Items Tagged with "Tools"


03b2ceb73723f8b53cd533e4fba898ee

CapFire4: Criminal Malware-as-a-Service Platform

June 26, 2012 Added by:Pierluigi Paganini

Cybercrime is operating as an enterprise, with tools offered for the coordination of cyber attacks such as spamming of malware, malware hosting, and for building command and control infrastructure for botnets. The latest service is called CapFire4, and it’s a good example of malware-as-a-service...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

B64e021126c832bb29ec9fa988155eaf

Wireshark: Listening to VoIP Conversations from Packet Captures

June 24, 2012 Added by:Dan Dieterle

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

SecureState Contributes to the SQLMap Project

June 18, 2012 Added by:Spencer McIntyre

Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....

Comments  (0)

48062676f7b2fc521b0b32a3c6494469

What Are ToR Hidden Services?

June 15, 2012 Added by:gaToMaLo r. amores

In the ToR-.onion network, the client asks to use a website's services, then starts a handshake at a rendezvous point (onion relay) - not at the server/IP. They're never on the site/server when in OnionLand, can’t do a WhoIs and get an IP and cannot find a geo-location. If they can’t find you, they can't hack you...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Recovering Clear Text Passwords – Updated

June 13, 2012 Added by:Dan Dieterle

When I wrote about WCE last, I noticed that for some reason the output didn’t seem right for accounts that did not have passwords. WCE seemed to mirror a password from another account when a password was not present. Hernan from Amplia Security (creator of WCE) created a fix for this...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Remote Windows Passwords in Plain Text with WCE

June 05, 2012 Added by:Dan Dieterle

After obtaining a remote session using Backtrack’s Social Engineering Toolkit, I ran Bypassuac to get System level authority and at the Meterpreter prompt simply ran wce.rb. Mimikatz seems to do a better job at recovering passwords, but WCE is just as easy to use. Both offer other features and functions...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SNORT in an ICS Environment

May 23, 2012 Added by:Infosec Island Admin

A major obstacle for ICS security is how to test and deploy security tools in the ICS space. Now, the open-source IT security research community has paired with ICS teams, DHS, NESCO, and other stakeholders to research ICS network threats and produce tools to address them...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Spring Cleaning Your PC

May 18, 2012 Added by:Robert Siciliano

If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...

Comments  (2)

B64e021126c832bb29ec9fa988155eaf

Practice Linux Penetration Testing Skills with Metasploitable

May 18, 2012 Added by:Dan Dieterle

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...

Comments  (0)

94c7ac665bbf77879483b04272744424

Network Anomaly Detection Takes a NAP

May 07, 2012 Added by:Marc Quibell

ADS are still used for investigative purposes - after the data has passed - taking correlated log data and running an analysis against historical data to see if anything abnormal happened. Well that's cool, except it already happened - the damage is already done in most cases...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Getting Started Securing Industrial Assets

May 04, 2012 Added by:Infosec Island Admin

Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Checking Your System for the DNS Changer Malware

April 23, 2012 Added by:Headlines

The deadline for for systems infected with the DNS Changer malware is fast approaching. Failure to rid a device of the malware prior to the July 9 deadline could result in loss of Internet connectivity. To see if your system is infected, simply visit the following website...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Javvad Malik on Hacking Tools and Ethics

April 20, 2012

Joshua Corman wrote a post in which he raises some valid points about tools like Metasploit. Naturally, the purpose such tools is to aid a security tester in finding vulnerabilities. However you cannot dictate if someone will use this for attack or defensive purposes...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases Flashback Malware Removal Tool and Patches

April 17, 2012 Added by:Headlines

Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware for OS X Lion v10.7.3, OS X Lion Server v10.7.3. Mac OS X v10.6.8 and Mac OS X Server v10.6.8...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »