A coworker of mine, Tom Cross, was featured on CBS Atlanta regarding a case where a newscast member had her credit card information stolen. An interesting aspect of this situation is the criminals obtained the card number while the victim was in another city holding the authentic card. It is undetermined how the criminals stole the card number to create the duplicate but the motive clear … purchase giftcards until the credit card account becomes locked. Continue reading
Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE
Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.
The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide. Continue reading
Thanks to my guest writer Kyle Olson for this post. Kyle’s bio is below.
Security breaches on your website hosting servers and any other server based online assets are no laughing matter. Suffering one of these breaches can mean anything from the theft of data for fraud related purposes to the total destructive erasure of all your information just for the fun of it (Hackers aren’t exactly known for always being motivated by money) Continue reading
Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading
Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing
Emily Williams and Robin Sage
Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using Emily Williams. Continue reading
“My buddy Aamir Lakhani is developing a iOS security class and recently posted about hacking iOS devices. This is a very popular subject and want to share this. Also shout out to Tom Bedwell for his assistance with the research. You can find the original posting at www.cloudcentrics.com”
iOS devices can be booted with their own kernel and micro operating systems instead of approved Apple firmware. When iOS devices are loaded with a micro kernel, you can run attacks such as bypassing the passcode, decrypting passwords, copying file systems, viewing emails and much more. The following guide describes how to create a RAM DISK, however it may not function precisely as a step-by-step instruction set, since each system is unique and requires some level of customization. Continue reading
My buddy Aamir Lakhani posted about a really cool metadata tool called FOCA. The original post can be found HERE. Below is Aamir’s post about FOCA.
I would like to introduce you to one of my favorite network reconnaissance tools. It is called FOCA.
Did you know every time you create a document such as PowerPoint presentation, Microsoft Word document, or PDFs, metadata is left in the document?
What is metadata? metadata is data about data. It is descriptive information about a particular data set, object, or resource, including how it is formatted, and when and by whom it was collected. metadata can be useful to attackers because it contains useful information about the system where the file was created such as: Continue reading
Some people believe people behind Cyber Crime are disgruntled teenage hackers looking to cause chaos for fun. In some cases that may be however the majority of Cyber Crime is performed by well-funded organized criminals. Yes, I’m talking about the godfather like people who robbed banks and distributed narcotics on the street corner prior to the computer age. Organized crime realized it’s faster to automate an attack against millions of virtual targets rather than physically deal with criminal activity. Who is really behind Cyber Crime and how do they operate? Lets take at look at a case study of popups to understand the Cyber Crime organization. Continue reading
How many people use eight-character or less passwords with the first letter being capital and last entries being numbers? People are predictable and so are their passwords. To make things worse, people are lazy and tend to use the same passwords for just about everything that requires one. A study from the DEFCON hacker conference stated, “with $3,000 dollars and 10 days, we can find your password. If the dollar amount is increased, the time can be reduced further”. This means regardless of how clever you think your password is, its eventually going to be crack-able as computers get faster utilizing brute force algorithms mixed with human probability. Next year the same researchers may state, “with 30 dollars and 10 seconds, we can have your password”. Time is against you. Continue reading