LAN Turtle By Hak5 First Look – How To Setup Auto SSH + Cloud Fileshare

Turtleimage1

I have been a fan of the gadgets produced by Hak5. For example, you can find a post I wrote on the WIFI Pineapple HERE. I picked up the latest tool from Hak5 known as the LAN Turtle from DEFCON23 and have configured it to auto SSH to a server hosted in the cloud (thanks to Aamir aka DrChaos for the server). This post will cover an overview of the LAN Turtle and how to setup an auto SSH to remotely access the LAN Turtle as well as cloud folder to easily remove data from a target network. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2015 Verizon Breach Investigation Report (VBIR) Out Now – First Look

verizonreport1

The latest 2015 Verizon Breach Investigation Report (VBIR) is now out and can be downloaded HERE. For those that have not seen these reports, they survey a number of customers and gather information about different types of breaches. It is a trend based report but great data to get an idea of which types of attacks are being seen by different types of businesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenVAS 8.0 Vulnerability Scanning

open_vas_logo

My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NSS Labs Threat Capabilities Report Available

threatglasses1NSS Labs just released their latest Threat Capabilities Report found HERE. Its a short yet interesting report covering  widely used applications that were exploited after September of 2014. They list the top applications, operating systems and countries hosting command and control call homes. This one is free to download. Below is a summary from the report.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Anyconnect 4.0 – Whats New – Why Consider – Free Migrations

AnyconnectLogo1Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.

Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (9 votes cast)

Article In Hack Insight Press – Sophisticated Phishing with the WiFi Pineapple Mark V

SecMag1Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.

A description of the what the February Issue contains is shown below. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)

Why Migrate From Cisco NAC Appliance To ISE?

why1I have received the question why should I migrate from NAC appliance to Identity Services Engine (ISE)?” a handful of times. This post will provide some reasons why you should consider migrating over. Regarding how to migrate and what discounts you could receive by migrating, see this post that covers these questions HERE.

Lets start off by looking at Cisco NAC and ISE.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)