Blog

Raspberry Pi Attack

On July 12th, 2012, posted in: Instructional by Comments Off

So for anyone who doesn’t know what a rasberry pi is the best way to describe it is a small computer around the size of an iPhone. It has a few usb ports,HDMI,Ethernet and power connection. The great thing about this device is the size meaning you could easily hide it away on a clients..

read more

Geo Tagging

On July 12th, 2012, posted in: Instructional by Comments Off

What is Geotagging? “Geotagging (also written as GeoTagging) is the process of adding geographical identification metadata to various media such as a geotagged photograph or video, websites, SMS messages, QR Codes[1] or RSS feeds and is a form of geospatial metadata. This data usually consists of latitude and longitude coordinates, though they can also include..

read more

To program or not to program that is the question?

On June 23rd, 2012, posted in: Instructional by Comments Off

Many new people to Pen Testing often find themselves asking this question: Do I have to be able to write code in order to be a good Pen Tester? I wanted to try and answer this firstly by saying it depends, although it’s good to sit on the fence as I think if you are..

read more

Making a name for yourself

On June 23rd, 2012, posted in: Instructional by Comments Off

One of the best ways to get noticed in this industry is to make a name for yourself and here are some tips on how to do this. 1) Attend conferences and network this is really easy to do depending on where you are in the World. There are loads of conferences in the USA..

read more

Brute Forcing

On June 13th, 2012, posted in: Instructional by Comments Off

At some stage or another we have all used Hydra or Medusa to brute force SSH or another protocol. One of the great things about security is there is always another way to do something. Therefore in this entry I would like to introduce you to some alternatives to Hydra and Medusa. Ncrack http://nmap.org/ncrack/ is..

read more

Why do so many websites fail with Passwords?

On June 13th, 2012, posted in: Instructional by Comments Off

It seem only more apparent this week that so many websites fail at storing user passwords, with the password dump of Linkedin, eharmony and lasfm password this week. The scary thing about it, is there are sites that don’t even use any encryption methods to store user passwords and this can be proven usually with..

read more

Hardening WordPress

On June 6th, 2012, posted in: Instructional by Comments Off

WordPress is a common bit of software that most people use for websites or blogs but not many take the time to secure it. I recently installed WordPress on my website and of course I wanted to make it as secure as possible so I did some research into it. I wanted to share the..

read more

Social Engineering Tips

On June 6th, 2012, posted in: Instructional by Comments Off

Social Engineering is one of my favorite subjects, this is because it’s so hard to defend against and can be very effective. It does not matter how much you spend on Firewalls, IDE, CCTV and security guards, if I can walk into your building unchallenged and pick up a computer or any sensitive data there..

read more

7 “hacker” tools I use in every web app test

On May 2nd, 2012, posted in: Instructional by 1 Comment

I noticed that Tom has done a list of the most common tools he used on a pentest. I want to follow up on this and do one for web application testing since this is more my background. So the tools I will use in every web application tests are: Firefox – plugins foxy proxy,tampa..

read more

8 “hacker” tools I use in every pentest

On April 27th, 2012, posted in: Instructional, Tools by 1 Comment

I am often asked what tools I use during my pentesting, so I decided to share a list of the eight tools that I use every pentest. You might be surprised what is listed, since most of them aren’t mentioned often when discussing hacker tools. So, in no certain order, the eight tools I use..

read more