Creating a proxy chain in Linux

| 0 comments

There obviously are time that you may want to make use of a proxy server in order to provide yourself a level of anonymity that you may otherwise no have. Proxies also provide benefits in terms of restricted content that may be filtered with your region or country. Think of it this way, if YouTube is blocked in the Middle East then a proxy may help you to overcome that block. Now to be clear a proxy server also helps to increase performance by storing a copy of frequently used webpages. When a browser requests a webpage stored in the …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of …

Continue reading

Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your …

Continue reading

Find and correct WordPress vulnerabilities using WPScan

| 0 comments

If you run a WordPress based website then you should sit up, pull out your notepad, and carefully consider the idea of running WPScan on your site in order to if you have any security vulnerabilities that may require your attention. This is not to say that WordPress is vulnerable per say, but the fact is all software contains some level of vulnerabilities and the more you know, the more you will understand and be able to better protect your site. You may be surprised to learn that CVE has 177 documented vulnerabilities over the years concerning WordPress. If you …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I …

Continue reading