Blog Posts Tagged with "Penetration Testing"


Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)


MSFConsole Prompt Fiddling

November 17, 2011 Added by:Rob Fuller

In my presentation at DerbyCon 2011 we talked about using SCREEN and SCRIPT to keep connections live / use them across SSH sessions, and log everything. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs...

Comments  (0)


Security BSides is Coming to Cape Town South Africa

November 17, 2011 Added by:Security BSides

B-Sides Cape Town will attempt to offer a healthy environment where some of South Africa's security professionals, system administrators, network administrators, and anyone with a healthy interest in infosec can come together for one day to listen to some interesting presentations...

Comments  (0)


Infosec: The World's Largest Rube Goldberg Device

November 15, 2011 Added by:Infosec Island Admin

I am sure there are many of you out there who feel like you are being branded the “Security Cassandra”. You come to them with dark prognostications of compromise, and they look upon you as either a paranoid delusional individual or someone to just be patted on the head...

Comments  (5)


What To Do About Insider Threats

November 14, 2011 Added by:PCI Guru

Insiders must have access to information that the general public or even you business partners do not. As a result, should an employee get sloppy with controls or go “rogue,” you can expect to lose whatever information that person had access. Remember my mantra – security is not perfect...

Comments  (0)


Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)


INFOPOCALYPSE: You Can Lead Them to the Security Trough...

November 08, 2011 Added by:Infosec Island Admin

We have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company. The net effect is that those paying for such products and services may as well be buying a handful of magic beans instead...

Comments  (0)


Hackers: The Good, the Bad and the Ugly

November 07, 2011 Added by:Emmett Jorgensen

Hackers are often portrayed as social outcasts or criminals looking to defraud the unsuspecting public. The media frequently makes little or no distinction between hacker types, simply lumping them all together into a malevolent group. The truth is hackers come in all shapes and sizes...

Comments  (1)


Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)


Small Goals Lead to Bigger Results

November 01, 2011 Added by:Joshua Lochner

Based on application flows and the importance placed on a web presence, the goal is to configure notification level alerts to be sent to the System Administrators for security related events from the three servers in the front-end web server cluster, and configure emergency alerts...

Comments  (0)


Six Security Assessments You’ve Never Had But Should

October 24, 2011 Added by:Stephen Marchewitz

You probably are familiar with the classic security assessments: internal and external penetration testing, security risk assessments, and PCI gap assessments. Consider performing these six assessments at least once in your organization to combat the constantly looming hacker threat...

Comments  (0)


BackTrack 5 Wireless Penetration Testing Beginner’s Guide

October 22, 2011 Added by:Dan Dieterle

This includes everything from bypassing authentication & cracking encryption, to advanced techniques like man-in-the-middle attacks and attacking WPA-Enterprise, with discussions Wireless penetration methodology, testing and reporting...

Comments  (3)


To Pen Test or Not to Pen Test, That is the Question...

October 16, 2011 Added by:Andrew Weidenhamer

A penetration assessment is simply used as a means to identify vulnerabilities and provide proof of concept on exploiting these vulnerabilities. It effectively better explains ratings associated with vulnerabilities which produces more conscious security professionals...

Comments  (6)


Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)


Changing the Landscape of Pentesting

October 11, 2011 Added by:Andrew Weidenhamer

Today’s market has become diluted with companies and individuals claiming they can perform penetration assessments - if you don’t believe me attend Defcon once. Organizations need to have a better understanding as to how these hired service providers are actually performing these assessments...

Comments  (4)


Abusing Windows Virtual Wireless NIC Feature

October 09, 2011 Added by:Kyle Young

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm...

Comments  (1)

Page « < 7 - 8 - 9 - 10 - 11 > »