Cool Penetration Testing Application: Cobalt Strike

CBStrike Cool Penetration Testing Application: Cobalt Strike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Dont Just Click Any Link – Avoiding Phishing, Social Engineering And Other Attacks

shark Dont Just Click Any Link   Avoiding Phishing, Social Engineering And Other Attacks

I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.

I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

How To Educate Your Employees About Social Engineering

 How To Educate Your Employees About Social EngineeringA common saying is ” Amateurs Hack Systems, Professionals Hack People”.  Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

RSA NetWitness: An Anatomy Of An Attack

Here is a post from my friend Aamir Lakhani’s blog about RSA NetWitness. The original can be found at Cloud Centrics (http://www.cloudcentrics.com/). Really good post on NetWitness.

RSA NetWitness

rsa netwitness2 RSA NetWitness: An Anatomy Of An Attack

RSA NetWitness is a unique solution that captures, store and analyze network data traffic. This gives you the able to see exactly what comes in and goes out of the network in real time . In simple terms, RSA offers to you a Network CCTV. Not only that, NetWitness also allows you to see the traffic in action as it reconstructs the data that flows through the network into its original format according to its own type or application. This helps you strengthen your security measures by taking appropriate action. On top of that, since all traffic is captured and stored, you will be able to go back to a particular period of time and conduct historical data analysis. Nothing escapes undetected. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Enforcing Network Policy Internally, Remotely And To Mobile Devices

 Enforcing Network Policy Internally, Remotely And To Mobile DevicesMany corporations fail to establish and enforce a network policy. A network policy is a set of conditions, limitations, and customized settings designed to control how authorized subjects use network resources. Common examples of a network policy are controlling access to adult, gambling, hacking, blacklisted and other website categories that violate human resource (HR) and security standards. Network Policy requirements can change based on device type, time of day and user role. Its key that network policy is automatically enforced rather than something end-users choose to abide by or most likely will fail when most needed. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)