The art of creating backdoors and exploits with Metasploit

metasploit-300x142

My buddy Aamir Lakahani wrote a cool post on how to create exploits with Metasploit. The original post can be found HERE.

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

PowerOffHijack – Android Malware Can Spy On You Even When Your Mobile Is Off

poweroffhijackThe people at TheHackerNews.com wrote a article on a new attack against Android devices that tricks users into believing they have powered off their device so they can spy on them. The original post can be found HERE.

Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues “spying” on the users’ activities in the background. So, next time be very sure while you turn off your Android smartphones.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Raspberry Pi As A Hacking Arsenal

IMG_0473

One really cool tool that I’ve had a lot of fun playing with is the Raspberry Pi. My buddy Aamir Lakhani and I recently went under contract for our second book covering how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. Here is a basic overview of the Raspberry Pi used as a security tool. The book should be out early next year.

For those that haven’t heard of a Raspberry Pi, it’s a small computer that is dirt cheap and can be imaged for just about anything. Continue reading

VN:F [1.9.22_1171]
Rating: 2.7/5 (21 votes cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 4.9/5 (9 votes cast)

Device Fingerprinting – What it is and defense measures

cookie1

The people at webdesigndegreecenter developed a infographic covering device fingerprinting beyond standard cookie tracking. The original infographic can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cool Penetration Testing Application: Cobalt Strike

CBStrike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

You Dont Have To Lose A Credit Card To Become A Victim Of Fraud

creditcard1A coworker of mine, Tom Cross, was featured on CBS Atlanta regarding a case where a newscast member had her credit card information stolen. An interesting aspect of this situation is the criminals obtained the card number while the victim was in another city holding the authentic card. It is undetermined how the criminals stole the card number to create the duplicate but the motive clear … purchase giftcards until the credit card account becomes locked. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)