Useful list of resources for people interested in Computer/Cyber Security, Hacking, Pen Testing, etc.
https://www.reddit.com/r/netsec/wiki/start
Includes online course, books, etc
Comment/Suggestion thread for it is http://www.reddit.com/r/netsec/comments/1l9l70/getting_started_in_information_security/
Showing posts with label Pen Testing. Show all posts
Showing posts with label Pen Testing. Show all posts
Wednesday, January 21, 2015
Monday, August 11, 2014
Def Con 21: "Pentesting with an Army of Low-power Low-cost Devices"
Couldn't go to Def Con 22, waiting for vods to come out, so started watching some of the Def Con 21 Youtubes in the meanwhile.
I like this one about Pen Testing with cheap Arm devices by Dr. Philip Polstra aka Dr. Phil the Hacker his Twitter is ppolstra | https://twitter.com/ppolstra.
He uses the BeagleBoard Black as the starting point for his hardware.
Some useful links:
- Current version that's available BeagleBone Black Rev C - 4GB Flash - Pre-installed Debian https://www.adafruit.com/products/1876
- Jan Axelson was LVR.com now http://janaxelson.com/ ["The developer's resource for computer interfacing, especially USB, serial (COM) ports, mass storage, Ethernet and Internet for embedded systems, and the parallel port."]
- Xbee http://www.digi.com/xbee/
- The Deck [a full-featured penetration testing & forensics Linux distribution] for BeagleBone Black http://ppolstra.blogspot.com/2013/08/the-deck-for-beaglebone-black-has.html
- Installing Deck Youtube http://youtu.be/98kbOKuInv4?t=1m18s
- BeagleBoard site http://beagleboard.org/
- BeagleBoard Black site http://beagleboard.org/black
- Wikipedia on BeagleBoard http://en.wikipedia.org/wiki/BeagleBoard
- Wikipedia on Xbee http://en.wikipedia.org/wiki/XBee
These labels can be booked marked so you can just check topics your interested in, so for more posts like this you could click on:
Monday, May 5, 2014
Pen Testing: Pwnie Express new Nexus 5 based phone
1/13/15 Updated link to software download page due to changes on Pwnie Express site: new link to download page, confusingly labelled IMHO "Community" is https://www.pwnieexpress.com/community/
Pwnie Express is a pretty awesome company, https://www.pwnieexpress.com/, you have probably heard of their Pwn Plug even if you don't recognize the company's name.
They have a new Pen Testing phone out called: Pwn Phone 2014
Product link https://www.pwnieexpress.com/penetration-testing-vulnerability-assessment-products/sensors/pwn-phone-2014-penetration-testing-phone/
They aren't cheap, but Pwnie Express also provides free downloads for the entire software suite they use in their products.
It usually take a little time for new product's software to be added, but they already have software for 2014 Pwn Pad, Nexus 7 based, available.
Download [Updated link 1/13/15] https://www.pwnieexpress.com/community/ if you want to use your existing Nexus 7, they should have the Nexus 5 download available in near future as well.
The downloads for DIY are listed under "Community Editions & Legacy Product Downloads"
If I can find the time this week, I will also track down current hardware accessories they offer, & update this post or make post dealing with accessories.
Meanwhile you can view hardware accessories I listed for the 2013 Pwn Pad http://cliffsesportcorner.blogspot.com/2013/02/pen-testing-pwn-pad-by-pwnie-express.html.
Probably newer options available for some of those products, but those should work.
Just click following labels for more blog posts on Pwnie Express or Pen Testing, labels can be found at bottom left of every blog post, easy way to find similar or related content.
Select labels can also be found in label cloud at left side of Blog.
XXXXXXX
Pwnie Express is a pretty awesome company, https://www.pwnieexpress.com/, you have probably heard of their Pwn Plug even if you don't recognize the company's name.
They have a new Pen Testing phone out called: Pwn Phone 2014
Product link https://www.pwnieexpress.com/penetration-testing-vulnerability-assessment-products/sensors/pwn-phone-2014-penetration-testing-phone/
They aren't cheap, but Pwnie Express also provides free downloads for the entire software suite they use in their products.
