I’m sure you have already read this on other blogs…however, if you didn’t get the news yet…Backtrack 3 has been officially released last week on the PaulDotCom show. I know myself and others have been using the beta and have been looking forward to this final release. Here are some highlights as posted by Max […]
Backtrack 3 Released Read More »
Very good interview over at The Ethical Hacker Network with Ed Skoudis of Intelguardians. Ed talks about his career, how Intelguardians came to be, his new SANS 560 Course, and a little about his hacker challenges that he is famous for. I know several of the Intelguardians and I have a huge amount of respect
The Ethical Hacker Network: Interview with Ed Skoudis of Intelguardians Read More »
I came across this post by Martin McKeay on the Network Security Blog today talking about changes to the Nessus license that Tenable will be starting July 31st. Martin makes some really good points and I recommend you read his post. Basically as a corporate user you will need to pay for the new “ProfessionalFeed”.
Nessus “registered” plugin feed to be discontinued Read More »
The latest versions of fgdump and pwdump have been released by the foofus.net team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement: “The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the
New versions of fgdump and pwdump released Read More »
John Sawyer over at Dark Reading put out a post about the importance of documentation as it relates to your pen test’s. I couldn’t agree more as documenting your methodology, testing it, and even having it reviewed by your peers are very important. I wrote a post a few months back about the importance of
Pen Test Documentation Strikes Back! Read More »
Some good discussions posted on the SecLists.org penetration testing mailing list today. The following is an email from a apparently novice penetration tester regarding the use of CORE IMPACT in a penetration test: “Hello, I am new to pen testing and am currently involved in doing an external pen test for one of our clients.We
The need for a diverse toolkit and manual pen testing Read More »
I stumbled upon a pretty cool project mentioned on the insecure.org mailing list called the “Penetration Testing Directory Project“. This project aims to be a directory for all things related to Penetration Testing which include tools, methodologies, companies, websites and more. This does seem something like the Hackerpedia, however, this project looks to be more
Penetration Testing Directory Project Read More »
Last night I did a talk on “Automated Penetration Testing with the Metasploit Framework” to a local information security group in Cleveland, Ohio. This was the last talk in a two part series on automated penetration testing tools. Last month I spoke about CORE IMPACT by Core Security Technologies which is a commercial penetration testing
Automated Penetration Testing with the Metasploit Framework Read More »
Larry and Paul from the PaulDotCom Security Weekly Podcast have a very good two part series interviewing pdp and Adrian from GNUCITIZEN. Lots of good information about embedded device hacking and all the cool things GNUCITIZEN is working on. Check out the mp3’s of the Podcast below….better yet…subscribe to the PaulDotCom Security Weekly Podcast! These
GNUCITIZEN on PaulDotCom Read More »
GNUCITIZEN has released a tool similar to the fat client Goolag Scanner that the cDc released a few weeks ago called GHDB. What makes the GHDB different is that it is browser based and uses JavaScript techniques to scrape information from Johnny Long’s Google Hacking Database without the need for hosted server side scripts. Add
Online Google Hacking, Ethical Penetration Testing Tool Read More »
