Book Review: Penetration Testing With Raspberry Pi

raspberrypiBerislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.

Introduction

Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Make Spammers Pay You with write.io

delete-spam-button

My buddy Aamir Lakahni wrote a interesting post on the write.io service. The original post can be found HERE. I see a valuable use case for this when I attend events and conferences. They make you provide a email address that gets hammered with SPAM. It will be nice to make them pay to plug their messages. It is a better approach then just providing a fake email account. Below is Aamir’s article.

What if you had to pay to send every email? Would you think twice about what you send? Would it change the content or the clarity of the message? Do you think charging money to send email would reduce SPAM and other unwanted email? Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Breaking SSH, VNC, and other passwords with Kali Linux and Hydra

crackedMy buddy Aamir Lakhani aka drchaos wrote a great post on breaking SSH, VNC and other services. The original post can be found HERE.

Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenVAS 8.0 Vulnerability Scanning

open_vas_logo

My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The art of creating backdoors and exploits with Metasploit

metasploit-300x142

My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Open Whisper Systems releases free open source Secure Messaging and Voice app

oepn-whisper-systemsMy buddy Aamir Lakhani wrote a great post on Open Whisper used for secure messaging. The original post can be found HERE. Here is the post from Aamir.

I have been waiting for almost a year for Open Whisper systems to release an iOS Apple compatible application for secure messaging. This is free, it’s open source, its easy to use. Download it now. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Installing and Troubleshooting Kali Linux On Raspberry Pi

RASPBERRY

I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Bank Hackers Steal Millions via Malware

cyber-attack-hacker

My buddy Aamir Lakahni at drchaos wrote a interesting post about criminals using RAT tools to steal boat loads of money from banks. The original post can be found HERE.

Another week, another hack. A group of cybercriminals used phishing attacks to install remote access toolkits (RATs) and steal over $300 million from banks and other financial institutions (source: http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html)

Using RATs is not new, and common method cybercriminals use. We had an in-depth look at njRAT and the Sweet Orange Exploit on this site. It is also not uncommon to use phishing and other social engineering attacks by attackers to trick users into installing sophisticated malicious tools. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)