The art of creating backdoors and exploits with Metasploit

metasploit-300x142

My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Open Whisper Systems releases free open source Secure Messaging and Voice app

oepn-whisper-systemsMy buddy Aamir Lakhani wrote a great post on Open Whisper used for secure messaging. The original post can be found HERE. Here is the post from Aamir.

I have been waiting for almost a year for Open Whisper systems to release an iOS Apple compatible application for secure messaging. This is free, it’s open source, its easy to use. Download it now. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Installing and Troubleshooting Kali Linux On Raspberry Pi

RASPBERRY

I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Bank Hackers Steal Millions via Malware

cyber-attack-hacker

My buddy Aamir Lakahni at drchaos wrote a interesting post about criminals using RAT tools to steal boat loads of money from banks. The original post can be found HERE.

Another week, another hack. A group of cybercriminals used phishing attacks to install remote access toolkits (RATs) and steal over $300 million from banks and other financial institutions (source: http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html)

Using RATs is not new, and common method cybercriminals use. We had an in-depth look at njRAT and the Sweet Orange Exploit on this site. It is also not uncommon to use phishing and other social engineering attacks by attackers to trick users into installing sophisticated malicious tools. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Anthem: Yet Another Victim of the “Highly Sophisticated Attack”

Sneaky-Anthem

The people at RiskIQ posted a interesting article covering the Anthem breach. The original post can be found HERE. 80 Million Personal Records Compromised!!!!! WOW

It should come as no surprise that another major data breach is in the headlines. Anthem, the nation’s second largest insurance provider, may have had as many as 80 million personal records compromised. There are several factors that make this breach notable. Primarily, it is the first major health insurance breach of its scale. The largest breach prior was the loss of over 4 million records by CHS. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)

njRAT Malware – remote control malware

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

The Best Cyber Security Talks of 2014

Hacking1

My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)