Items Tagged with "Tools"


1a490136c27502563c62267354024cd5

From PwnPlugs to Nuclear Power Plants...

January 03, 2012 Added by:Malgorzata Skora

Physical security can’t be overstated with high value targets such as the Nuclear Power plants in Iran and the U.S. Governments Secret SIPR networks being victims to physical layer compromise. If there’s one guaranteed way to gain access to any network, it’s with a physical layer exploit...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Crazy Fast Password Recovery with Hashcat

January 02, 2012 Added by:Dan Dieterle

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Analyzing Passwords for Patterns and Complexity

December 20, 2011 Added by:Dan Dieterle

This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...

Comments  (0)

1a490136c27502563c62267354024cd5

PenTest: Get to Know Yourself Before Others Do

December 14, 2011 Added by:Malgorzata Skora

With multi-tier network architectures, web services, custom applications, and heterogeneous server platform environments, keeping data assets secure is more difficult than ever. Coupled with this complexity is the fact that criminal organizations have organized their hacking efforts...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

HIPAA Tool Helps Organizations Meet Security Requirements

November 30, 2011 Added by:Headlines

A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Improves Tool for Hardening Software Security

November 29, 2011 Added by:Headlines

"The SRD is for companies that build static analyzers... It will help their products catch the most common errors in the software they are supposed to check. It brings rigor into software assurance, so that the public can be more confident that there are fewer dangerous weaknesses..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: Pull Process and Network Connections from a Memory Dump

November 23, 2011 Added by:Dan Dieterle

From the output of the command, we see the physical memory location, process name and the PID number of all processes that were running. This helps deduce if something was running that should not have been and allows you to view programs that may be running under the process...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Pull Passwords from a Memory Dump

November 13, 2011 Added by:Dan Dieterle

We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and same keys...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Download the Infosec Island App for Your Android

November 11, 2011 Added by:Infosec Island Admin

It's now easier than ever to keep up to date with the latest headlines, informative articles, security breach information, and vulnerability alerts while you are on the move. The application is free to use, easy to download, and will let you stay informed when you are away from your computer...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Capture Memory for Analysis

November 10, 2011 Added by:Dan Dieterle

Analysts use memory dumps to analyze malicious software. Once you have the memory dump, you can perform some very interesting analysis on it, like viewing what processes and programs were running on the machine, and what network connections the system had. You can even pull passwords from them...

Comments  (2)

Bdcd1324539ec513ff7c10014b9668b6

Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)

759c37c6aff04cd46262f93652b5fad5

Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)

4ed54e31491e9fa2405e4714670ae31f

Abusing Windows Virtual Wireless NIC Feature

October 09, 2011 Added by:Kyle Young

If the victim computers are part of a Windows domain and have wireless NICs, by automating Metasploit with a pass-the-hash attack and using my script, one could essentially automate deploying a series of rogue ap points throughout a domain. This would be kind of like a network worm...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Backtrack Metasploit Megaprimer

September 28, 2011 Added by:Dan Dieterle

The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

DHS Releases Cyber Security Evaluation Tool (CSET)

September 27, 2011 Added by:Headlines

The Department of Homeland Security's National Cyber Security Division (NCSD) has released a Software tool set to better enable organizations to examine risks to industrial control systems (ICS) and implement more secure protocols for protecting the nation's critical infrastructure...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »