OpenVAS 8.0 Vulnerability Scanning

open_vas_logo

My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The art of creating backdoors and exploits with Metasploit

metasploit-300x142

My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Open Whisper Systems releases free open source Secure Messaging and Voice app

oepn-whisper-systemsMy buddy Aamir Lakhani wrote a great post on Open Whisper used for secure messaging. The original post can be found HERE. Here is the post from Aamir.

I have been waiting for almost a year for Open Whisper systems to release an iOS Apple compatible application for secure messaging. This is free, it’s open source, its easy to use. Download it now. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Installing and Troubleshooting Kali Linux On Raspberry Pi

RASPBERRY

I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Bank Hackers Steal Millions via Malware

cyber-attack-hacker

My buddy Aamir Lakahni at drchaos wrote a interesting post about criminals using RAT tools to steal boat loads of money from banks. The original post can be found HERE.

Another week, another hack. A group of cybercriminals used phishing attacks to install remote access toolkits (RATs) and steal over $300 million from banks and other financial institutions (source: http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html)

Using RATs is not new, and common method cybercriminals use. We had an in-depth look at njRAT and the Sweet Orange Exploit on this site. It is also not uncommon to use phishing and other social engineering attacks by attackers to trick users into installing sophisticated malicious tools. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Anthem: Yet Another Victim of the “Highly Sophisticated Attack”

Sneaky-Anthem

The people at RiskIQ posted a interesting article covering the Anthem breach. The original post can be found HERE. 80 Million Personal Records Compromised!!!!! WOW

It should come as no surprise that another major data breach is in the headlines. Anthem, the nation’s second largest insurance provider, may have had as many as 80 million personal records compromised. There are several factors that make this breach notable. Primarily, it is the first major health insurance breach of its scale. The largest breach prior was the loss of over 4 million records by CHS. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)

njRAT Malware – remote control malware

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (4 votes cast)