Archive for July 2012

SSH Cracking Backtrack 5 Video Tutorial

SSH is a network protocol which allows you to connect the remote computer securely, SSH is just like telnet but telnet is not secure while SSH is a secure channel for communication. We have already discussed SSH before and in this tutorial I will show you how to crack a SSH to get the password because if you know the username and password then it is very for an attacker to get the remote shell of the victim.

How to Exploit an Iframe Vulnerability & Security

Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to spread their malwares and worms, and they use the compromised websites for spamming and other purposes. OWASP has created an outline to secure a web application from the most dangerous vulnerabilities in web application, but it is always good to be actively learning about the new weaknesses and the new ways that an attacker might use to hack into a web application. 

SP Toolkit - spt Phishing Toolkit

The basic idea we (the spt project) had was that wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization:  the people.  Since the founders of the spt project are themselves information security professionals by day (and possibly either LOL cats or zombies by night), they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen. 

OWASP Top 10 Tutorial

OWASP has categorized the top 10 vulnerability for web application, website hacking is very common now a days so the security testing on a web application is very important because it seems to be very difficult to recover a data after a hacking attack. OWASP top 10 is a standard to conduct a penetration testing on a web server, we have discussed the first part of this article before and this article will discuss the remaining part.

How to Prevent Social Engineering Attacks

This post is about social engineering. It will cover some of the dangers of social engineering and focus more on what a corporation or a company can do to help better prepare their employees for those kinds of situations.

Ghost Phisher - Phishing & Penetration Attacks

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks.

Bugtraq-1 Final - Pentesting Distro Linux

We have previously discussed the Penetration testing Linux distribution Bugtraq and the bugtraq team has released the final version called bugtraq-1 final, the team offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can install from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel and the kernel has been patched for better performance and to recognize a variety of hardware, including wireless injection patches pentesting other distributions do not recognize.

OWASP Top 10 Vulnerabilities & Exploitation

Once upon a time there was no Internet and there was no concept of the Web. But time has passed and today we have a technology called the Internet.
In earlier versions of the Internet there were only static web pages with limited ability to interact with users. Today every business has its own identity on the Internet and there is advance commerce taking place online. Businesses depend on the Internet because of its high flexibility and speed. The main point I want to discuss is the importance of web applications. The era of static web pages is over and now we have user-friendly web pages that built from multiple types of scripts (Perl, PHP, ASP, etc.).

Result & Solution of Image Cracking Challenge

There was a challenge has been published on the blog to find the secret message(s) hidden on the images, the challenge contain the brief information of the background story and the requirements it was a small practice so that everyone can evaluate their knowledge and skills. So in this article I will show you the technique to find the hidden message and I will announce the name of the people who has successfully found the messages.

InfoSec Institute CISSP Course Review

Certifications are very important in the field of information security. There are various organizations out there who provide different certificates that measure an individual’s skills from beginner to advance and which even include qualifications for the managerial aspects of information security. You might have heard about different certifications like skill sets such as ethical hacking, computer forensics, and most definitely, CISSP. A Certified Information Systems Security Professional (CISSP) is an individual who has acquired a skill set recognized internationally by the International Information Systems Security Certification Consortium; formally known as (ISC)2.

CrystalAEP - Anti-Exploit Protection Tool

CrystalAEP is designed to provide frontline protection against Internet-borne threats such as viruses and malware. Unlike the typical anti-virus program, Crystal does not attempt to recognise threats based on signatures, and does not require constant updating to protect against the latest threats. Crystal works instead by manipulating at-risk software while it runs to help form an environment which is hostile to Internet worms, malware and other types of malicious code.

WebVulScan Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.