WiFi WPA2 Hacking 101

| 0 comments

I want to introduce the idea of breaking WPA2 security by obtaining the password defined by a given network. The reason I am writing about this is both for educational reasons and from the perspective of strengthening security. In many ways I wish I could say that I surprised about just how easy it is cracking a WiFi password, but many people I talk with seem to think that Wi-Fi Protected Access II (WPA2) itself is he gatekeeper. Of course this is not true and just like anything else where a password is involved the password itself is the gatekeeper. …

Continue reading

How To Defend Against Cross Site Scripting With Microsoft .NET 4.5 AntiXss

| 0 comments

One of the most common threats to websites is cross site scripting (XSS) which is the idea that a malicious user is attempting to load content into your website. Examples include JavaScript and HTML. This attack is carried out typically via a form input or query string. XSS can result in very nasty results which include content modification or worse hijacking user account information. If you’re asking yourself how you can possibly reduce the likelihood of this threat, the answer is simple. Encode and never trust user input under any circumstance. It is not that all users are attackers, but …

Continue reading

Down In The Weeds With sqlmap

| 0 comments

Here I plan to take a look at sqlmap and the capabilities that it provides in order to identify weakness in security so that this weakness can be addressed before a breach occurs. The tool sqlmap, like many tools, can both be used for good and bad depending upon the role of the individual. I approach this tool as a mechanism to perform penetration testing in order to uncover the vulnerabilities that otherwise may go unnoticed. If you are not sure what sqlmap is the best way I can define this tool is that it is an open source penetration …

Continue reading

Cookie Poisoning: Not Your Grandmother’s Cookies

| 0 comments

Cookie poisoning is a recognized technique mainly for achieving impersonation, breach of privacy, or even modification that could result in lost bossiness through manipulation of session cookies, which maintain the identity of the client. By poisoning these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to poison session cookies stems from the fact that the tokens are not generated in a secure way. Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Stories about exploits that compromise sensitive data frequently mention culprits …

Continue reading

A Word To The Wise: Secure Your Data Please

| 0 comments

Every day that I continue to use the Internet is another day that becomes more and more painfully clear to me that people or organizations have no idea just how vulnerable they are to possible attacks. Just recently the Washington Post reported that China is likely behind a cyber attack that resulted in obtaining access to a confidential report that contains details on two dozen of advanced weapon system owned by the United States. Now it does not take a rocket scientist to understand the severity of this situation. You may be asking yourself how can I protect myself, employees, networks, …

Continue reading

Hacking 103: Attacking Servers And Services With Hydra

| 0 comments

Now that I have covered Hacking 101: Footprinting Using Nothing But A Web Browser and Hacking 102: Active Footprinting With Nmap it is time to move into a physical attack upon the servers and servers that we have found in the course of investigation. There are a number of tools available in Kali Linux which include Medusa and Ncrack, but for the purposes of this article will will be using Hydra which is a very fast network logon cracker which support many different services. In this article we will take a look at the following attacks which are FTP and …

Continue reading