877.791.9571 |

Monthly Archives: April 2011

An introduction to Bash Scripting for automating some nmap recon

This is a brief intro to automating recon through bash scripting. This example uses nmap scans that we’re automating.  We teach this and much more in our penetration testing and  ethical hacking courses. This is on the list of my ideal skill-sets for penetration testing – so you can […]

Man In The Middle – Demystified

This is a complete demo of MitM

Information security at home.

There seems to be a large disconnect between what the average home user knows about security and what people are expected to know at work. One of the big threats that’s often overlooked is the security gap that exists when corporate employees are given VPN access and allowed to […]


Our first Interview is coming soon. Subscribe to the newsletter or RSS to be alerted of all new articles and interviews as they’re posted to the resources.infosecinstitute.com site.

The Biggest Gap in Information Security is…?

As a person who’s committed to helping raise awareness in the security community as a whole, I’ve often found myself asking this question. While there are several issues that I think contribute to the state of information security today, I’m going to outline a few of the major […]

DOS Commands

tree > directory.txt  (creates a directory tree of the current directory in a text file named directory.txt)

tree /F > directory.txt  (creates a directory tree plus all files and extensions of the current directory in a text file named directory.txt)

use && between command to do multiple commands at once. (string commands together)

tasklist | […]

Helix Mounting

umount /media/sda1
This makes sure that the drive is unmounted. It may generate an error if the drive is not mounted,
but that is ok.
mount -o rw /dev/sda1 /media/sda1
This will mount the drive as read/write, while the umask=000 options allows all users to read,
write, and execute files on the media.
umount /media/sda1

+Darren […]

CISM Domain – Information Risk Management

CISM Chapter 2 – Information Risk Management (IRM)

IRM accounts for 22 percent of the CISM exam or about 44 questions.  In 2010, ISACA reorganized the CISM Review Manual and separated each chapter into two major sections.  Section 1 of each chapter contains the definitions and objectives with the corresponding […]

Grep Essentials


The grep utility, which allows files to be searched for strings of words, uses a syntax similar to the regular expression syntax of the vi, ex, ed, and sed editors. grep comes in three flavors, grep, fgrep, and egrep, all of which I’ll cover in this article.

The name grep is derived from the editor […]

What is DLL Hijacking?


“Thanks for letting me know. I will be fine with a link to my post. You
don’t have to take it […]

Backtrack Essentials

How to start DHCP in Backtrack 4 pre-final

ifconfig eth0 up (or use whatever your card is, eth0 is a common default. This command basically brings up whatever interface you specify.)

/etc/init.d/networking start (this commands starts networking and sends a dhcpdiscover broadcast out on usually eth0)

Mac Shortcuts

Learn about common Mac OS X keyboard shortcuts. A keyboard shortcut is a way to invoke a function in Mac OS X by pressing a combination of keys on your keyboard.
To use a keyboard shortcut, or key combination, you press a modifier key with a character key. For example, […]

Metasploit Extras

./msfcli | grep osx/ (grep for only osx exploits)

./msfcli | grep windows/browser/ (grep for only windows browswer exploits)
rexploit (reloads exploit)

info exploit name (gives information about a specific exploit.)

SEH Based Overflow Exploit Tutorial

This tutorial will cover the process of writing an SEH based buffer overflow exploit for a known vulnerability in the Vulnserver application.

Vulnserver is a Windows server application that deliberately includes a number of exploitable buffer overflow vulnerabilities, and was designed to act as a target application to teach and […]

Useful Linux Commands

echo 1 > /proc/sys/net/ipv4/ip_forward enables ipv4 forwarding on backtrack, and other distros.

Bash commands
cut -d” ” -f2 > new  (cuts from an nmap grepable scan file and leave only ip. the grep file looks like this;
Host: () Ports: 139/open/tcp//netbios-ssn///
Host: () Ports: 139/open/tcp//netbios-ssn///

we’re using a delimiter of space -d” ” and […]

By |April 26th, 2011|Other|1 Comment

Insecure Defaults Lead to Mass Open Proxies in China

Description: A bug in Chinese video streaming software leads to mass open proxies on the web.
A security blogger has uncoverd a flaw in the Chinese PPLive video streaming software. A new port, TCP port 9415, was appearing regularly on websites that list open proxies. Most of these open proxies were based […]

By |April 25th, 2011|Other|0 Comments

OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF)

Our discussion of OWASP Top 10 Tools and Tactics garnered enough interest to warrant a closer look at each vulnerability as a separate entity with a specific example for deeper analysis. Forgive me in advance […]

CISM Domain – Information Security Governance

CISM Domain 1 – Information Security Governance (ISG)
ISG accounts for 23 percent of the CISM exam or about 46 questions. In 2010, ISACA reorganized the CISM Review Manual and separated each chapter into two major sections. Section 1 of each chapter contains the definitions and objectives with the corresponding […]

TDSS part 3: Bootkit on the Other Foot

In this final article in this series, we will describe the process of loading the bootkit previously discussed in “TDSS part 1: the x64 Dollar Question” and “TDSS part 2: Ifs and Bots”. First of all we explain briefly how the normal boot process is handled on different systems, […]

TDSS part 2: Ifs and Bots

In our previous Infosec Institute article, “TDSS part 1: the x64 Dollar Question”, we looked at the distribution and installation mechanisms used by TDL4. For the second part of the series, we look in more depth at the internals of the malware, starting with the user-mode implementation of the […]