Book Review: Penetration Testing With Raspberry Pi

raspberrypiBerislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.

Introduction

Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2015 Verizon Breach Investigation Report (VBIR) Out Now – First Look

verizonreport1

The latest 2015 Verizon Breach Investigation Report (VBIR) is now out and can be downloaded HERE. For those that have not seen these reports, they survey a number of customers and gather information about different types of breaches. It is a trend based report but great data to get an idea of which types of attacks are being seen by different types of businesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Installing and Troubleshooting Kali Linux On Raspberry Pi

RASPBERRY

I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

SourceFire Licensing And How To Get License Key for FireSIGHT / Defense Center

sourcefirelogoI am asked about Cisco Next Generation Security aka FireSIGHT licensing at least once a week. This post will explain the license options for Cisco FirePOWER and what is needed to request demo licenses to enable your demo system. NOTE: This is the current license model as of March 8th 2015.

For those that are not familiar with the new Cisco FirePOWER offering, it is a blend of Content Filtering, Reputation Security, Application Visibility and Controls, Vulnerability Scanning, IPS/IDS, Network and Endpoint Day Zero protection. These features are offered as a dedicated physical or virtual appliance, as a software option ran inside of a X generation ASA or as a Cloud service. For the dedicated appliance, virtual appliance and ASA version, there are three license options. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Comparing iOS to Android – Which is more secure?

Android-Vs-iOSI have been asked a bunch of times “Which is the more secure mobile platform? Android or iOS?”. There are tons of articles on this topic found by searching on Google. Here is my two cents on the topic.

When looking at Apple iOS and Android, both take completely different approaches to security giving pros and cons to each option. Apple is extremely strict with how applications can leverage resources while Android is open source. For example, Apple devices sandbox APPs meaning they can’t interact with other APPs. Only “jail broken” phones open up the ability for applications to interact with other resources. So for those thinking its smart to jailbreak your iPhone, just be warned that you are also putting your device at risk for compromise. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Cisco Anyconnect 4.0 – Whats New – Why Consider – Free Migrations

AnyconnectLogo1Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.

Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading

VN:F [1.9.22_1171]
Rating: 4.9/5 (8 votes cast)

Article In Hack Insight Press – Sophisticated Phishing with the WiFi Pineapple Mark V

SecMag1Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.

A description of the what the February Issue contains is shown below. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)