Create a penetration testing lab and let the hacking begin

| 0 comments

If you are interested in sharpening your skills or simply interested in getting started with penetration testing this this article will be of interest. The hard cold truth is that under no circumstances should you ever perform penetration testing on any network or resource that you do not own or have explicit written permission. There are a number of virtual solutions out there which include VMWare, Parallels, and VirtualBox just to name a few. I leave the decision up to you as to what works best in your given environment. For me that answer is Virtualbox and I am running …

Continue reading

What is ping all about?

| 0 comments

If you have used a computer more than say a single day, I am sure that you are well aware of ping. If not, then you are in for a treat! Well I suppose it may not be a treat in some opinions, but this is an utility that you should take time to learn about and appreciate. Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. Ping operates by sending …

Continue reading

8 week self study bootcamp for security professionals

| 0 comments

It is important from time to time that we all revisit terminology. For this reason I have put together the following resources in the hopes of learning something new or at the very least bringing back things that we all have learned in years past. In the course of looking for material, I found a number of wonderful lectures from MIT and other various resources. Each of this lectures are licensed under the Creative Commons license. Each week is made up of related categories and there are typically anywhere from one to four topics for review. In the event you …

Continue reading

20 introductory Nmap command examples for the technology professional

| 0 comments

I’m not going to attempt to cover what Nmap is and what it can do. Rather the author states: Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of …

Continue reading

How to exploit a website

| 0 comments

A website is only as secure as those who support the infrastructure. Also you must realize that nothing can ever be 100% secure and all you can really do is look at the risks and implement measures to reduce those risks. Take the time to review the OWASP 2013 Top Ten risks and you will quickly begin to visualize the security landscape, attack vectors, and involvement of personnel. If you are interested in top notch education jump over to PluralSight’s security course titled OWASP Top 10 Web Application Security Risks for ASP.NET. Please stay with me for a moment, but …

Continue reading

WiFi WPA2 Hacking 101

| 0 comments

I want to introduce the idea of breaking WPA2 security by obtaining the password defined by a given network. The reason I am writing about this is both for educational reasons and from the perspective of strengthening security. In many ways I wish I could say that I surprised about just how easy it is cracking a WiFi password, but many people I talk with seem to think that Wi-Fi Protected Access II (WPA2) itself is he gatekeeper. Of course this is not true and just like anything else where a password is involved the password itself is the gatekeeper. …

Continue reading