Clik here to view.
Applied Network Security Density
I recently visited Tokyo, Japan. Just as always, my curiosity got the best of me and I started to calculate the population density of the buildings where I was staying. Giving fudge factor of...
View ArticleClik here to view.
Simplicity is Security
Per the best of the best in presenting, what breeds a good presentation slide deck? Simplicity I want to pose a statement. “Simplicity is Security”. The reason I say this is that this day in age, at...
View ArticleClik here to view.
Pass the Hash Metasploit Demo
Here is a quick no nonsense PTH video I made for the guys over at SecurityAegis Music is Scott Brown’s contribution to the Happy 2b Hardcore Chapter Four album called “Elysium”
View ArticleClik here to view.
Corrections and Questions about Nessus on Securabit
Update I can’t say with 100% certainty that Nessus ever used NMAP as it’s base scanner, I was going off of memory. I apologize for not being perfect. Update 2 Since people can’t seem to let it go, I...
View ArticleClik here to view.
GPU Hash / Password Cracking
I recently upgraded my video card and had a rough time finding programs that fit the hype of GPU password cracking, so here is what I found so that you won’t have as hard a time. Ivan Golubev’s...
View ArticleClik here to view.
Password / Word lists
Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a...
View ArticleClik here to view.
SquareSpace, New Design and Call for Contributors
The site has been down for a while, there were a lot of factors that played into that, but mostly it was focus on some family, as I had some in town. I also came to the conclusion that it’s time to...
View ArticleClik here to view.
Packet Captures with Meterpreter - 7zip - WinDump - and Nmap-ish
So this is a pretty crafty way of getting packet captures on a target system. Definitely could be streamlined with some meterpreter scripting fu, but awesome job on the video. Metasploit meterpreter...
View ArticleClik here to view.
Burp Tip of the Day - Nikto db import
CKTricky over at http://cktricky.blogspot.com has been running an awesome Burp Tip of the Day series on his blog. After seeing him use Nikto through Burp. I decided to see if I could just export the...
View ArticleClik here to view.
Back on Twitter
I’ve been debating making this kind of post for about a week, and I apologize for the RSS spam. But it was getting a bit repetitive telling people via DM, email or other communication what happened....
View ArticleClik here to view.
APPLE: A Modern Day Willy Wonka Story
Yes, I just called everyone who works at Apple an Oompa Loompa, but I digress: I was reading Brooke Crothers’ story on the Apple ‘gag’ order [1] and couldn’t help but think of how Apple has created an...
View ArticleClik here to view.
Hacking Crazy Taxi
I had a bet with my friend about getting #1 on the Crazy Taxi high score page (== motivation for this post). For those who have not been introduced to it yet, it’s a Facebook/Flash/2.0 resurrection of...
View ArticleClik here to view.
NoVA Hackers
I created a google group for the NoVA Hackers meetups (Formerly known as NoVASec Luncheons) I have added some permissions to the group to maximize privacy options while still allowing for interaction...
View ArticleClik here to view.
Getting your n00b fill of security
Continuing my “Getting your fill of” series Dave Shackleford recently posted an excellent blog entry titled “One for the n00bs”: http://daveshackleford.com/?p=277 It relates the security community to a...
View ArticleClik here to view.
Metasploit Blends in: New MSFPayload/ENcode
In Revision 7315 of the Metasploit Framework (SVN) a new option was added to MSFENCODE. Technically you always had the ability to do the following, but it required a bit of knowledge of the inner...
View ArticleClik here to view.
Why Room362?
(This post got lost in the intertubes and it took a bit to get back, Archive.org nor Google cache had it) I get this question all the time: “Why room362.com?” I have answered that question in a lot of...
View ArticleClik here to view.
A Simplified Astaro UTM now FREE to businesses
Disclaimer: I was given a demo license of the new free business product to break/review. No money has traded hands. This is my brutally honest opinion of the product. I’ve played with a gambit of...
View ArticleClik here to view.
Stop blaming the admins!
We (the security community) all know, and make fun of “Users”, and “Admins”. They are derogatory terms in our community. So much so, that they could almost be classified at curse words. (I can see the...
View ArticleClik here to view.
Brute-Forcing Compatibility
Idea came thanks to cktricky from: http://cktricky.blogspot.com/ A bunch of sites on the web give you different pages depending on the browser you use to view it. I know when I was a web developer...
View ArticleClik here to view.
SHODAN The Computer Search
If you haven’t seen it all over twitter yet, achillean released the “beta” of SHODAN yesterday. It’s a search engine of basically a nmap of the internet (ports 21, 22, 23 or 80 so far)....
View Article