It usually take a little time for new product's software to be added, but they already have software for 2014 Pwn Pad, Nexus 7 based, available.
Download [Updated link 1/13/15] https://www.pwnieexpress.com/community/ if you want to use your existing Nexus 7, they should have the Nexus 5 download available in near future as well.
The downloads for DIY are listed under "Community Editions & Legacy Product Downloads"
If I can find the time this week, I will also track down current hardware accessories they offer, & update this post or make post dealing with accessories.
Meanwhile you can view hardware accessories I listed for the 2013 Pwn Pad http://cliffsesportcorner.blogspot.com/2013/02/pen-testing-pwn-pad-by-pwnie-express.html.
Probably newer options available for some of those products, but those should work.
Just click following labels for more blog posts on Pwnie Express or Pen Testing, labels can be found at bottom left of every blog post, easy way to find similar or related content.
Select labels can also be found in label cloud at left side of Blog.
Sunday, February 24, 2013
Pen Testing: Pwn Pad by Pwnie Express
Update 1/13/15: Link to free software download for those who already have hardware, found in the confusingly labeled IMHO "Community" section of Pwnie Express site https://www.pwnieexpress.com/community/
XXXXXXXXX
Pwnie Express, the same people that brought us the Pwn Plug http://arstechnica.com/business/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/ or http://pwnieexpress.com/products/pwnplug-elite has a new, very cool piece of gear out they are calling the Pwn Pad.
Best review I have seen so far is by Wired http://www.wired.com/wiredenterprise/2013/02/pwnpad/, most of the other online reviews seem to be based on Wired's article.
The Pwn Pad is a 7" Android Tablet running Android OS 4.2 and Ubuntu 12.04.
They include some interesting hardware accessories with the Tablet, a OTG cable, so the tablet can have a functioning USB port, which allows you to use the included SENE Parani-UD100 USB Bluetooth dongle.
This isn't typical Bluetooth device, it has a 300 meter range with the standard external antenna included with the Pwn Pad, but with optional patch antenna it had up to a 1000m meter range, a full kilometer!
Link for buying SENE Parani UD100 USB dongle http://www.lemosint.com/bluetooth/bluetooth_serial_adapter_details.php?itemID=612
Link for optional antennas & other options for the SENE dongle http://www.lemosint.com/bluetooth/bluetooth_serial_adapters_accessories.php
They also include a TP-LINK TL-WN722N Wireless N150
, I am including these links so people can check specs of included accessories.Also including those links for the DIY people, since according to Digital Trends http://www.digitaltrends.com/mobile/nexus-7-android-hacking-tablet-pwnie-express/, "Pwnie Express is also going to release the source code, allowing for hackers to install it onto other Android devices than the Pwn Pad."
Update 1/13/15: Link to free software download for those who already have hardware, confusingly labeled IMHO "Community" section of Pwnie Express site https://www.pwnieexpress.com/community/
So if you want to make your own Pen Testing Android Table, you will have list of resources needed.
Or you can preorder the Pwn Pad at http://pwnieexpress.com/products/pwnpad
From Pwnie Express link at top of post; Features, Accessories, & Tool Kit:
Core Features
- Android OS 4.2 and Ubuntu 12.04
- Large screen, Powerful battery
- OSS-Based Pentester Toolkit
- Long Range Wireless Packet Injection
- TP-Link TL-WN722N (atheros usb wifi)
- Sena UD100 (Bluetooth USB)
- USB Ethernet
- OTG cable (USB host mode)
TOOLKIT INCLUDES:
Wireless Tools
Bluetooth Tools:
|
Network Tools
|
Monday, February 11, 2013
Security & Hacking: Facebook's Computer Emergency Response Team
Very cool story IMO http://arstechnica.com/security/2013/02/at-facebook-zero-day-exploits-backdoor-code-bring-war-games-drill-to-life/
Note FBI connection.
I think software companies, online businesses, etc should use Red Teams a lot more than they seem to do now.
I think people should also think about the connection to Red Team type exercises and gaming, really the same basic principle or concept at the core.
Your testing yourself against a real opponent, and pushing yourself to improve, a very necessary step if you want more than mediocre performance regardless of the field involved.
A big part of management, is understanding motivation, and applying that understanding to benefit the performance of your company.
