Tag Archives: Penetration Testing

njRAT Malware – remote control malware

Posted on by
Reply

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Enable SSH on Kali Linux

Posted on by
Reply

My buddy Aamir Lakhani wrote a good post on how to enable SSH on Kali Linux. He also has other tips for using Kali Linux found on his blog www.drchaos.com. Below is the post however you can find the original HERE

Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Recon-ng – advanced reconnaissance framework

Posted on by
4

Starting-recon-ng-1024x621My buddy Aamir Lakhani wrote about a cool reconnaissance tool called recon-ng. This tool can automate researching a target using multiple sources. The original post can be found HERE

Reconnaissance techniques are the one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Expert Metasploit Penetration Testing [Video]

Posted on by
Reply

3664OS_Video

I’ve been asked about suggested training for penetration testing. The most popular programs are the Certified Ethical Hacker CEH (found HERE) and SANs courses (found HERE). There are many books such as the one I wrote with my buddy Aamir (HERE) as well as others I have recommended HERE.

I was provided access to a video series through Packt Publishing titled “Expert Metasploit Penetration Testing [Video]” and found it to be pretty useful for those looking to learn how to use Metasploit. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cool Penetration Testing Application: Cobalt Strike

Posted on by
2

CBStrike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

RSA Europe talk on Emily Williams found on PCWorld, Yahoo news, Cio.com and other sources

Posted on by
Reply

privacy_nsa_security-100053240-gallery

My buddy Aamir Lakhani and I performed a penetration test using social media sources (Facebook and LinkedIn) as a method to compromise users from our target. You can find more about our project aka Emily Williams HERE and HERE as well as at www.drchaos.com. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)

Book Complete: Web Penetration Testing with Kali Linux – Released August 2013

Posted on by
Reply

KaliLinux_Pentest_ Book

We are done! Aamir Lakhani (www.DrChaos.com) and I have finished our book “Web Penetration Testing with Kali Linux”.

You can pre-order the book from Packt Publishing’s website at:

http://www.packtpub.com/web-penetration-testing-with-kali-linux/book Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (6 votes cast)

My Article in PenTest Magazine – Backtrack Compendium July 2013

Posted on by
Reply

pentestmagimage

PenTest Magazine just released a issue focused on BackTrack titled BackTrack Compendium. I wrote a piece on compromising passwords using tools available in Kali Linux. An image from the introduction of my piece can be found below. I haven’t had a chance to review the entire magazine however glancing over it and found many interesting topics such as “Improve your Firewall Auditing”, “Building a SQLI Test Lab”, “How to Set Up a Software Hacking Lab”, “Multiphase Penetration Testing with Metasploit, Backtrack and Armitage”, “Metasploit Primer”, and many many more. I have a lot of good reading to do this week :) Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)