Blog Posts Tagged with "Hacking"

B64e021126c832bb29ec9fa988155eaf

The New Social Engineering Toolkit vs Windows 7 and 8

October 08, 2012 Added by:Dan Dieterle

Cyber genius David Kennedy (aka The Mad Hugger) and his rockstar team have done it again. Just when you thought your Anti-Virus was safe, the TrustedSec team has shown once again that pinning all your corporate security hope on AV protection alone is not a good strategy...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Completely In-memory Mimikatz with Metasploit

October 07, 2012 Added by:Rob Fuller

For mimikatz to automatically send commands require double quotes in the command line arguments, so we use single quotes in meterpreter to encircle the execute arguments (-a). Running first "sekurlsa::logonPasswords full" then 'exit' to auto-exit mimikatz console...

Comments  (0)

F63d0b2876c57f0bb53f053dd6b7b747

MS08-067 Celebrates Another Birthday

October 04, 2012 Added by:Jeremy Sobeck

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Old School On-Target NBNS Spoofing

September 30, 2012 Added by:Rob Fuller

So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...

Comments  (7)

Fd7e078e5bfb68a4be33cbfac76f4f70

Analyzing Desktops, Heaps, and Ransomware with Volatility

September 24, 2012 Added by:Michael Ligh

This post discusses the undocumented windows kernel data structures for desktop objects and desktop heaps. You'll see how to use memory forensics to detect recent malware including the ACCDFISA ransomware and Tigger variants...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Hacking Exposed 7: Network Security Secrets and Solutions

September 23, 2012 Added by:Ben Rothke

With the release of Hacking Exposed 7: Network Security Secrets & Solutions, authors Stuart McClure, Joel Scambray and George Kurtz (along with over 10 contributing authors) provide an up to date version to the original classic. The book includes the essentials of hacking...

Comments  (0)

7366c113eb2ccd38f6bbcbd5d52a6bec

How to PWN Systems Through Group Policy Preferences

September 20, 2012 Added by:Jeff McCutchan

All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Let Me out Of Your .NET Work: Server Build

September 19, 2012 Added by:Rob Fuller

First you have to get rid of all other services. That’s harder than you would first assume, because you have to admin the box some how. You could toss SSH on a really high port, or have some kind of backend management, or just remove things from running on a multi-IP’d box...

Comments  (0)

5b4dab10939f37f8bee4017c584353fe

Metasploit Penetration Testing Cookbook

September 13, 2012 Added by:Philip Polstra

Singh provides an introduction to the widely used Metasploit framework in the form of seventy plus recipes for various penetration testing tasks, and goes beyond the basics of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Raising Zombies in Windows: Passwords

September 13, 2012 Added by:Rob Fuller

List the tokens available with Incognito, your new user will be there, steal it and you're done. You now have the ability to user that account/domain token on any of the hosts you've compromised on the network, not just the ones they happen to have left themselves logged in...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Pentoo 2012: A Penetration Testers Distro of Gentoo Linux

September 09, 2012 Added by:Dan Dieterle

I’ve never seen Pentoo before, but couldn’t resist taking a peek. Basically Pentoo is Gentoo Linux with a bunch of security focused tweaks. I am married to Backtrack and am not interested in switching to another Linux Security Distro, but Pentoo looks enticing...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Chapcrack and CloudCracker Unlock MS-CHAPv2-Based VPN Traffic

September 06, 2012 Added by:Dan Dieterle

A recently released article explains in detail how to crack MS-CHAPv2 communication used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Let Me Out of Your .NET Work: Intro

September 05, 2012 Added by:Rob Fuller

The problem I find with these tools is that they are still straight TCP. I know most networks still allow some ports directly outbound and these tools are still quite valid. During the span between these two tools being released, MrB released a site that listens on all 65k ports...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Network Forensics -Tracking Hackers Through Cyberspace

September 04, 2012 Added by:Jayson Wylie

I highly recommend this book for seasoned network security professionals and those responsible for forensics to help set a foundation of proper approach, reporting and evidence collection for identifying an incident and being able to show proof and record...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Cross-Protocol Chained Pass the Hash for Metasploit

August 29, 2012 Added by:Rob Fuller

Every so often someone writes a Metasploit Module that is pretty epic. July 12th was one such day, and as soon as you do you can start using this (using the example resource file to put a file, cat it out, enum shares available, list files on a share) then psexec all from a single URL being loaded...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5 r3 List of (Some of the) New Tools and Programs

August 27, 2012 Added by:Dan Dieterle

What are the new utilities included with Backtrack 5r3? I couldn’t find a list, so I decided to make one myself comparing BT5r2 with the latest version. This is not an exhaustive list, but hopefully it will help people see some of the very cool new tools and programs added to Backtrack...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »