Book Review: Penetration Testing With Raspberry Pi

raspberrypiBerislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.

Introduction

Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Breaking SSH, VNC, and other passwords with Kali Linux and Hydra

crackedMy buddy Aamir Lakhani aka drchaos wrote a great post on breaking SSH, VNC and other services. The original post can be found HERE.

Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

4 Million Records Stolen – U.S. Office of Personnel Management Hacked!

www.usnews

According to datalossdb.org, the U.S Department of the Interior, U.S. Office of Personnel Management lost 4 Million records from a massive data breach. Dataloss lists “At least 4 million names, dates and place of birth, Social Security numbers, benefit selections, job assignments, performance ratings and training information of current and former Federal employees compromised by hackers”. USNEWS.com wrote the following article about this breach found below (original post found HERE).  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Nasa and Verizon plan to monitor US drone network from phone towers

drone1Have you ever thought about building a drone? Or maybe buying one? Well according to a post on theguardian.com, Nasa may start monitoring your efforts using their own drone system. The original article can be found HERE. What is interesting is the massive increase in commercial drone usage. For example, check out this video about Lilly, a drone camera that will follow and film you HERE while you are doing outdoor activities such as snow boarding. How does Nasa plan to monitor these as they become more popular?  I feel like that drone scene from Starwars episode 1 is becoming a reality.

lillydrone3

 

 

 

 

Exclusive: Federal agency is developing technology to track commercial and civilian drones via cell coverage, with first tests of air traffic control system set for this summer. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2015 Verizon Breach Investigation Report (VBIR) Out Now – First Look

verizonreport1

The latest 2015 Verizon Breach Investigation Report (VBIR) is now out and can be downloaded HERE. For those that have not seen these reports, they survey a number of customers and gather information about different types of breaches. It is a trend based report but great data to get an idea of which types of attacks are being seen by different types of businesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How to Hack an App Video Series

app hacking

In order to bring attention to how easy hackers are able to exploit applications, the people at Arxan Technologies have posted a series of videos showing how to hack mobile apps using various open source tools. You can find the videos HERE. Jonathan Carter does a pretty good job going into details on how the tools work with lots of details. Check it out.

Here is a summary of the videos Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Installing and Troubleshooting Kali Linux On Raspberry Pi

RASPBERRY

I have been asked a handful of times about the steps to install Kali Linux on a Raspberry Pi. My buddy Aamir Lakhani and I went through the installation process a million times with different models to develop our best practices for the installation process. This post will cover a very short summary of how to install Kali Linux on a model B+ Raspberry Pi. The full details as well as many other Raspberry Pi penetration testing use cases can be found in our book HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

SourceFire Licensing And How To Get License Key for FireSIGHT / Defense Center

sourcefirelogoI am asked about Cisco Next Generation Security aka FireSIGHT licensing at least once a week. This post will explain the license options for Cisco FirePOWER and what is needed to request demo licenses to enable your demo system. NOTE: This is the current license model as of March 8th 2015.

For those that are not familiar with the new Cisco FirePOWER offering, it is a blend of Content Filtering, Reputation Security, Application Visibility and Controls, Vulnerability Scanning, IPS/IDS, Network and Endpoint Day Zero protection. These features are offered as a dedicated physical or virtual appliance, as a software option ran inside of a X generation ASA or as a Cloud service. For the dedicated appliance, virtual appliance and ASA version, there are three license options. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)