Blog
Raspberry Pi Attack
So for anyone who doesn’t know what a rasberry pi is the best way to describe it is a small computer around the size of an iPhone. It has a few usb ports,HDMI,Ethernet and power connection. The great thing about this device is the size meaning you could easily hide it away on a clients..
read moreGeo Tagging
What is Geotagging? “Geotagging (also written as GeoTagging) is the process of adding geographical identification metadata to various media such as a geotagged photograph or video, websites, SMS messages, QR Codes[1] or RSS feeds and is a form of geospatial metadata. This data usually consists of latitude and longitude coordinates, though they can also include..
read moreTo program or not to program that is the question?
Many new people to Pen Testing often find themselves asking this question: Do I have to be able to write code in order to be a good Pen Tester? I wanted to try and answer this firstly by saying it depends, although it’s good to sit on the fence as I think if you are..
read moreMaking a name for yourself
One of the best ways to get noticed in this industry is to make a name for yourself and here are some tips on how to do this. 1) Attend conferences and network this is really easy to do depending on where you are in the World. There are loads of conferences in the USA..
read moreBrute Forcing
At some stage or another we have all used Hydra or Medusa to brute force SSH or another protocol. One of the great things about security is there is always another way to do something. Therefore in this entry I would like to introduce you to some alternatives to Hydra and Medusa. Ncrack http://nmap.org/ncrack/ is..
read moreWhy do so many websites fail with Passwords?
It seem only more apparent this week that so many websites fail at storing user passwords, with the password dump of Linkedin, eharmony and lasfm password this week. The scary thing about it, is there are sites that don’t even use any encryption methods to store user passwords and this can be proven usually with..
read moreHardening WordPress
WordPress is a common bit of software that most people use for websites or blogs but not many take the time to secure it. I recently installed WordPress on my website and of course I wanted to make it as secure as possible so I did some research into it. I wanted to share the..
read moreSocial Engineering Tips
Social Engineering is one of my favorite subjects, this is because it’s so hard to defend against and can be very effective. It does not matter how much you spend on Firewalls, IDE, CCTV and security guards, if I can walk into your building unchallenged and pick up a computer or any sensitive data there..
read more7 “hacker” tools I use in every web app test
I noticed that Tom has done a list of the most common tools he used on a pentest. I want to follow up on this and do one for web application testing since this is more my background. So the tools I will use in every web application tests are: Firefox – plugins foxy proxy,tampa..
read more8 “hacker” tools I use in every pentest
I am often asked what tools I use during my pentesting, so I decided to share a list of the eight tools that I use every pentest. You might be surprised what is listed, since most of them aren’t mentioned often when discussing hacker tools. So, in no certain order, the eight tools I use..
read more