I have been a fan of the gadgets produced by Hak5. For example, you can find a post I wrote on the WIFI Pineapple HERE. I picked up the latest tool from Hak5 known as the LAN Turtle from DEFCON23 and have configured it to auto SSH to a server hosted in the cloud (thanks to Aamir aka DrChaos for the server). This post will cover an overview of the LAN Turtle and how to setup an auto SSH to remotely access the LAN Turtle as well as cloud folder to easily remove data from a target network. Continue reading
I posted about the Ashley Madison breach HERE. For those that are not following this, Ashley Madison, the popular affair website was breached by a group calling themselves The Impact Team. They threaten to leak customer records if Ashley Madison didn’t shutdown their website. Ashley Madison is still up and the deadline has passed so The Impact Team posted access to all 30 million customer records. My buddy Aamir aka Dr Chaos summed up the current state of this situation. His post can be found HERE.
Hackers attacked Ashley Madison (known as AM by its users), the dating site for married couples that promotes infidelity. They walked away with 30 million records containing site user information. While the initial ramifications seem obvious, the story continues to unfold with recent news that email addresses were discovered that originated from government agencies, high level politicians, and certain celebrities. The data represents a treasure trove of sensitive and extremely private data that has a high potential for causing damage to individuals. Continue reading
My good buddy Aamir Lakhani arrived days before everybody else for the Blackhat conference to help setup the network for attendees. He was interviewed by Darkreading.com and spoke about his experience standing up and securing a network for security professionals as well as potential hackers. The original post can be found HERE.
‘Dr. Chaos’ shares the inside scoop on the challenges and rewards of protecting one of the ‘most hostile networks on the planet.’
BLACK HAT USA — Las Vegas — Securing Black Hat from Black Hat sounds like a great tagline, but it’s something volunteers at the Black Hat Network Operations Center (NOC) took very seriously last week when we were tasked to help secure one of the most hostile networks on the planet. Continue reading
My buddy Aamir Lakahi from drchaos.com wrote a cool post on how to hide malware inside Adobe PDF files. The original post can be found HERE.
Distributing malware inside Adobe PDF documents is a popular method for attackers to compromise systems. Within the latest versions of Reader, Adobe has added multiple updates to address vulnerabilities. Additionally, Adobe has added a robust software sandbox capability to Reader, which activates if attackers use PDF vulnerabilities to attempt exploit of a system. Due to this sandbox addition, attackers are left with extremely limited and temporary access, restricting what can be accomplished. Continue reading
Berislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.
Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading
My buddy Aamir Lakahni wrote a interesting post on the write.io service. The original post can be found HERE. I see a valuable use case for this when I attend events and conferences. They make you provide a email address that gets hammered with SPAM. It will be nice to make them pay to plug their messages. It is a better approach then just providing a fake email account. Below is Aamir’s article.
What if you had to pay to send every email? Would you think twice about what you send? Would it change the content or the clarity of the message? Do you think charging money to send email would reduce SPAM and other unwanted email? Continue reading
My buddy Aamir Lakhani aka drchaos wrote a great post on breaking SSH, VNC and other services. The original post can be found HERE.
Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.
My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading