My Article in PenTest Magazine – Backtrack Compendium July 2013

pentestmagimage My Article in PenTest Magazine   Backtrack Compendium July 2013

PenTest Magazine just released a issue focused on BackTrack titled BackTrack Compendium. I wrote a piece on compromising passwords using tools available in Kali Linux. An image from the introduction of my piece can be found below. I haven’t had a chance to review the entire magazine however glancing over it and found many interesting topics such as “Improve your Firewall Auditing”, “Building a SQLI Test Lab”, “How to Set Up a Software Hacking Lab”, “Multiphase Penetration Testing with Metasploit, Backtrack and Armitage”, “Metasploit Primer”, and many many more. I have a lot of good reading to do this week icon smile My Article in PenTest Magazine   Backtrack Compendium July 2013 Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

How Hackers Crack Weak Passwords

People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of time. For example, it’s common to find a password on a non-critical asset such as a PlayStation 3 be the same as a person’s bank account login.

The more information an attack knows about your password profile, the more likely they will crack your password. For example, a policy of “6-10 characters with one upper case letter and special character” actually helps an attacker reduce the target space meaning passwords are weaker with the policy. If an hacker captures a password for another system and notices a formula such as ‘<dictionary word>’ followed by ‘<3 numbers>’, it helps the attacker prepare a dictionary attack (utilities such as Crunch makes this easy). Any password shorter than 10 characters is an easy target to brute force attack based on today’s system process power. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

How To Educate Your Employees About Social Engineering

 How To Educate Your Employees About Social EngineeringA common saying is ” Amateurs Hack Systems, Professionals Hack People”.  Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Protect Your Communication Using Free Tools: Secure E-mail and Hiding Messages with Steganography

es66715 coversecret Protect Your Communication Using Free Tools: Secure E mail and Hiding Messages with Steganography

Is There More To This Image?

How we communicate has become extremely easy in today’s digital society.  Most mobile devices offer software that integrates with social networks, business applications and e-mail. People share anything from where they are eating to what they are about to eat in near real-time (personally I find it annoying). This convenience makes securing communication more difficult since most digital messages leave a digital fingerprint as well as usually transmitted over nonsecure sources. My team has demonstrated how hackers can steal data in transit using man-in-the-middle attacks with tools like the Pine Apple (more HERE), BeEF (more HERE), and compromising mobile devices to pull up old text messages and e-mails. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Defending Against Google Hacking : Know What Can Be Found On Search Engines

Its shocking how organizations are compromised due to administration carelessness such as using default passwords or advertising sensitive information on public sources. Many companies purchase top dollar security solutions however fail at addressing the most common security weakness; enforcing thorough security policies. One popular reconnaissance technic known as Google Hacking (however can use other search engines) can expose confidential information, vulnerabilities and login credentials using Internet search engines. Here are some tips to avoid being abused by Google Hacking or other reconnaissance techniques. Continue reading

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)

Passwords Are Doomed: You NEED Two-Factor Authentication

 Passwords Are Doomed: You NEED Two Factor Authentication
How many people use eight-character or less passwords with the first letter being capital and last entries being numbers? People are predictable and so are their passwords. To make things worse, people are lazy and tend to use the same passwords for just about everything that requires one. A study from the DEFCON hacker conference stated, “with $3,000 dollars and 10 days, we can find your password. If the dollar amount is increased, the time can be reduced further”. This means regardless of how clever you think your password is, its eventually going to be crack-able as computers get faster utilizing brute force algorithms mixed with human probability. Next year the same researchers may state, “with 30 dollars and 10 seconds, we can have your password”. Time is against you. Continue reading

VN:F [1.9.22_1171]
Rating: 4.8/5 (5 votes cast)