Pay is a factor, but for most people, pay isn't the biggest factor, you need to pay people enough, but after that requirement is met, things like Task Significance, Autonomy, Feedback, being Appreciated, and so forth.
If your not familiar with this, http://en.wikipedia.org/wiki/Job_satisfaction is a good place to start.
Or http://en.wikipedia.org/wiki/Quality_of_working_life
Note FBI connection.
I think software companies, online businesses, etc should use Red Teams a lot more than they seem to do now.
I think people should also think about the connection to Red Team type exercises and gaming, really the same basic principle or concept at the core.
Your testing yourself against a real opponent, and pushing yourself to improve, a very necessary step if you want more than mediocre performance regardless of the field involved.
A big part of management, is understanding motivation, and applying that understanding to benefit the performance of your company.
Pay is a factor, but for most people, pay isn't the biggest factor, you need to pay people enough, but after that requirement is met, things like Task Significance, Autonomy, Feedback, being Appreciated, and so forth.
If your not familiar with this, http://en.wikipedia.org/wiki/Job_satisfaction is a good place to start.
Or http://en.wikipedia.org/wiki/Quality_of_working_life
Saturday, February 2, 2013
Pen Testing & Hardware Hacking: Hacking Laptop Docking Station
http://www.darkreading.com/mobile-security/167901113/security/client-security/240147566/hacking-the-laptop-docking-station.html
Very slick idea, by NCC Group's Research Director Andy Davis.
NCC link http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/
I suspect Andy Davis prefers to exploit Hardware vulnerabilities, also found this notice about USB Mac Lion exploit discovered by him http://www.securityfocus.com/archive/1/524248/30/0/threaded
It is an "Arbitrary Code Execution (bug triggered by USB device insertion)."
I think (my opinion, no hard data to support) that providing security from Hardware Hacks like this, is a lot harder than defending against more common Computer threats like Phishing, Java exploits, weak passwords, etc.
Not objectively harder, but practically harder, because providing good security form Hardware Hacks requires people with skills from both Physical Security and Computer Security.
As well as budget support from upper management, the hardest type of support to secure.
The budget support is for good vetting and retention of cleaning personnel, I have mentioned this before in relation to hardware attacks,
It is difficult to convince higher management of the Security need to pay 3-5 times more than a business is used to for custodians.
Think Social Engineering attacks, or working as part of cleaning crew, would allow easy placement of device like this.
How many companies care enough about security to pay good wages to keep good, vetted, in house Custodians vs using a Contractor provided Cleaning Crew?
Those cleaning crews tend to have high turn over, additionally, because of the high turnover, they tend to have low standards for hiring.
They need to keep hiring people that won't be paid much or be treated with much respect, so they tend to hire many people that have problems (criminal records, drug/alcohol, etc).
Even if they use in house custodians, still tends to be a low pay, low status job, with a lot of turnover, and generally low standards for hire.
Remember, Custodians or Cleaning Crews tend to have physical access to entire company, heck they are normally given keys.
It is trivially easy for someone on Cleaning Crew to swap out a hacked dock with existing one, or install hardware keyloggers.
Very slick idea, by NCC Group's Research Director Andy Davis.
NCC link http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/
I suspect Andy Davis prefers to exploit Hardware vulnerabilities, also found this notice about USB Mac Lion exploit discovered by him http://www.securityfocus.com/archive/1/524248/30/0/threaded
It is an "Arbitrary Code Execution (bug triggered by USB device insertion)."
I think (my opinion, no hard data to support) that providing security from Hardware Hacks like this, is a lot harder than defending against more common Computer threats like Phishing, Java exploits, weak passwords, etc.
Not objectively harder, but practically harder, because providing good security form Hardware Hacks requires people with skills from both Physical Security and Computer Security.
As well as budget support from upper management, the hardest type of support to secure.
The budget support is for good vetting and retention of cleaning personnel, I have mentioned this before in relation to hardware attacks,
It is difficult to convince higher management of the Security need to pay 3-5 times more than a business is used to for custodians.
Think Social Engineering attacks, or working as part of cleaning crew, would allow easy placement of device like this.
