I am sure everyone has heard about and watched the YouTube video of the Princeton researchers that conduct cold boot attacks on encrypted hard disks. If you haven’t, I highly suggest you do. As everyone agrees…this is a very significant vulnerability and every organization that uses software to encrypt hard disks should look at ways […]
Cold Boot Attacks on Encryption Keys- Whats the risk? Read More »
Foundstone always puts together great research and releases great tools. The other day Foundstone released a whitepaper describing all of the new and old 802.11 (Wireless) attacks. The paper gives some really good information about AP Impersonation, Rogue Access Points, Implementation Attacks (WEP, Dynamic WEP, WPA/WPA-2 cracking, including the Cafe Latte attack). The paper even
802.11 Attacks Whitepaper Read More »
Last week I spoke at a local security professionals user group about Automated Penetration Testing with CORE IMPACT (from Core Security Technologies). There has been some great developments in the automated penetration testing area recently with commercial tools like CORE IMPACT and Immunity’s CANVAS. However, lets not forget about recent advancements with open source solutions
Automated Penetration Testing with CORE IMPACT Read More »
The infamous Cult of the Dead Cow (cDc) has released a very cool Google vulnerability scanner called Goolag Scanner. This tool allows you to search a specific web site or domain for known vulnerabilities and misconfigurations. From an eWeek article: “The open-source program comes with about 1,500 custom Google search queries embedded by default to
Goolag Scanner – Google Vulnerability Scanner Released Read More »
If you are in the Cleveland, Ohio area you should check out the local con called Notacon. Similar to Defcon or ShmooCon but much smaller and in my opinion more unique. From the Notacon web site: “NOTACON, an annual conference held in Cleveland, Ohio, explores and showcases technologies, philosophy and creativity often overlooked at other
Notacon 5: April 4-6 Cleveland, Ohio Read More »
If you have been checking out Quzart’s QedShell v2.0 article and want to know more about PHP file include attacks and how they work…be sure to check out this fantastic four part series about these attacks on TippingPoint’s DV Labs blog. I have yet to find a more comprehensive article on this subject.
PHP File Include Attacks Explained Read More »
Good post over at GNUCITIZEN today. They talk about how easy it would be for a hacker to social engineer their way into LinkedIn connections to get information about a potential business target, possibly even your company or business. Social networking in general is very popular with security minded and non-security minded people. I use
Social Networks and Personal Information Read More »
c 99shell from the ccteam was a great PHP script, unfortunately support is discontinued. The idea is to have an all-in-one file to administrate a server once that file is uploaded. When you look into the source of the c 99shell it is a bit chaotic and it even is detected by some anti-virus programs.
I was listening to the latest Security Now podcast and Steve Gibson mentioned an interesting social engineering attack where some penetration testers were able to pose as employees just by listening to conference call and other telephone conversations across the street from the company facility. They used a police scanner dialed into the 800-900 Mhz
Wireless Headset Dangers Read More »
Welcome Quzart to the spylogic.net team! Another blogger from the Netherlands named Quzart will be posting an article on the revised c 99shell php script. Keep an eye out for it. Thanks Quzart!
