Older Entries »

shopkick scans

posted this in Hacking, shopkick on May 14th, 2012

div.ex { width:290px; padding:10px; border:5px solid gray; margin:0px; } div.ex2 { width:290px; padding:10px; border:5px solid blue; margin:0px; } #para1 { text-align:center; color:black; font-family: arial, “lucida console”, sans-serif; font-size:2em; } #para2 { text-align:center; color:black; font-family: arial, “lucida console”, sans-serif; font-size:4em; } #para3 { text-align:center; color:white; font-family: arial, “lucida console”, sans-serif; font-size:4em; } figure, .image-wrap { . . . → Read More: shopkick scans

Leave a comment   Hacking, shopkick

detect flashback mac

posted this in Hacking, Howto, Mac, Tools on April 12th, 2012

F-Secure  has created a free tool that automates the detection and removal of the widespread Flashback Mac OS X malware.

How to use the tools:

1) Download FlashbackRemoval.zip to the Mac machine you want to scan. 2) Double-click the zip package to unzip it in the current folder. 3) Double-click the FlashBack Removal app to run the tool. 4) Follow the instructions to check . . . → Read More: detect flashback mac

Leave a comment   Hacking, Howto, Mac, Tools

Honeynet honeywall howto

posted this in Defense, Hacking, Papers, Security, Tools, Windows on April 10th, 2012

Honeynet/Honeywall Implementation

Routing of malicious traffic and forensic analysis

Steve Stonebraker

11/22/2010

 

A detailed implementation of a full interaction honeypot and honeywall in a virtualized VMWare environment is presented.   The benefits and drawbacks of this type of this type of implementation are explained.  The importance of proper . . . → Read More: Honeynet honeywall howto

One comment   Defense, Hacking, Papers, Security, Tools, Windows

decoding sql injection attempts

posted this in Hacking, Security, Windows on October 10th, 2011

Background

SQL Server has a function called CAST, that converts an ASCII codes array to text. Hackers can use this function to obfuscate the SQL Injection payload, and bypass filters that block SQL commands or hazardous characters. Here is an example to an attack that uses this technique:

The first step is to declare . . . → Read More: decoding sql injection attempts

Leave a comment   Hacking, Security, Windows

FTDNS example

posted this in Hacking, Security on January 25th, 2011

Here is an FTDNS example (File Transfer via DNS) from Johannes B. Ullrich, Ph.D.  (http://isc.sans.edu/diary.html?storyid=10306):

File transfer via DNS

For pentesters, this is helpful as it will first of all sneak past many firewalls, and secondly you do not need to install any special tools that may be picked up by anti-malware.

First, we convert . . . → Read More: FTDNS example

Leave a comment   Hacking, Security

Flood network with random MAC addresses with macof tool

posted this in Tools on November 16th, 2010

Background

Before you can be a badass hacker you need to understand what exactly it is your doing.  Today’s Lesson is on flooding a network with random MAC addresses.

Switch Behavior If you fill up a switches table with random mac addresses different vendors switches will behave differently.

Cisco switches will keep original MAC address . . . → Read More: Flood network with random MAC addresses with macof tool

2 comments   Tools

Top Security Hacking Tools & Utilities

posted this in Hacking on November 8th, 2010

Top Security Hacking Tools Penetration Testing

Tools:

Metasploit Project – open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development Netwag – Graphical front end for netwox which contains 223 tools Netcat – Computer networking service for reading from and writing network connections using TCP or . . . → Read More: Top Security Hacking Tools & Utilities

Leave a comment   Hacking

GNS3 – Graphical Network Simulator Train for CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE

posted this in Defense, Hacking, Security on November 5th, 2010

GNS3 is a graphical network simulator that allows simulation of complex networks.

To allow complete simulations, GNS3 is strongly linked with :

Dynamips, the core program that allows Cisco IOS emulation. Dynagen, a text-based front-end for Dynamips. Qemu, a generic and open source machine emulator and virtualizer.

GNS3 is an excellent complementary tool to . . . → Read More: GNS3 – Graphical Network Simulator Train for CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE

One comment   Defense, Hacking, Security

Attacks on Spanning Tree Protocol with Yersinia

posted this in Hacking, Hardware, Security on October 31st, 2010

Recent Spanning Tree Protocol (STP) attack:

Tool being shown: http://www.yersinia.net/ Attack 1: Taking over the root bridge Never set the TC-ACK bit when receiving TCN BPDUs–> unnecessary flooding Keep switching between root bridge and other roles – excessive load on processor

Countermeasures

Root guard BPDU-guard Root ownership attack countermeasure – Root guard Ensures that the . . . → Read More: Attacks on Spanning Tree Protocol with Yersinia

Leave a comment   Hacking, Hardware, Security

Flood network with random MAC addresses with macof tool

posted this in Hacking, Tools on October 31st, 2010

Background

Before you can be a badass hacker you need to understand what exactly it is your doing.  Today’s Lesson is on flooding a network with random MAC addresses.

Switch Behavior If you fill up a switches table with random mac addresses different vendors switches will behave differently.

Cisco switches will keep original MAC address . . . → Read More: Flood network with random MAC addresses with macof tool

One comment   Hacking, Tools
 
  Older Entries »