How many companies care enough about security to pay good wages to keep good, vetted, in house Custodians vs using a Contractor provided Cleaning Crew?
Those cleaning crews tend to have high turn over, additionally, because of the high turnover, they tend to have low standards for hiring.
They need to keep hiring people that won't be paid much or be treated with much respect, so they tend to hire many people that have problems (criminal records, drug/alcohol, etc).
Even if they use in house custodians, still tends to be a low pay, low status job, with a lot of turnover, and generally low standards for hire.
Remember, Custodians or Cleaning Crews tend to have physical access to entire company, heck they are normally given keys.
It is trivially easy for someone on Cleaning Crew to swap out a hacked dock with existing one, or install hardware keyloggers.
Thursday, January 31, 2013
PSA Security & Hacking: UPnP (Universal Plug and Play ) Vulnerability
Security Now 389 "Unplug UPnP" links for audio downloads & etc http://twit.tv/show/security-now/389
[Edited to Add: Steve Gibson has UPnP exposure test in Shields up now! Thanks Steve!! https://twitter.com/SGgrc/status/297165652257554432]
CERT Note http://www.kb.cert.org/vuls/id/922681
US CERT "Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681.
US-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities.
US-CERT recommends that users and administrators review CERT Vulnerability Note VU#922681, disable UPnP (if possible), and restrict access to SSDP (1900/udp) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet." ~http://www.us-cert.gov/current/
Steve Gibson provides details on this issue, he also notes in the VOD above that he is going to add the capability to test for this Vulnerability to his ShieldsUP service/software.
ShieldsUP http://www.grc.com/x/ne.dll?rh1dkyd2
Problem with this, is even if you disable UPnP on your Router, it may still be enabled on the WAN (Internet) side.
Till Gibson gets this functionality added to ShieldsUP, not sure how most people could scan for it to be sure it was disabled on their routers.
Hard Core Nerds with correct tools could Pen Test individual Routers, but not aware of any practical way to test for people that don't have the skillset and tools for Pen Testing.
AFAIK the Rapid7 tool isn't stable/reliable, least it wasn't yeasterday for many people, it may have been patched since then, but not comfortable recommending it at this time.
I wouldn't trust vulnerability list from any Manufacturer on this, because it is a very bad case of stupid to have in the first place.
I haven't had enough time to find out if Tomato http://en.wikibooks.org/wiki/Tomato_Firmware#Supported_devices or DD WRT http://www.dd-wrt.com/site/index provide a guaranteed fix for this yet.
Wednesday, January 23, 2013
Security & Hacking: Project Ophelia PC on USB Stick
Official links: http://content.dell.com/us/en/corp/d/secure/2013-01-08-dell-wyse-ultra-compact-cloud-client.aspx or http://www.wyse.com/about/press/release/2377
Articles:
http://arstechnica.com/information-technology/2013/01/is-dell-looking-to-kill-pcs-with-project-ophelia/
http://www.computerworld.com/s/article/9236035/A_new_computer_that_defies_category
http://www.infoworld.com/t/thin-clients/meet-ophelia-dells-50-plug-in-cloud-based-pc-challenger-211031
Not sure if this makes sense for business or not, it is intended for thin clients, http://en.wikipedia.org/wiki/Thin_client. There are Pros and Cons to that approach, way real old school computers were used.
[Personally I think a dispersed mesh network of powerful but very small devices is the more likely future of computing, but that is topic for another day.]
Project Ophelia has a lot of applications for Pen Testing or Hacking though IMO.
You might need to Hack the device a bit, but note while it is using Android to start with, they are planning on offering it with various OS's if I understand correctly.
According to some of the news articles, they are aiming at $50 price, so it would be cheap.
According to the ComputerWorld article (though not sure where they got the info, CES maybe?) specs are as follows: "The device will run Android OS Jelly Bean, have 8GB of memory to support applications, music, video and presentations, and a microSD slot up to 32GB of storage."
Articles:
http://arstechnica.com/information-technology/2013/01/is-dell-looking-to-kill-pcs-with-project-ophelia/
http://www.computerworld.com/s/article/9236035/A_new_computer_that_defies_category
http://www.infoworld.com/t/thin-clients/meet-ophelia-dells-50-plug-in-cloud-based-pc-challenger-211031
Not sure if this makes sense for business or not, it is intended for thin clients, http://en.wikipedia.org/wiki/Thin_client. There are Pros and Cons to that approach, way real old school computers were used.
