Are you over 18 and want to see adult content?
More Annotations
A complete backup of slicingupeyeballs.com
Are you over 18 and want to see adult content?
A complete backup of proflandschaft.ru
Are you over 18 and want to see adult content?
A complete backup of schouwburgamstelveen.nl
Are you over 18 and want to see adult content?
Favourite Annotations
Haustiermagazin - Der Ratgeber für Dein Tier.
Are you over 18 and want to see adult content?
Money Matters | All Management Articles
Are you over 18 and want to see adult content?
Boostnote | Boost Happiness, Productivity, and Creativity.
Are you over 18 and want to see adult content?
Dolphin Watch Cruises Jervis Bay | Huskisson
Are you over 18 and want to see adult content?
Corfu-Shop - Ihr Portal für Produkte aus Korfu und Griechenland
Are you over 18 and want to see adult content?
Barcelona Modern - Barcelona Modern
Are you over 18 and want to see adult content?
Playbuzz: Authoring Platform for Interactive Storytelling
Are you over 18 and want to see adult content?
فروشگاه اینترنتی لوازم ورزشی و دیجیتال - مارکتستان
Are you over 18 and want to see adult content?
Text
Macbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » CREATING SSL CERTIFICATE REQUESTS USING CERTREQ.EXE AND This post picks up on my last about creating and authorizing an internal certificate authority. We are going to shift gears a bit and start looking at how to use this newfound infrastructure. There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows. However, there are Creating SSL Certificate Requests Using Certreq.exe and Enable INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More »SECUREIDEAS.COM
secureideas.com
XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More » PROFESSIONALLY EVIL INSIGHTS A Hacker’s Tour of the X86 CPU Architecture. Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newerMacbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » CREATING SSL CERTIFICATE REQUESTS USING CERTREQ.EXE AND This post picks up on my last about creating and authorizing an internal certificate authority. We are going to shift gears a bit and start looking at how to use this newfound infrastructure. There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows. However, there are Creating SSL Certificate Requests Using Certreq.exe and Enable INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More »SECUREIDEAS.COM
secureideas.com
XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser CREATING SSL CERTIFICATE REQUESTS USING CERTREQ.EXE AND This post picks up on my last about creating and authorizing an internal certificate authority. We are going to shift gears a bit and start looking at how to use this newfound infrastructure. There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows. However, there are Creating SSL Certificate Requests Using Certreq.exe and Enable USING COMPONENTS WITH KNOWN VULNERABILITIESWhen dealing with
cyber vulnerabilities, there are lots of threats that are unknown and ever changing that can put users at risk. We often hear about the latest zero-day to wreak havoc with its clever name. But not all threats come from unexpected sources. Many originate Using Components with Known Vulnerabilities Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user SECURITY CONCERNS AROUND REMOTE EMPLOYEES In the cloud-based economy, businesses of every size are hiring remote employees. Remote employees may decrease their capital costs, free the business from location limitations, and provide many of the intangible benefits of remote working. The increased number of employees working from diverse locations on a growing number of devices create several issues a business Security INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More » SILENCING FIREFOX'S CHATTINESS FOR WEB APP TESTING Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly making requests out to the internet for things like updates, checking network status, and sending telemetry data back to Mozilla. When using Firefox for web app testing, I’ve often noticed the constant stream of additional requests that get in Silencing Firefox’s Chattiness for Web App PATCHING BINARIES WITH BACKDOOR FACTORY BDF has also recently added the -m flag where you can specify the patching method. While BDF will default to patching a binary manually, you can use the flag -m automatic and Backdoor factory will automatically select the best code caves to use without any further user interaction as seen below.DECODING F5 COOKIE
The first step in decoding an F5 cookie is to identify it. The following response header is an example of an F5 cookie being set: Set-Cookie: BIGipServerApp_Pool_SSL=839518730.47873.0000; path=/. The name of the cookie will probably be slightly different, but is should be similar and the value will be 3 values separated by periods. WEB PENETRATION TESTING WITH BURP AND CO2 Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of Web Penetration Testing with Burp and CO2 Read More »SECURE IDEAS
Secure Ideas - Professionally Evil Security Consulting PROFESSIONALLY EVIL INSIGHTS A Hacker’s Tour of the X86 CPU Architecture. Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newerMacbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » CONVERTING NMAP XML FILES TO HTML WITH XSLTPROCAUTHOR: TRAVIS PHILLIPS NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit. This enables the scan data to be parsed by other tools such as Metasploit’s db_import or even NMAP’s own Zenmap GUI. While XML is great for parsing, it’s not really easy for humans to Converting NMAP XML Files to HTML with xsltproc Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS Policy Gap Analysis: Filling the Gaps. In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide aSECUREIDEAS.COM
