There has been a rapid increase in demand for security solutions that can defend against Advanced Persistent Threats (APTs). Why? Because today, cyber criminals don’t use a specific attack to compromise targeted networks. Continue reading
I get invited to review things from time to time. My latest invite was reviewing a cookbook style guide designed to be a reference for beginner and advance Nmap users. For those that are not familiar with Nmap, it’s an open-source tool built for network exploration and security auditing. Nmap users range from ethical penetration testers to evil hackers. There are dozens of tools that perform automated assessment functions however nothing beats a very skilled Nmap user. Continue reading
My buddy Aamir Lakhani posted about a really cool metadata tool called FOCA. The original post can be found HERE. Below is Aamir’s post about FOCA.
I would like to introduce you to one of my favorite network reconnaissance tools. It is called FOCA.
Did you know every time you create a document such as PowerPoint presentation, Microsoft Word document, or PDFs, metadata is left in the document?
What is metadata? metadata is data about data. It is descriptive information about a particular data set, object, or resource, including how it is formatted, and when and by whom it was collected. metadata can be useful to attackers because it contains useful information about the system where the file was created such as: Continue reading
If you are internet facing, you are vulnerable to Distributed Denial of Services or DDoS attacks. Attacking network services is on the rise as the price for computing power decreases and people become more dependent on technology. Studies from leading service providers show DDoS attacks have grown from 9 to 500 Gbps in the last five years. Botnets are becoming an underground commodity that can be rented for as low as 10 dollars an hour to launch strategic DDoS attacks. Governments are investing in military strategies based on the ability to interrupt enemy computer services through targeted DDoS attacks. These attacks are indeed a weapon of mass disruption. Continue reading
There are many cool tools sold at conferences. One tool to check out is the WIFI Pineapple Mark III for around $100 dollars. Basically it’s a wireless honeypot using a man-in-the-middle attack to access data. The way it works is it listens for devices calling out for known wireless networks / SSIDs. The WIFI Pineapple will hear the request and clone the requested SSID so the device believes its connecting to a known trusted network. Continue reading
Some people believe people behind Cyber Crime are disgruntled teenage hackers looking to cause chaos for fun. In some cases that may be however the majority of Cyber Crime is performed by well-funded organized criminals. Yes, I’m talking about the godfather like people who robbed banks and distributed narcotics on the street corner prior to the computer age. Organized crime realized it’s faster to automate an attack against millions of virtual targets rather than physically deal with criminal activity. Who is really behind Cyber Crime and how do they operate? Lets take at look at a case study of popups to understand the Cyber Crime organization. Continue reading