*** UPDATE #2: The site mentioned below is an elaborate hoax/experiment created by a graduate student! Thanks to everyone for researching this! If anything…get a good laugh out of it. *** Well not really physically “sniff” your neighbors (that would be disgusting especially if you saw my neighbors)…but they do want you to fire up […]
DHS wants you to sniff your neighbors Read More »
John Sawyer over at Dark Reading put out a post about the importance of documentation as it relates to your pen test’s. I couldn’t agree more as documenting your methodology, testing it, and even having it reviewed by your peers are very important. I wrote a post a few months back about the importance of
Pen Test Documentation Strikes Back! Read More »
I saw a good presentation analyzing the malware behind this current “fake subpoena phish” by Tyler and Greg at the NEO Information Security Forum the other night. Tyler and Greg are legendary in the Cleveland area for conducting some cutting edge malware analysis over the last few years. They focused on how this type of
Malware is Evolving Read More »
Looks like the latest issue of Phrack was released. Phrack is one of those hacker magazines that seemed to have disappeared and now is starting to slowly come back into existence. Phrack is famous for posting the infamous Hacker Manifesto and also provides a good insight into the current (and past) state of the hacker
Phrack Issue #65 Released Read More »
. Breaking News! 90% of all Windows machines are vulnerable to Adobe Flash vulnerabilities…(not really breaking news by any means for security professionals, right?). But for the average home user I certainly hope it is. You see articles all the time talking about the latest client-side vulnerabilities and usually they are just talking about one
Flash, Adobe Reader and Java…Oh My! Read More »
Some good discussions posted on the SecLists.org penetration testing mailing list today. The following is an email from a apparently novice penetration tester regarding the use of CORE IMPACT in a penetration test: “Hello, I am new to pen testing and am currently involved in doing an external pen test for one of our clients.We
The need for a diverse toolkit and manual pen testing Read More »
I stumbled upon a pretty cool project mentioned on the insecure.org mailing list called the “Penetration Testing Directory Project“. This project aims to be a directory for all things related to Penetration Testing which include tools, methodologies, companies, websites and more. This does seem something like the Hackerpedia, however, this project looks to be more
Penetration Testing Directory Project Read More »
Interesting developments in the Hannaford Supermarket breach that was reported a few weeks ago. Seems that malware infected 300 some servers that were located at each of the stores. This malware was apparently collecting and sending customer credit card data to overseas locations. I like the following part the best: “Andrew Conry of InformationWeek adds
Suspected Malware Infected Hannaford Servers Read More »
Last night I did a talk on “Automated Penetration Testing with the Metasploit Framework” to a local information security group in Cleveland, Ohio. This was the last talk in a two part series on automated penetration testing tools. Last month I spoke about CORE IMPACT by Core Security Technologies which is a commercial penetration testing
Automated Penetration Testing with the Metasploit Framework Read More »
