Blog Posts Tagged with "Penetration Testing"


Don't Miss the Security BSides Portland Event

August 31, 2011 Added by:Security BSides

The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants...

Comments  (0)


Minimum Password Lengths of 15 or More via GPO

August 21, 2011 Added by:Rob Fuller

Also known as "How to practice what we preach". I don't know how long I've been telling clients that they need to have a minimum password length of 15 characters so there is no chance LM will be stored. But I've never tried setting it myself. Well, a client called me out. You can't...

Comments  (0)


Foundstone Ultimate Hacking Training Course Discount

August 19, 2011 Added by:Infosec Island Admin

Leaving your network vulnerable to exploits can be catastrophic. Learning how hackers and malicious intruders analyze and target your assets can give you a serious advantage in today's high-tech world. Learn how to assess, penetrate, and secure UNIX and Windows networks and hosts...

Comments  (0)


Meterpreter Script – Deploy_nmap.rb

August 09, 2011 Added by:Kyle Young

I programmed a meterpreter script that downloads the latest stable version of nmap from and then deploys nmap onto the victim’s machine. You could then use the victim’s machine to do vulnerability scanning with nmap’s scripting engine...

Comments  (0)


Metasploit Payloads Explained - Part 1b

July 27, 2011 Added by:Rob Fuller

I thought about adding the cmd/windows/adduser payload just so if the user is an admin we can start our day off without having to add ourselves a user but I decided against it just for clean up and “noise” purposes. One of the payloads is going somewhere else... Sharing is caring right?

Comments  (1)


Practical Packet Analysis Using Wireshark

July 24, 2011 Added by:J. Oquendo

I am not trying to write a scathing review, I am basing my review on experience.. I have used Wireshark since it was created in 1998 when it was called Ethereal. I have used both Wireshark and Omnipeek every single day for over a decade...

Comments  (1)


Metasploit Payloads Explained - Part 1 Continued

July 13, 2011 Added by:Rob Fuller

One of the down sides of that payload is you need to host the binary, giving up an IP/host that can be blocked. Well, Google recently allowed people to upload 'anything' to Google docs. You probably already see where I'm going with this...

Comments  (0)


Metasploit Payloads Explained - Part 1

July 06, 2011 Added by:Rob Fuller

The structure of most payloads tell you exactly what they do, but not always. If it says in the description that it's 'Inline' that means it is a single, if it says 'Stager' that means it's staged. Lets break a few of the lesser known ones down...

Comments  (1)


Engaging a Team for a Security Analysis

June 29, 2011 Added by:Bozidar Spirovski

Being involved in a security project requires lot of resources: a good measure of knowledge, a huge measure of experience, some amount of software and personnel. Usually time is in short supply, so this is compensated by more computers or more people...

Comments  (1)


Looking Beyond "Black Box Testing"

June 21, 2011 Added by:Rafal Los

When you're blindly hacking away at something you don't understand, you can't reasonably expect great results, can you? Yet people do, and vendors have tried to compensate for some of those incredibly ambitious expectations by building better parsers and black box testing tools...

Comments  (1)


Components of Effective Vulnerability Management

June 19, 2011 Added by:Gary McCully

Vulnerability management is a continual process that monitors the effectiveness and the efficiency of your organization’s ability to mitigate vulnerabilities. Without a Vulnerability Management Program, you and your security program could be blindly walking off the edge of a cliff...

Comments  (0)


Remote DLL Injection with Meterpreter

June 09, 2011 Added by:Rob Fuller

What sets that method apart is the fact that the suspension (once the DLL injection occurs) comes from within the process, and it suspends all the child processes as well. Another way you can do this without the injection is just sending a suspend to all the threads in the process...

Comments  (0)


New John the Ripper Password Cracker Release

June 06, 2011 Added by:Headlines

A new version of John The Ripper, a free password cracking software tool, has been released. It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects hash types, and includes a customizable cracker...

Comments  (0)


Patching WordPress Username Disclosure

June 05, 2011 Added by:Ryan Dewhurst

According to OSVDB 55713 this vulnerability was reported to WordPress by Core Security Technologies in June 2009. At the time of writing, the latest version of WordPress is 3.1.3 and is still vulnerable to this vulnerability. Here is how to patch the vulnerability yourself...

Comments  (2)


Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)


A Review of the New Backtrack 5 Operating System

June 02, 2011 Added by:Lee Munson

If you are a computer security consultant, there is no better tool to use than Backtrack. If you own a company that has to store important data, then it is vital for you to have a tool like this so your security people can test your network with the same tools the bad guys are using...

Comments  (0)

Page « < 9 - 10 - 11 - 12 - 13 > »