In this article, we will look at cracking access points using WPA-PSK or WPA2-PSK using Wifite.
If you have used tools like airodump-ng, aircrack-ng etc to crack WPA access points before, you would know that the required thing to successfully crack a WPA-PSK network is a captured WPA four-way handshake. […]
In Part IV of the Website Hacking series, we are going to look at:
Storing your email address and telephone number in <a href=mailto:*> and <a href=”tel:*> and the inherent drawbacks of these methods
Shortcomings of disguising email in markup to avoid spam and other malicious requests (disguise such as mail […]
In 2013, Imperva, a company providing information security products and services, published a study analyzing attack traffic against 60 web applications within the time period of January-March 2013. The study found that the sources of multiple attacks constitute a large percent of the total sources of attacks. For […]
If you’re a CTO or a network admin, you’ve probably memorized some of the basics of network security. Have lots of well-configured firewalls and IDS/IPS devices. Use switches instead of hubs. Make sure everyone uses complex passwords and make sure they don’t write them down anywhere. Have lots of […]
The rapid diffusion for the cloud computing paradigm and promised benefits for the adoption of cloud infrastructure are attracting a growing number of businesses and organizations.
Of course, it is essential for organizations to maximize the benefits of migration to cloud architecture by reducing costs and minimizing risks.
Cloud computing represents […]
In a scenario where a lot of users connect to a wireless network and where they occasionally lose their connections, an individual or a company can tweak the wireless router’s advanced settings to optimize the performance of users, and solve the problem of some users unable to obtain an […]
In recent weeks, security experts at Kaspersky Lab have observed several attacks on Automated Teller Machines (ATMs) which were infected by malware dubbed Tyupkin. Tyupkin is one of the most popular malwares used by criminals to compromise ATMs and force these machines to release cash on demand. Experts at […]
In this article we’re going to take a look at how to secure a WordPress installation against attackers in an IaaS virtual machine. Virtual machines can be rented with various IaaS cloud providers, and only a credit card is needed to actually rent a virtual machine, which is quite […]
When official details of the new features in Android 5.0 Lollipop were released last week, Android Smart Lock piqued my interest. It’s a lock screen controlling feature that uses Bluetooth connectivity between a user’s Android 5.0 devices to unlock phone, tablet, and smartphone screens when they’re within the broadcast […]
In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability discovered by Google researchers and is termed as a POODLE attack.IntroductionSecure Socket Layer (SSL) protocol was discovered to provide secure transmission between two parties. […]
In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks. This would involve a sequence of steps, like capturing […]
Android fans such as myself have been eagerly anticipating the upcoming new stable version of Android, 5.0 Lollipop.
Android 5.0 was introduced with the codename “Android L” at the Google I/O convention in June 2014. At the time, we didn’t know if “Android L” was going to be 4.5 or […]
In this article we will learn about a transition technology in networking known as Teredo tunneling. There are various transition technologies already in place such as 6to4, but because of some shortcoming of the existing technologies, Teredo was developed. Teredo has some security considerations which will be covered later […]
In October 2008, an assassination attempt against exiled former Pakistani Prime Minister Benazir Bhutto was carried out by al-Qaeda operatives in the form of a roadside bombing of her caravan. The first sign that an attack was about to occur, according to witnesses, was the sudden switching off of public streetlights […]
XXE (XML External Entity attack) is now increasingly being found and reported in major web applications such as Facebook, PayPal, etc. For instance, a quick look at the recent Bug Bounty vulnerabilities on these sites confirms this. Although XXE has been around for many years, it never really got […]
In the 3rd century BC, the Chinese Emperor Qin Shihuang attempted to destroy original Confucian texts and killed scholars who had knowledge in those texts. This event is known as “fénshū kēngrú” (in English: the burning of books and burying of scholars). At least since that time, the […]
The year is 2045. A 31-year-old woman is brought to the hospital complainingof headaches and fever. The doctors identify a species of equine encephalitis, a mosquito-borne virus, in her blood. In the first two decades of the 21st century, there was not a cure for this type of […]
Benjamin Franklin once said, “If you fail to plan, you plan to fail.” This quote summarizes the importance of online encryption policy and hands-on implementation within an organization.
Though you may have the best IT department in the world and advanced computing resources, if there are no written methodical steps […]
Also known as the term additive manufacturing (AM), 3D printing is a process for making a three-dimensional object of almost any shape starting from a 3D model or other electronic data source.
Through additive processes, a 3D printer adds successive layers of material to compose the final shape under the […]
In the first part of our article we solved the first three challenges, so in this article we will continue with rest of the challenges.
CHALLENGE #4: OUCH!
TRACE FILE: challengeattack.pcapng
BACKGROUND: These capture files were taken from a network that was experiencing a “zero-day” attack and was completely overwhelmed. It is […]