+44 (0)113 3280104 | Email Us

Industry News

News and updates from the ethical security testing industry...

RSS Aircrack-ng

  • Lesser known features of Aircrack-ng
    I recently received an email suggesting to adding features to aircrack-ng. Even though most of the stuff can be found in the documentation, it might be worth talking about. Reading from compressed wordlistAircrack-ng can read words from a pipe, which is very convenient and you can use pretty much any program to generate words and […]
  • iw monitor mode flags
    Out of curiosity, I looked at iw to set monitor mode and it has the following flags:Pretty much all of them seem pretty self-explanatory but it's worth giving more details about each of them:fcsfail: FCS (Frame Check Sequence) is the checksum of the frame (CRC32), to make sure it was received correctly. By default, a driver should only […]

RSS Armored Packets

  • Massive WordPress Brute-Force Botnet Attack April 15, 2013
    SUMMARY As of April 9, 2013, multiple web hosting companies began seeing brute force, dictionary attacks against their WordPress Content Management System. Approximately 140,000 IPs have been seen attacking these systems. After successful login, the actors are installing several PHP scripts which execute shell commands, download files from www.marinabybloshotel.com that establish connections with an IRC […]
  • Security Awareness – Hold The Line March 20, 2013
    Yesterday began like all others, a good morning to my Twitter followers and a quick scan through the topics of others I follow. The topic of discussion that stood out, dividing our industry more often than any others got started; the belief, or lack thereof, in Security Awareness Training Programs being a benefit to organizations. […]

RSS BeEF – The Browser Exploitation Framework Blog

  • Mapping your LAN from a web browser: Introducing the Network extension for BeEF June 8, 2016
    Today's blog post brought to you by Brendan Coles:How many tabs do you have open in your browser right now? For how long have they been open - more than 10 minutes? Any one of them could have mapped your local networks and launched exploits against your outdated or misconfigured software.From the BeEF laboratory comes […]
  • Kali (formerly Backtrack) Linux & BeEF January 22, 2016
    Today's post is contributed by Ben Waugh (@bw_z).BeEF is preinstalled on Kali linux distributions, allowing you to quickly use BeEF as part of your security testing toolkit. Running BeEF in KaliKali packages BeEF within the beef-xss service which can either be started from the command line, or the pre-populated menu item under Kali-Linux > Exploitation Tools […]

RSS Carnal0wnage & Attack Research Blog

  • NTP/SNMP amplification attacks June 20, 2017
    I needed to verify a SNMP and NTP amplification vulnerability was actually working. Metasploit  has a few scanners for ntp vulns in the auxiliary/scanner/ntp/ntp_* and it will report hosts as being vulnerable to amplification attacks.msf auxiliary(ntp_readvar) > run[*] Sending NTP v2 READVAR probes to 1.1.1.1->1.1.1.1 (1 hosts)p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 13.0px Monaco; […]
  • Mentoring: On meeting your **Heroes** June 7, 2017
    Mentoring: On meeting your  **Heroes**I put heroes in asterisks because none of us have paparazzi following us around. I regularly use Val Smith's quote about even the most popular infosec person is like being a famous bowler.  Except for rare exceptions, no one outside of our community knows who we are. I've broken into at […]

RSS Command Line Kung Fu

  • Episode #180: Open for the Holidays! December 31, 2014
    Not-so-Tiny Tim checks in with the ghost of Christmas present: I know many of you have been sitting on Santa's lap wishing for more Command Line Kung Fu. Well, we've heard your pleas and are pushing one last Episode out before the New Year! We come bearing a solution for a problem we've all encountered. […]
  • Episode #179: The Check is in the Mail June 30, 2014
    Tim mails one in: Bob Meckle writes in: I have recently come across a situation where it would be greatly beneficial to build a script to check revocation dates on certificates issued using a certain template, and send an email to our certificate staff letting them know which certificates will expire within the next 6 […]