In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks. This would involve a sequence of steps, like capturing […]
Android fans such as myself have been eagerly anticipating the upcoming new stable version of Android, 5.0 Lollipop.
Android 5.0 was introduced with the codename “Android L” at the Google I/O convention in June 2014. At the time, we didn’t know if “Android L” was going to be 4.5 or […]
In this article we will learn about a transition technology in networking known as Teredo tunneling. There are various transition technologies already in place such as 6to4, but because of some shortcoming of the existing technologies, Teredo was developed. Teredo has some security considerations which will be covered later […]
In October 2008, an assassination attempt against exiled former Pakistani Prime Minister Benazir Bhutto was carried out by al-Qaeda operatives in the form of a roadside bombing of her caravan. The first sign that an attack was about to occur, according to witnesses, was the sudden switching off of public streetlights […]
XXE (XML External Entity attack) is now increasingly being found and reported in major web applications such as Facebook, PayPal, etc. For instance, a quick look at the recent Bug Bounty vulnerabilities on these sites confirms this. Although XXE has been around for many years, it never really got […]
In the 3rd century BC, the Chinese Emperor Qin Shihuang attempted to destroy original Confucian texts and killed scholars who had knowledge in those texts. This event is known as “fénshū kēngrú” (in English: the burning of books and burying of scholars). At least since that time, the […]
The year is 2045. A 31-year-old woman is brought to the hospital complainingof headaches and fever. The doctors identify a species of equine encephalitis, a mosquito-borne virus, in her blood. In the first two decades of the 21st century, there was not a cure for this type of […]
Benjamin Franklin once said, “If you fail to plan, you plan to fail.” This quote summarizes the importance of online encryption policy and hands-on implementation within an organization.
Though you may have the best IT department in the world and advanced computing resources, if there are no written methodical steps […]
Also known as the term additive manufacturing (AM), 3D printing is a process for making a three-dimensional object of almost any shape starting from a 3D model or other electronic data source.
Through additive processes, a 3D printer adds successive layers of material to compose the final shape under the […]
In the first part of our article we solved the first three challenges, so in this article we will continue with rest of the challenges.
CHALLENGE #4: OUCH!
TRACE FILE: challengeattack.pcapng
BACKGROUND: These capture files were taken from a network that was experiencing a “zero-day” attack and was completely overwhelmed. It is […]
In this article we will learn about a very famous security product of Microsoft known as Microsoft Direct Access. It is a product built over an old security concept of Virtual Private Network (VPN), but with completely different technology. So let’s dig deeper into this.
What is DirectAccess?
DirectAccess, also known […]
The sharkfest challenge was organized by Wireshark University. There are seven challenges related to the trace files analysis. In each challenge, there are some questions we have to answer by analyzing the captured trace files. The sharkfest challenge trace files can be downloaded from the reference links. In this […]
Your health is your life
Keeps you alive
Hillside Avenue by Simply Red
Written by Mick Hucknall
Courtesy of EMI Music Publishing Ltd/So What Ltd
In the past few years, I’ve written about security vulnerabilities that exist in home security systems, in industrial SCADAs, in ATMs, voting machines, and embedded computers in motor vehicles. […]
Here is another interesting challenge we are going to solve. The vulnerable machine name is Flick. As usual, we started the game by hosting the image in a virtual machine and running an Nmap scan on the target.
We found two ports: 22 running OpenSSH and an unknown service on […]
Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the […]
We live in a world that’s becoming ever more dependent on the various digital products at our disposal. From the average man on the street making purchases on his phone to huge multinational companies taking hundreds of thousands of dollars in payments from wide and varied customer bases, technology […]
In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a great deal in developing an exclusion list for monitoring files and folders.
There are some critical system files, folders, and registry keys that are […]
Shellshock [CVE-2014-6271]: Another Attack Vector – Bluffing IPS/IDS Sensors With Python Crafted Pkts
While a lot of online websites and blogs are explaining the vulnerability damage, providing PoC scripts and repetitive information, here we will look into another angle of this vulnerability!
Without a doubt you’ve heard earlier last week that Shellshock was landed, allowing hackers to easily exploit many web servers that […]
In spite of the abundant availability of enterprise software designed to help businesses be more productive, cost-effective, and security conscious, most businesses today still rely on email as their primary business communication, collaboration and file sharing tool.
But why is this the case? Simply put, businesses are reluctant to stop […]
With the number of employees telecommuting, traveling often or working remotely on the rise, the conventional corporate security model is undergoing a major shift. With the availability of VPN (Virtual Private Network) technologies allowing ubiquitous access to company systems, networks and servers, the standard security perimeter many enterprises once […]