Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your …

Continue reading

Authoring effective Linux shell scripts

| 0 comments

The act of authoring shell scripts can provide a great deal of effectiveness when working within the Linux operating system no matter what the task may be. If you have experience with Linux, you know that there what seems to be an number of scripts available out of the box. This can clearly cause confusion in the area of name collisions in the event you were not aware a script with a name exists with the name of the custom script that you are creating. one thing you can do is run the which command and this will return a …

Continue reading

Find and correct WordPress vulnerabilities using WPScan

| 0 comments

If you run a WordPress based website then you should sit up, pull out your notepad, and carefully consider the idea of running WPScan on your site in order to if you have any security vulnerabilities that may require your attention. This is not to say that WordPress is vulnerable per say, but the fact is all software contains some level of vulnerabilities and the more you know, the more you will understand and be able to better protect your site. You may be surprised to learn that CVE has 177 documented vulnerabilities over the years concerning WordPress. If you …

Continue reading

Cracking MD5 using Hashcat

| 0 comments

If you are not familiar with Hashcat then you are in luck. Before I get started, Wikipedia states Hashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. It is available free of charge, although it has a proprietary codebase. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others. The MD5 message-digest algorithm is a cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text …

Continue reading

Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I …

Continue reading