Technology is the government’s oldest best friend

| 0 comments

Recently we have all most likely have heard the news concerning the National Security Agency (NSA) is currently collecting the telephone records of millions of US customers of Verizon. This is extremely disturbing and while I have my own personal opinions as to what is or is not acceptable, this has clearly crossed the lines of trust in my humble opinion. In what world do we live that the government can simply cast a net so vast as to have this type of data for the purpose of seeking out those who are conducting illegal activities? I have heard others …

Continue reading

Cookie poisoning: Not your grandmother’s cookies

| 0 comments

Cookie poisoning is a recognized technique mainly for achieving impersonation, breach of privacy, or even modification that could result in lost bossiness through manipulation of session cookies, which maintain the identity of the client. By poisoning these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to poison session cookies stems from the fact that the tokens are not generated in a secure way. Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Stories about exploits that compromise sensitive data frequently mention culprits …

Continue reading

Looking for a password or username cracking wordlist

| 0 comments

Every good white hat needs a number of solid wordlists in order to perform penetration testing. The list can come in very handy when performing brute force attacks. If you have a worlist that you would like to share, why not leave a comment for everyone to enjoy? Passwords, Dictionaries, and Wordlists CrackStation’s Password Cracking Dictionary: The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of …

Continue reading

A word to the wise: secure your data please

| 0 comments

Every day that I continue to use the Internet is another day that becomes more and more painfully clear to me that people or organizations have no idea just how vulnerable they are to possible attacks. Just recently the Washington Post reported that China is likely behind a cyber attack that resulted in obtaining access to a confidential report that contains details on two dozen of advanced weapon system owned by the United States. Now it does not take a rocket scientist to understand the severity of this situation.¬†You may be asking yourself how can I protect myself, employees, networks, …

Continue reading

Hacking 103: Attacking servers snd services with Hydra

| 0 comments

Now that I have covered Hacking 101: Footprinting Using Nothing But A Web Browser and Hacking 102: Active Footprinting With Nmap it is time to move into a physical attack upon the servers and servers that we have found in the course of investigation. There are a number of tools available in Kali Linux which include Medusa and Ncrack, but for the purposes of this article will will be using Hydra which is a very fast network logon cracker which support many different services. In this article we will take a look at the following attacks which are FTP and …

Continue reading

Hacking 102: Active footprinting with Nmap

| 0 comments

This article is a followup of Hacking 101: Footprinting Using Nothing But A Web Browser which served as an introduction to passive footprinting. There are a number of tools that you can use both on a Windows and Linux platform and I prefer to use the Backtrack Linux distro for penetration testers, more specifically I will be using Kali Linux. If Linux is not your cup of tea then you can give the following tools a look and pick and choose what you need. Wireshark which open source multi-platform network protocol analyzer. It allows you to examine data from a …

Continue reading