The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The Fappening The Fappening: A Wake Up Call for Cloud Users

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Raspberry Pi As A Hacking Arsenal

IMG 04731 Raspberry Pi As A Hacking Arsenal

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Shellshock / Bash bug – 22 year internet vulnerability could be the biggest yet

My buddy Aamir Lakhani posted about the recent Shellshock / Bash bug based on his research. Its a fantastic post and original is located HERE.

Security researcher, Stephane Schazelas found a major vulnerability that allows attackers to execute and run code in bash shell.

A shell is found on most UNIX, Linux, and Mac operating systems. Users interact it with it through the terminal program. It is the place to input and run commands for the operating system, as well as accept basic programming for the system. In other words, it is the command line. It is used for management, administrative, and productivity purposes.

Bash is the shell, or command language interpreter, for the GNU operating system. The name is an acronym for the ‘Bourne-Again SHell’, a pun on Stephen Bourne, the author of the direct ancestor of the current Unix shell sh, which appeared in the Seventh Edition Bell Labs Research version of Unix.

Bash installed from netcraft Shellshock / Bash bug – 22 year internet vulnerability could be the biggest yet Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Recon-ng – advanced reconnaissance framework

Starting recon ng 1024x621 Recon ng – advanced reconnaissance frameworkMy buddy Aamir Lakhani wrote about a cool reconnaissance tool called recon-ng. This tool can automate researching a target using multiple sources. The original post can be found HERE

Reconnaissance techniques are the one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication

PayPal Hacking Software Free Download 300x221 Duo Security Researchers Uncover Bypass of PayPal’s Two Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux

SecurityOrb2 Interview with Aamir Lakhani Co Author of Web Penetration Testing with Kali Linux

Here is the other SecurityOrb Interview with my good buddy Aamir Lakhani. Kellep Charles interviewed both of us regarding our book and other general security topics. You can find the Aamir Lakhani interview HERE or on the Security ORB website. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

First look at trends from the 2014 Verizon Data Breach Report

VR6 First look at trends from the 2014 Verizon Data Breach Report

Verizon security researchers along with calibration from more than 50 other organizations have released the Verizon 2014 Data Breach Report (download HERE). My colleague Aamir Lakhani (www.DrChaos.com) and I would like to share our opinion of the trends we saw after analyzing the findings. We encourage you to download the report, along with other sources we reference in this post.

In 2012, the Verizon Data Breach report along with Mandiant (now FireEye) APT1 report (download HERE) found that geopolitical and foreign nation attacks were on the rise. These reports demonstrated a real threat to businesses and organization causing financial loss, intellectual property compromise, and destabilization in business and brand worthiness. Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)

Heartbleed bug causes Phishing and Scams to rise

My buddy Aamir Lakhani wrote a post on the reaction to Heartbleed. He points out the media attention on Heartbleed is opening new opportunities for phishing attacks. The original post can be found HERE

Everyone is in frenzy due to the OpenSSL Heartbleed bug. The mainstream media has been reporting on it for a few days. Unfortunately, with this much publicity, there is also opportunity for attackers to take advantage of the hype. In the last 24 hours I am seeing a major rise in phishing emails and other scams.

As people understand and hear about the bug, I expect scams and malicious phishing emails to exponentially increase.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)