[Personally I think a dispersed mesh network of powerful but very small devices is the more likely future of computing, but that is topic for another day.]
Project Ophelia has a lot of applications for Pen Testing or Hacking though IMO.
You might need to Hack the device a bit, but note while it is using Android to start with, they are planning on offering it with various OS's if I understand correctly.
According to some of the news articles, they are aiming at $50 price, so it would be cheap.
According to the ComputerWorld article (though not sure where they got the info, CES maybe?) specs are as follows: "The device will run Android OS Jelly Bean, have 8GB of memory to support applications, music, video and presentations, and a microSD slot up to 32GB of storage."
Tuesday, December 4, 2012
Security & Hacking: USB Stick Pen Tool that emulates Keyboard
http://www.pcpro.co.uk/blogs/2012/12/04/the-usb-stick-that-turns-into-a-keyboard/
I find this hardware very interesting, I wonder if they got the idea from Yubikey?
http://www.yubico.com/faq/why-does-the-yubikey-act-as-a-keyboard/
Not mentioned in the PC Pro article, but rather in the Yubikey link, it mentions that even USB ports that are shut down to USB flashdrives will run Yubikey, since it looks like a Keyboard to the computer.
I suspect this USB stick hack would work in the same situations, were USB ports are locked down to USB flashdrives, the computer would see a keyboard.
So the hack would still work.
Giving you remote access.
Think Social Engineering attacks, or working as part of cleaning crew, would allow easy placement of device like this.
Speaking of Cleaning Crew or Custodians, how many companies care enough about security to pay good wages to keep good, vetted, in house custodians vs using a contractor?
Or even if they use in house custodians, still tends to be a low pay, low status job, with a lot of turnover, and generally low standards for hire.
I find this hardware very interesting, I wonder if they got the idea from Yubikey?
http://www.yubico.com/faq/why-does-the-yubikey-act-as-a-keyboard/
Not mentioned in the PC Pro article, but rather in the Yubikey link, it mentions that even USB ports that are shut down to USB flashdrives will run Yubikey, since it looks like a Keyboard to the computer.
I suspect this USB stick hack would work in the same situations, were USB ports are locked down to USB flashdrives, the computer would see a keyboard.
So the hack would still work.
Giving you remote access.
Think Social Engineering attacks, or working as part of cleaning crew, would allow easy placement of device like this.
Speaking of Cleaning Crew or Custodians, how many companies care enough about security to pay good wages to keep good, vetted, in house custodians vs using a contractor?
Or even if they use in house custodians, still tends to be a low pay, low status job, with a lot of turnover, and generally low standards for hire.
Monday, October 29, 2012
Nerd News: Valve Linux Beta
http://blogs.valvesoftware.com/linux/
Valve is beta testing Linux.
I know a lot of Nerds are excited about this, I am interested, though I am just getting into Linux myself.
Motivation for me is to get my old XP machines back into use, and also for security using Live CD, thinking I will probably study pen testing a bit as well.
Don't think I will get very serious about doing pen testing myself, but it will help a lot for understanding computer security.
Valve is beta testing Linux.
I know a lot of Nerds are excited about this, I am interested, though I am just getting into Linux myself.
Motivation for me is to get my old XP machines back into use, and also for security using Live CD, thinking I will probably study pen testing a bit as well.
Don't think I will get very serious about doing pen testing myself, but it will help a lot for understanding computer security.
Friday, August 31, 2012
PSA | Security & Hacking: Java Patch has critcal bug(s?)
See Ars link for full details http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/
In case you missed it, this patch was out of cycle on released yesterday to deal with this Zero Day Java Exploit
At this point I am joining lot of other people in recommending disabling Java from all the browsers you use.
AFAIK using Java on your computer, but not with Browser, like to play Minecraft should be okay, I have heard had more than one computer professional say that.
