Life in a digital world means little or no privacy

| 0 comments

I want to start 2014 off by looking at security and privacy. One can argue that we are more secure today than we were just a few short years ago, but security comes at a cost and that cost is privacy. During discussions with others that I come into contact with, I am disturbed when I hear the response “if you are doing nothing illegal then you have nothing to worry about”. Obviously these individuals have not idea what privacy means. For those individuals, the Webster Dictionary defines privacy as the state of being alone. For those of you who …

Continue reading

Fingerprinting a web server with httprecon

| 0 comments

Web applications unfortunately are vulnerable and for this reason they are often the gateway for attacks. An attacker is going to perform reconnaissance to understand where a weakness may reside. Of course understand what web server platform is running is critical to understand what type attack may or may not be successful. In other word, knowing the application server one can then begin investigation into what vulnerabilities may exist. There are a variety of tools and mechanisms you may employ to fingerprint your target. One such tool is httprecon and the user interface is very simple and provides a wealth …

Continue reading

Time to go phishing with the Social Engineering Toolkit (SET)

| 0 comments

Social Engineering is a very intriguing art of exploiting trust of others. For the most part people are trusting of one another and because of this trust, a person may be tricked into performing and action even if in the back of their mind the feel something is wrong. Think about for a moment. The act of Social Engineering is not anything new because since the dawn of man there has always been those who carry out a confidence trick, which is also better known as a con game. The difference today is these con games are often carried out …

Continue reading

The journey of becoming a Certified Information Security Professional

| 0 comments

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC)2. As of November 2013, (ISC)2 reports 90198 members hold the CISSP certification worldwide, in 149 countries. In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement. The CISSP has been adopted as a baseline for the U.S. National Security Agency’s ISSEP program. The CISSP …

Continue reading

How to be sneaky and hide data using alternate data streams

| 0 comments

Have you heard of Alternate Data Streams (ADS)? If not, sit back and relax and learn what you can do with ADS. Before I get to far into the subject it is important to understand what ADS is used for. In short, ADS was introduced with the Microsoft NTFS file system and allows for more than a single stream of data to be associated with a file. So what does this really mean? Have you ever looked at the properties on a given file? If so, you have likely noticed the data entry areas for the author or title attributes. …

Continue reading

Create a penetration testing lab and let the hacking begin

| 0 comments

If you are interested in sharpening your skills or simply interested in getting started with penetration testing this this article will be of interest. The hard cold truth is that under no circumstances should you ever perform penetration testing on any network or resource that you do not own or have explicit written permission. There are a number of virtual solutions out there which include VMWare, Parallels, and VirtualBox just to name a few. I leave the decision up to you as to what works best in your given environment. For me that answer is Virtualbox and I am running …

Continue reading