Raspberry Pi As A Hacking Arsenal

IMG 04731 Raspberry Pi As A Hacking Arsenal

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro Using Metasploit To Bypass Anti Virus Software   Generating and Obfuscating Payloads

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (5 votes cast)

Device Fingerprinting – What it is and defense measures

cookie1 Device Fingerprinting   What it is and defense measures

The people at webdesigndegreecenter developed a infographic covering device fingerprinting beyond standard cookie tracking. The original infographic can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cool Penetration Testing Application: Cobalt Strike

CBStrike Cool Penetration Testing Application: Cobalt Strike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

You Dont Have To Lose A Credit Card To Become A Victim Of Fraud

creditcard1 You Dont Have To Lose A Credit Card To Become A Victim Of FraudA coworker of mine, Tom Cross, was featured on CBS Atlanta regarding a case where a newscast member had her credit card information stolen. An interesting aspect of this situation is the criminals obtained the card number while the victim was in another city holding the authentic card. It is undetermined how the criminals stole the card number to create the duplicate but the motive clear … purchase giftcards until the credit card account becomes locked. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)

SSL Strip – Breaking Secure Websites

Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE

SSLSTRIP LAB

Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.

The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

5 Steps to Take Right After Suffering a Cyber Security Breach

Thanks to my guest writer Kyle Olson for this post. Kyle’s bio is below.

ohno 5 Steps to Take Right After Suffering a Cyber Security Breach

Security breaches on your website hosting servers and any other server based online assets are no laughing matter. Suffering one of these breaches can mean anything from the theft of data for fraud related purposes to the total destructive erasure of all your information just for the fun of it (Hackers aren’t exactly known for always being motivated by money) Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

PART 2 “The Attack” – THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

 PART 2 “The Attack”   THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (10 votes cast)