Introduction
Detecting a compromise can be difficult. When it comes to intrusion detection, the more information and sources a sysadmin has at their disposal - the better. Fortunately for us, Google has created a tool called "Google Alerts" that inadvertently gives us the capability to monitor for intrusions in a few ways.
Sunday, January 6, 2013
Friday, January 4, 2013
Cracking Unix Password Hashes with John the Ripper (JTR)
Introduction
This post will serve as an introduction to password cracking, and show how to use the popular tool John-the-Ripper (JTR) to crack standard Unix password hashes. I am also working on a follow-up post that will provide a far more comprehensive look at password cracking techniques as well as the different tools employed (as well as their pros/cons).
This post will serve as an introduction to password cracking, and show how to use the popular tool John-the-Ripper (JTR) to crack standard Unix password hashes. I am also working on a follow-up post that will provide a far more comprehensive look at password cracking techniques as well as the different tools employed (as well as their pros/cons).
Sunday, December 30, 2012
Automated Open Source Intelligence (OSINT) Using APIs
Introduction
The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement. In this post, we will discuss what Open Source Intelligence (OSINT) is and why it takes so much time, as well as ways we can use various application programming interfaces (APIs) to automate much of this process for us. Hopefully this post will help shed light on the importance of proper privacy settings, and the threat of automated information gathering due to APIs.
The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement. In this post, we will discuss what Open Source Intelligence (OSINT) is and why it takes so much time, as well as ways we can use various application programming interfaces (APIs) to automate much of this process for us. Hopefully this post will help shed light on the importance of proper privacy settings, and the threat of automated information gathering due to APIs.
Thursday, November 1, 2012
OvertheWire - Natas Wargame Level 14 Writeup
Level 14
Using the credentials obtained in the previous post, we can login to Level 14 where we are presented with the following screen:
Using the credentials obtained in the previous post, we can login to Level 14 where we are presented with the following screen:
Tuesday, October 30, 2012
OvertheWire - Natas Wargame Level 13 Writeup
Level 13
Using the credentials obtained in the previous post, we can log in to Level 13, where we are presented with the following:
OvertheWire - Natas Wargame Level 12 Writeup
Level 12
Using the credentials obtained from the previous post, we can log in to Level 12 where we are presented with the following screen:
OvertheWire - Natas Wargame Level 11 Writeup
Level 11
Using the credentials obtained from the previous post, we can log in to Level 11 where we are presented with the following screen:
Using the credentials obtained from the previous post, we can log in to Level 11 where we are presented with the following screen:
Subscribe to:
Posts (Atom)