Interesting post over on Slashdot yesterday on what the best practices are for documenting processes and procedures. While this is a general problem in IT, I thought that it would be worth to note that documentation is a major part of what pen testers and security professionals do. From the pen testing side I require […]
How do you document? Read More »
Lots of talk on the net recently about the first “critical” vulnerability (MS08-001) released by Microsoft this year. If exploited, this vulnerability can allow an attacker to run arbitrary code on a remote system bypassing personal firewalls and in the case of Vista, the kernel protection mechanisms. Note that one caveat to this is that
New Windows TCP/IP Vulnerability (MS08-001) Read More »
HD Moore has released the latest version of the venerable Metasploit Framework over the weekend. Version 3.1 includes the following updates and improvements: “The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits…” This is a significant improvement for the Windows version and
Metasploit 3.1 Released Read More »
Perhaps not if your one of 80,000 web sites that display the small green logo proclaiming your web site is “Hacker Safe”. I recently read two good articles one on Dark Reading and the other in the Computerworld mag that I get. While I understand that this is a marketing persons dream..promote your site as
Is your web site “Hacker Safe”? Read More »
It was just a matter of time before we started to see this pop up but “drive-by pharming” is now just starting to be discovered. In this case a user received an email from a spoofed “e-greeting card” company with an embedded HTML image tag. Once the code is launched, it manipulates the DSL router
First case of “drive-by pharming” identified Read More »
Good blog posts over at Episteme and Andy’s blog about employee awareness and social engineering. Teaching your employees not to trust people is a tall request that’s for sure! Most businesses are built by having employees trust each other…like Andy mentions, you have to teach them to “trust, but verify”. I conduct social engineering tests
Awareness and Social Engineering Read More »
The following is the continuation for “The Wardriving Experiment – Part 1“. To recap…I decided to setup a little wardriving experiment to really get an idea on how many people are still using WEP to secure their wireless access points. I also wanted to find out if people still setup a wireless network without encryption.
The Wardriving Experiment – Part 2 Read More »
Just put a new theme in for the site..so far so good. I also removed the forums since they were not used (at all actually) and re-enabled the comments. Enjoy!
Found this post over at the Defcon forums…RenderMan did a wireless audit of West Edmonton Mall (located in Canada) which is one of the largest malls in the world. RenderMan details his assessment of the 200+ wireless networks and devices…including a separate review of Bluetooth devices found.
Hacking West Edmonton Mall Read More »
Looking to enhance your pen testing skills and take it to the next level? Thomas over at De-ICE.net has just released the first disk in the more advanced “Level 2” set of Live PenTest LiveCD scenarios.
De-ICE.net Releases Level 2 Pen Test LiveCD’s Read More »
