In order to bring attention to how easy hackers are able to exploit applications, the people at Arxan Technologies have posted a series of videos showing how to hack mobile apps using various open source tools. You can find the videos HERE. Jonathan Carter does a pretty good job going into details on how the tools work with lots of details. Check it out.
A buddy of mine introduced by to a really good resource for learning Cisco technology. The site is http://labminutes.com/. It is free to watch the videos and they are really good about going into details on various topics. For example, there are 33 Cisco ASA FirePOWER videos. You can search for a specific tasks such as how to integrate with AD, configuring malware protection and so on. Here is an example list of the number of videos for popular topics. Book mark this site if you are looking for hands on training videos. Continue reading →
The people at techcrunch.com published a interesting article on the recent Blue Cross Breach. The original post can be found HERE. According to datalossdb.orb, they listed the following lost.
“Up to 11,000,000 member names, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, member identification numbers, financial and medical claims details possibly accessed by hackers”
Now this isn’t as big as the Anthem breach (80,000,000) but still very substantial. Here is the post from techcrunch. Continue reading →
The security research team at Cisco known as Talos released a huge discovery of complete hidden whois data attached to more than 282,000 domains registered through the company’s Google Apps for work service. This accounts for around 94% of the addresses Google Apps has registered through a partnership with eNom. The original post can be found HERE. The post was created by Nick Biasini, Alex Chiu, Jaeson Schultz, Craig Williams and William McVey.Continue reading →
You may have heard the saying “don’t ever stick a unknown USB drive into your computer”. Here is a great example why this is good advice. Usually the fear is how malware can auto launch and compromise your computer. An example is the classic rubber ducky found HERE. Dark Purple at http://kukuruku.co/ posted HERE about a USB drive that can actually fry your computer.
I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading →
I am asked about Cisco Next Generation Security aka FireSIGHT licensing at least once a week. This post will explain the license options for Cisco FirePOWER and what is needed to request demo licenses to enable your demo system. NOTE: This is the current license model as of March 8th 2015.
For those that are not familiar with the new Cisco FirePOWER offering, it is a blend of Content Filtering, Reputation Security, Application Visibility and Controls, Vulnerability Scanning, IPS/IDS, Network and Endpoint Day Zero protection. These features are offered as a dedicated physical or virtual appliance, as a software option ran inside of a X generation ASA or as a Cloud service. For the dedicated appliance, virtual appliance and ASA version, there are three license options. Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →