Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address and bind it to your account, and the fact that some of them don’t even seem to wait for a court order to turn your info over, it becomes apparent that your MAC address essentially is your identify, but I of course disagree with this! One particularly useful hack is to change your MAC address. This can be useful if you want to make it a bit more difficult to track your device down. Thus, changing your MAC address is highly desirable for a number of reasons. If you curious about finding the manufacturer and location of a given MAC …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of the greatest risks to organizations because often these applications are either public facing, open to business partners and of course employees (the insider threat). The fact is web applications are a rich target because there are so many different attack vectors. For example, the following five examples a very often used and very easy to exploit once vulnerabilities have been identified. Cross-site scripting (XSS): Is the act of injecting lines of code into web pages in some shape or fashion. If not defended against, malicious code will eventually lead to a breach. Session Hijacking: Each unique user is assigned a …

Continue reading

Intelligence and Security Professional Certification

| 0 comments

Next month I embark upon my journey with the Center for Governmental Services at Auburn University to obtain intelligence analytic trade-craft skills essential for analysts in today’s operational environments. My goal is to develop skills in the handling and analysis of locally generated information, intelligence as related to homeland security, and classified and unclassified intelligence generated from the various intelligence communities. This study should prove to be very informative and educational to say the least. The fact that the faculty are former senior intelligence officers and managers from the CIA, DIA, NRO, NSA, State/INR, NGA, ODNI, Military Service intelligence components, and Capitol Hill says it all. If I am going to learn anything, then it makes sense to learn from those who have walked the path. The coursework includes the following subject matter: Introduction to U.S. Intelligence Intelligence For Policy Makers Risk Awareness Intelligence Operational Intelligence Intelligence Budget Process Cyber: Corporate Risk & Responsibility Intelligence Collection Analyst Training: Writing, Analysis, and Preparing Briefings National Security Policy Process History of U.S. Intelligence Homeland Security Intelligence Counter Terrorism: Actionable Intelligence Intelligence and the Law

Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your target is a big Simpsons fan, then it makes sense to create a word list that maps to keywords amongst those fans. By taking this approach, you may find that you spend less time cracking a password, at least that is the idea. Of course, this means you must know the target somewhat well and to gather this type of intelligence all you need to do is turn to social media or any other internet resource. For those of you who work in security or worry about privacy, you understand the fact that individuals typically share entirely to much detail …

Continue reading

Find and correct WordPress vulnerabilities using WPScan

| 0 comments

If you run a WordPress based website then you should sit up, pull out your notepad, and carefully consider the idea of running WPScan on your site in order to if you have any security vulnerabilities that may require your attention. This is not to say that WordPress is vulnerable per say, but the fact is all software contains some level of vulnerabilities and the more you know, the more you will understand and be able to better protect your site. You may be surprised to learn that CVE has 177 documented vulnerabilities over the years concerning WordPress. If you are really interested in better protecting your site then you absolutely must take the time to read about hardening WordPress. For example, there are a number of excellent recommendations in the areas of securing wp-admin, securing wp-includes, securing wp-config.php, disable File Editing, and so much more. It would be well worth the time and effort reviewing and possibly implementing these recommendations to better protect your site. In fact, as I was researching this article I found one recommendation that I had not considered and after reading that I could add a second layer of protection to my wp-includes folder structure …

Continue reading