My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.
Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.Continue reading →
In order to bring attention to how easy hackers are able to exploit applications, the people at Arxan Technologies have posted a series of videos showing how to hack mobile apps using various open source tools. You can find the videos HERE. Jonathan Carter does a pretty good job going into details on how the tools work with lots of details. Check it out.
I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading →
The people at TheHackerNews.com wrote a article on a new attack against Android devices that tricks users into believing they have powered off their device so they can spy on them. The original post can be found HERE.
Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues “spying” on the users’ activities in the background. So, next time be very sure while you turn off your Android smartphones.
My buddy Aamir Lakahni at drchaos wrote a interesting post about criminals using RAT tools to steal boat loads of money from banks. The original post can be found HERE.
Another week, another hack. A group of cybercriminals used phishing attacks to install remote access toolkits (RATs) and steal over $300 million from banks and other financial institutions (source: http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html)
Using RATs is not new, and common method cybercriminals use. We had an in-depth look at njRAT and the Sweet Orange Exploit on this site. It is also not uncommon to use phishing and other social engineering attacks by attackers to trick users into installing sophisticated malicious tools. Continue reading →
Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.
My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days. Continue reading →
My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.
Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.
One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading →