Kali Linux – The next generation for BackTrack


Written by Aamir Lakhani, www.DrChaos.com and Joey Muniz www.thesecurityblogger.com. Article is cross posted.

BackTrack is a digital forensics and penetration testing arsenal used by many security professionals and malicious hackers. The last release of BackTrack was 5r3 and many expected a new release sometime in 2013. The creators of BackTrack decided to start from the ground up building a full-fledged operating system and release a next generation penetration distribution rather than updating the existing live CD release. The creators note “Kali Linux is a more mature, secure and enterprise-ready version of BackTrack Linux”. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Installing VMware Tools on Kali Linux

Great find and post by Aamir Lakhani. Check out the original HERE

If you are using Kali Linux and trying to use it in a VM environment as a guest operating system on VMware,  you may run into some issues. It is recommended that you install VM Tools for VMware on Kali Linux.

This guide will help you install VM Tools on any installation of Kali Linux (including 64-bit ISOs). It will also allow you to use Kali Linux in VMware ESXi environments.

The first thing you need to do on Kali Linux is prep the system for VM Tools. You do so by issuing the following commands: Continue reading

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)

SSL Strip – Breaking Secure Websites

Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE


Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.

The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide. Continue reading

VN:F [1.9.22_1171]
Rating: 3.3/5 (3 votes cast)

How Hackers Crack Weak Passwords

People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of time. For example, it’s common to find a password on a non-critical asset such as a PlayStation 3 be the same as a person’s bank account login.

The more information an attack knows about your password profile, the more likely they will crack your password. For example, a policy of “6-10 characters with one upper case letter and special character” actually helps an attacker reduce the target space meaning passwords are weaker with the policy. If an hacker captures a password for another system and notices a formula such as ‘<dictionary word>’ followed by ‘<3 numbers>’, it helps the attacker prepare a dictionary attack (utilities such as Crunch makes this easy). Any password shorter than 10 characters is an easy target to brute force attack based on today’s system process power. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing


Emily Williams and Robin Sage

Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using Emily Williams. Continue reading

VN:F [1.9.22_1171]
Rating: 4.9/5 (14 votes cast)