If there are online services that you need to use for work, or whatever, that require Java in Browser you can do several things:
See Also:
In case you missed it, this patch was out of cycle on released yesterday to deal with this Zero Day Java Exploit
At this point I am joining lot of other people in recommending disabling Java from all the browsers you use.
AFAIK using Java on your computer, but not with Browser, like to play Minecraft should be okay, I have heard had more than one computer professional say that.
If there are online services that you need to use for work, or whatever, that require Java in Browser you can do several things:
- Ask that company if they have any Java alternatives, or if they are working on alternatives because of the Security risks of Java.
- Use a second browser only for the sites that you have to use Java for, make sure you keep it patched (most of the mainstream browsers now disable Java if you don't have current version installed)!
- Disable Java on your browser and only turn it on when needed, then turn it off again.
See Also:
- http://krebsonsecurity.com/2012/08/java-exploit-leveraged-two-flaws/
- http://krebsonsecurity.com/2012/08/security-fix-for-critical-java-flaw-released/
- http://nakedsecurity.sophos.com/2012/08/30/oracle-releases-out-of-cycle-fixes-for-java/
- For more of my Blog Posts similar to this one, click on one of these labels: Security, Hacking, Password Cracking, or Pen Testing.
Tuesday, August 28, 2012
Security & Hacking: "How I cracked my neighbor's WiFi password without breaking a sweat"
http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/
Very good article, though written for average person, there is higher level information available in many of the Comments, it clearly shows how easy it is to hack many things average people think are secure.
Also, since the author of that Ars article was using online software services (ie software that ran on servers, not on author's computer) he didn't need much of a computer to do this.
For those new to Pen Testing and Password Strength (Security?) he was basically using a dictionary of words and common passwords.
The term "Dictionary" sometimes throws people, they don't mean Websters or OED, rather it is a list based on previously cracked passwords.
Millions of cracked passwords, so current Hacker's Dictionaries tend to be pretty representative of any password that a person picks out!
If you can remember it, it is a very bad password, you should be using some tiype of password keeper, and using the generate random password feature that all the good password keepers offer.
I plan to do a post in the near future on Password Keepers, but there are a lot of choices out there, many are free.
For similar Blog Posts, click on one of these labels: Security, Hacking, Password Cracking, or Pen Testing.
Selected Labels can be found in label cloud at left side of blog, and every blog post has labels at bottom left of post.
Specific posts on Cliff's Esport Corner (aka Cliffs_esports_corner in some chat rooms) can be found best by using Google with query term and Cliff's Esport Corner in your Google search.
Very good article, though written for average person, there is higher level information available in many of the Comments, it clearly shows how easy it is to hack many things average people think are secure.
Also, since the author of that Ars article was using online software services (ie software that ran on servers, not on author's computer) he didn't need much of a computer to do this.
For those new to Pen Testing and Password Strength (Security?) he was basically using a dictionary of words and common passwords.
The term "Dictionary" sometimes throws people, they don't mean Websters or OED, rather it is a list based on previously cracked passwords.
Millions of cracked passwords, so current Hacker's Dictionaries tend to be pretty representative of any password that a person picks out!
If you can remember it, it is a very bad password, you should be using some tiype of password keeper, and using the generate random password feature that all the good password keepers offer.
I plan to do a post in the near future on Password Keepers, but there are a lot of choices out there, many are free.
For similar Blog Posts, click on one of these labels: Security, Hacking, Password Cracking, or Pen Testing.
Selected Labels can be found in label cloud at left side of blog, and every blog post has labels at bottom left of post.
Specific posts on Cliff's Esport Corner (aka Cliffs_esports_corner in some chat rooms) can be found best by using Google with query term and Cliff's Esport Corner in your Google search.
Wednesday, August 22, 2012
Security & Hacking: "Cracking passwords from the Philips hack - an important lesson"
Excellent article by Paul Ducklin, over on Sophos' Naked Security Blog "Cracking passwords from the Philips hack - an important lesson"
Read the comments as well!
For more posts on Security & Hacking click on one of the following Labels:
Security
Password Cracking
Pen Testing
Hacking
Read the comments as well!
