sources (Facebook and LinkedIn) as a method to compromise users from our target. You can find more about our project aka Emily Williams HERE and HERE as well as at www.drchaos.com. Continue reading →
My buddy Aamir Lakhani wrote a guide on how to install a Secure Onion setup with Snort and Snorby. You can find the original on his blog at www.drchaos.com or HERE
Security Onion is a Linux distribution for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. Security Onion is a platform that allows you to monitor your network for security alerts. It’s simple enough to run in small environments without many issues and allows advanced users to deploy distributed systems that can be used in network enterprise type environments. Continue reading →
My buddy who wrote the Kali Linux book with me released another short book on setting up XenMobile. I was one of the reviewers for this and believe it is a great guide for anybody looking to configure a new XenMobile environment. You can find the book HERE as well as Amazon, Barns & Noble or other online resellers.
Here is a interesting post from Billy Austin found on www.drchaos.com HERE
What 3rd party apps do remote workers have installed?
Remote workers are nothing new, but the challenge of hunting down employees on-the-go and assessing these devices can be a task in and of itself. With the increase of cyber incidents triggered by remote connectivity & insecure 3rd party apps, one would think these devices are in-scope for security and compliance quarterly checkup scans. After speaking with security and auditing colleagues, it proved to be quite the opposite. Continue reading →
Here is a really cool post by the Chaos Computer Club found on Dr. Chaos’s blog (but they are not associated with each other) about bypassing Apple TouchID. For those watching the new iPhone releases, this is a major feature from the iPhone S. The original post can be found HERE
First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white wood glue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Nice post by Aamir Lakahni aka Dr. Chaos. The original post can be found HERE
The U.S. Department of Homeland Security awarded their continuous monitoring and diagnostics contract. The vendors will provide the tools, hardware, software, and professional services to implement solutions and provide continuous-monitoring-as-a-service.