Homebrew and not the beer kind

| 0 comments

Recently I had a need to install wget and Python on OS X Mavericks and anyone running a Mac can understand the pain point with installers outside of the Apple App Store. Before anyone starts asking the question why not use curl? That is like asking why not use Microsoft Windows? Now I am not bashing Windows because I use this  operating system depending upon my needs and task at hand. As a side note, it is possible to use Xcode and curl to compile and install wget, but why work harder rather than smarter? If you wish to take …

Continue reading

What can we learn from the 2013 Adobe database breach

| 0 comments

Early October 2013, Adobe announced that they fell victim to a cyberattack and their database was breached to the degree that 2.9 million customers are impacted in one way or another. From my point of view it is great that Adobe regrets the incident and apologizes for the inconvenience, but I believe that we as consumers should and must demand so much more than a simple “we are sorry”. In the event this breach is new to you, then I urge you to visit Troy Hunt’s new site ‘;–have i been pwned? Troy has done an exceptional job at bringing …

Continue reading

Fingerprinting a web server with httprecon

| 0 comments

Web applications unfortunately are vulnerable and for this reason they are often the gateway for attacks. An attacker is going to perform reconnaissance to understand where a weakness may reside. Of course understand what web server platform is running is critical to understand what type attack may or may not be successful. In other word, knowing the application server one can then begin investigation into what vulnerabilities may exist. There are a variety of tools and mechanisms you may employ to fingerprint your target. One such tool is httprecon and the user interface is very simple and provides a wealth …

Continue reading

How to be sneaky and hide data using alternate data streams

| 0 comments

Have you heard of Alternate Data Streams (ADS)? If not, sit back and relax and learn what you can do with ADS. Before I get to far into the subject it is important to understand what ADS is used for. In short, ADS was introduced with the Microsoft NTFS file system and allows for more than a single stream of data to be associated with a file. So what does this really mean? Have you ever looked at the properties on a given file? If so, you have likely noticed the data entry areas for the author or title attributes. …

Continue reading

Create a penetration testing lab and let the hacking begin

| 0 comments

If you are interested in sharpening your skills or simply interested in getting started with penetration testing this this article will be of interest. The hard cold truth is that under no circumstances should you ever perform penetration testing on any network or resource that you do not own or have explicit written permission. There are a number of virtual solutions out there which include VMWare, Parallels, and VirtualBox just to name a few. I leave the decision up to you as to what works best in your given environment. For me that answer is Virtualbox and I am running …

Continue reading

20 introductory Nmap command examples for the technology professional

| 0 comments

I’m not going to attempt to cover what Nmap is and what it can do. Rather the author states: Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of …

Continue reading