Creating a proxy chain in Linux

| 0 comments

There obviously are time that you may want to make use of a proxy server in order to provide yourself a level of anonymity that you may otherwise no have. Proxies also provide benefits in terms of restricted content that may be filtered with your region or country. Think of it this way, if YouTube is blocked in the Middle East then a proxy may help you to overcome that block. Now to be clear a proxy server also helps to increase performance by storing a copy of frequently used webpages. When a browser requests a webpage stored in the …

Continue reading

Script and automate Kali Linux updates

| 0 comments

While automated updates is debatable and a personal preference, I prefer running on the edge, especially within my sandbox environment. Of course, production environments may benefit from automated updates and only you can make the decision. To perform this automation we will make use of a bash shell and a cron job. The latter will perform the automation job whereas the former will perform the update. All of this is really simple and easily achieved. The bash shell may be altered to your taste. For the purpose of this article, I am not only going to script the updates, but …

Continue reading

Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of …

Continue reading

Intelligence and Security Professional Certification

| 0 comments

Next month I embark upon my journey with the Center for Governmental Services at Auburn University to obtain intelligence analytic trade-craft skills essential for analysts in today’s operational environments. My goal is to develop skills in the handling and analysis of locally generated information, intelligence as related to homeland security, and classified and unclassified intelligence generated from the various intelligence communities. This study should prove to be very informative and educational to say the least. The fact that the faculty are former senior intelligence officers and managers from the CIA, DIA, NRO, NSA, State/INR, NGA, ODNI, Military Service intelligence components, …

Continue reading