For more posts on Security & Hacking click on one of the following Labels:
Security
Password Cracking
Pen Testing
Hacking
Tuesday, August 21, 2012
Nerd Gear: AMD Radeon HD 7800 price cuts
See Anandtech link for details http://www.anandtech.com/show/6175/amd-radeon-hd-7800-series-price-cuts-new-game-bundle-inbound
If you have some good but less well know online sites for buying GPU's feel free to post link in comments section, spam will be deleted, and I figure everyone knows about places like Newegg.
Thinking there have to be some good but less well known sites out there.
If you have some good but less well know online sites for buying GPU's feel free to post link in comments section, spam will be deleted, and I figure everyone knows about places like Newegg.
Thinking there have to be some good but less well known sites out there.
Security & Hacking: "Why passwords have never been weaker—and crackers have never been stronger"
Really good article from Ars http://arstechnica.com/security/2012/08/passwords-under-assault/, and as always with Ars articles, you can find some exceptional bits of information buried in comments section.
Another password cracking you should read is Lessons Learned from Cracking 2 Million LinkedIn Passwords.
For more click one of the these Labels:
Those Labels and more can be found at bottom left of Blog post, selected Labels can be found in Label Cloud at left side of blog, space limitations there, but I am always open to feedback for labels that should be added or removed from the Label Cloud.
If your looking for something specific on my blog, best way is just to add query term to Cliff's Esport Corner in a google search.
I tested the google search widget for the blog but it didn't work as well as normal google so I removed it.
Another password cracking you should read is Lessons Learned from Cracking 2 Million LinkedIn Passwords.
For more click one of the these Labels:
Those Labels and more can be found at bottom left of Blog post, selected Labels can be found in Label Cloud at left side of blog, space limitations there, but I am always open to feedback for labels that should be added or removed from the Label Cloud.
If your looking for something specific on my blog, best way is just to add query term to Cliff's Esport Corner in a google search.
I tested the google search widget for the blog but it didn't work as well as normal google so I removed it.
Wednesday, August 15, 2012
Security & Hacking: "Security Flaw in Dirt Jumper Family of DDoS Toolkits Exposes Attacker’s Own Database"
Report from distributed denial of service (DDoS) mitigation service providerSecurity Flaw in Dirt Jumper Family of DDoS Toolkits Exposes Attacker’s Own Database, is linked from Ars "White hats publish DDoS hijacking manual, turn tables on attackers" they (Ars) cover the story in more depth than normal.
Links of Interest:
Links of Interest:
- Dirt Jumper DDoS Toolkit Vulnerability Disclosure Report http://www.prolexic.com/company/news-events/news-events-pr-dirt-jumper-vulnerability-and-pandora-ddos-threat.html
- "Open source penetration testing tool" http://sqlmap.org/
- My Blog posts on Hacking, Pen Testing, or Security those labels and others can be found at bottom left of this post, selected Labels can also be found in Label cloud at left side of Blog, otherwise best way to find something on my blog is via Google, just search for "Cliff's Esport Corner" + "Query Term" you don't need the plus symbol
Monday, July 23, 2012
Nerd Gear: Pen Testing & Hacking Tool the "Power Pwn"
Check out the Power Pwn, a very low key but powerful Pen Testing tool, you can preorder now, but they are not expecting delivery till September/October this year.
It isn't cheap either, but then Security seldom is, for good security you have to spend a significant amount of time or money, generally both.
It isn't cheap either, but then Security seldom is, for good security you have to spend a significant amount of time or money, generally both.
Wednesday, June 27, 2012
Nerd Gear: Nexus 7 pen testing tablet?
Think all my security research has me thinking like a hacker, first thing I thought when I saw/heard the specs for Google's new Android Tablet from ASUS the Nexus 7, since it has 12 core GPU!
Some Nexus 7 links:
The Verge
Tech Radar
Google Play (ie offical Google store you can buy here $199 8GB or $249 for 16 GB)
If any hard core computer nerds can tell me, would this be useful for Pen Testing/Password Cracking with the 12 Core GPU?
Some Nexus 7 links:
The Verge
Tech Radar
Google Play (ie offical Google store you can buy here $199 8GB or $249 for 16 GB)
If any hard core computer nerds can tell me, would this be useful for Pen Testing/Password Cracking with the 12 Core GPU?
Subscribe to:
Posts (Atom)