Blog Posts Tagged with "Penetration Testing"

9fbacd2502ce5f91a25f722d8dfe2933

Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

MSFConsole Prompt Fiddling

November 17, 2011 Added by:Rob Fuller

In my presentation at DerbyCon 2011 we talked about using SCREEN and SCRIPT to keep connections live / use them across SSH sessions, and log everything. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs...

Comments  (0)

Bbb285308604bc5fbb9b43590d0501f6

Security BSides is Coming to Cape Town South Africa

November 17, 2011 Added by:Security BSides

B-Sides Cape Town will attempt to offer a healthy environment where some of South Africa's security professionals, system administrators, network administrators, and anyone with a healthy interest in infosec can come together for one day to listen to some interesting presentations...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Infosec: The World's Largest Rube Goldberg Device

November 15, 2011 Added by:Infosec Island Admin

I am sure there are many of you out there who feel like you are being branded the “Security Cassandra”. You come to them with dark prognostications of compromise, and they look upon you as either a paranoid delusional individual or someone to just be patted on the head...

Comments  (5)

Fc152e73692bc3c934d248f639d9e963

What To Do About Insider Threats

November 14, 2011 Added by:PCI Guru

Insiders must have access to information that the general public or even you business partners do not. As a result, should an employee get sloppy with controls or go “rogue,” you can expect to lose whatever information that person had access. Remember my mantra – security is not perfect...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

INFOPOCALYPSE: You Can Lead Them to the Security Trough...

November 08, 2011 Added by:Infosec Island Admin

We have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company. The net effect is that those paying for such products and services may as well be buying a handful of magic beans instead...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Hackers: The Good, the Bad and the Ugly

November 07, 2011 Added by:Emmett Jorgensen

Hackers are often portrayed as social outcasts or criminals looking to defraud the unsuspecting public. The media frequently makes little or no distinction between hacker types, simply lumping them all together into a malevolent group. The truth is hackers come in all shapes and sizes...

Comments  (1)

Bdcd1324539ec513ff7c10014b9668b6

Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)

69850a58aa122f9d42c80b2d502dec6a

Small Goals Lead to Bigger Results

November 01, 2011 Added by:Joshua Lochner

Based on application flows and the importance placed on a web presence, the goal is to configure notification level alerts to be sent to the System Administrators for security related events from the three servers in the front-end web server cluster, and configure emergency alerts...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Six Security Assessments You’ve Never Had But Should

October 24, 2011 Added by:Stephen Marchewitz

You probably are familiar with the classic security assessments: internal and external penetration testing, security risk assessments, and PCI gap assessments. Consider performing these six assessments at least once in your organization to combat the constantly looming hacker threat...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

BackTrack 5 Wireless Penetration Testing Beginner’s Guide

October 22, 2011 Added by:Dan Dieterle

This includes everything from bypassing authentication & cracking encryption, to advanced techniques like man-in-the-middle attacks and attacking WPA-Enterprise, with discussions Wireless penetration methodology, testing and reporting...

Comments  (3)

Ad5130e786d13531cc0f2cde32dacd0f

To Pen Test or Not to Pen Test, That is the Question...

October 16, 2011 Added by:Andrew Weidenhamer

A penetration assessment is simply used as a means to identify vulnerabilities and provide proof of concept on exploiting these vulnerabilities. It effectively better explains ratings associated with vulnerabilities which produces more conscious security professionals...

Comments  (6)

759c37c6aff04cd46262f93652b5fad5

Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Changing the Landscape of Pentesting

October 11, 2011 Added by:Andrew Weidenhamer

Today’s market has become diluted with companies and individuals claiming they can perform penetration assessments - if you don’t believe me attend Defcon once. Organizations need to have a better understanding as to how these hired service providers are actually performing these assessments...

Comments  (4)

4ed54e31491e9fa2405e4714670ae31f

Abusing Windows Virtual Wireless NIC Feature

October 09, 2011 Added by:Kyle Young

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm...

Comments  (1)

Page « < 7 - 8 - 9 - 10 - 11 > »