secureideas.com
SECURE IDEAS
Secure Ideas - Professionally Evil Security Consulting PROFESSIONALLY EVIL INSIGHTS A Hacker’s Tour of the X86 CPU Architecture. Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newerMacbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » CONVERTING NMAP XML FILES TO HTML WITH XSLTPROCAUTHOR: TRAVIS PHILLIPS NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit. This enables the scan data to be parsed by other tools such as Metasploit’s db_import or even NMAP’s own Zenmap GUI. While XML is great for parsing, it’s not really easy for humans to Converting NMAP XML Files to HTML with xsltproc Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS Policy Gap Analysis: Filling the Gaps. In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide aSECUREIDEAS.COM
secureideas.com
SECURE IDEAS
Secure Ideas - Professionally Evil Security Consulting BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » FIDDLING WITH WINDOWS: PROXY TOOLS FOR WIN10 If you have been following along with us, you know how to set up a Windows 10 Virtual Machine (VM) for web app pentesting. But now we have run into another problem. Let’s say that same client throws in a Windows 10 desktop app in scope. (You know, cause last minute changes never happen during Fiddling with Windows: Proxy tools forWin10 Read More »
CREATING SSL CERTIFICATE REQUESTS USING CERTREQ.EXE AND This post picks up on my last about creating and authorizing an internal certificate authority. We are going to shift gears a bit and start looking at how to use this newfound infrastructure. There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows. However, there are Creating SSL Certificate Requests Using Certreq.exe and Enable INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More » WEB PENETRATION TESTING WITH BURP AND CO2 Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of Web Penetration Testing with Burp and CO2 Read More » REVERSING TYPE 7 CISCO PASSWORDS While working on a recent pen test, I came across a few Cisco routers sitting on an internal network. The fact that they were using default cisco/cisco credentials made me cry a little inside, but wait, it gets worse So I’m in the router, reviewing the running config, and I notice something interesting. Note that Reversing Type 7 Cisco Passwords Read More » USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More » XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » SANS MOBILE SUMMIT 2013 RECAP SANS Mobile Summit 2013 Recap. June 3, 2013. March 19, 2021. / By Alex Rodriguez. So I just got back from the SANS Mobile Security Summit where I was the chair. The event was a blast and even though I am biased, I think that we had a number of great speakers. This was the second annual summit and I am already looking forward to next years! PROFESSIONALLY EVIL INSIGHTS A Hacker’s Tour of the X86 CPU Architecture. Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newerMacbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS Policy Gap Analysis: Filling the Gaps. In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide a USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More »SECUREIDEAS.COM
secureideas.com
INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More » XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » PROFESSIONALLY EVIL INSIGHTS A Hacker’s Tour of the X86 CPU Architecture. Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newerMacbooks
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS Policy Gap Analysis: Filling the Gaps. In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide a USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More »SECUREIDEAS.COM
secureideas.com
INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More » XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » INTRODUCTION TO WIRELESS SECURITY WITH AIRCRACK-NG Introduction to Wireless Security with Aircrack-ng Today we’re going to walk through a few WiFi testing examples using Aircrack-ng, which is a suite of wireless network security tools. It allows us to monitor and export packet data, attack access points and clients, and crack WEP and WPA keys. I’ve included some links at the Introduction to Wireless Security with Aircrack-ng Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user PROXYING HTTPS TRAFFIC WITH BURP SUITE This is easy to fix. All we need to do is tell our browser that the Burp CA can be trusted. Because every new installation of Burp generates a different CA, this doesn't create a risk of somebody else intercepting your traffic surreptitiously with their Burp instance. The actual steps to perform this vary slightly by operating system. INTRODUCTION TO LAUDANUM As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The best consultants have the know-how to understand which tool to use in which scenario. Imagine if during a penetration test I used SQLMap to look for CSRF Introduction to Laudanum Read More » USING COMPONENTS WITH KNOWN VULNERABILITIESWhen dealing with
cyber vulnerabilities, there are lots of threats that are unknown and ever changing that can put users at risk. We often hear about the latest zero-day to wreak havoc with its clever name. But not all threats come from unexpected sources. Many originate Using Components with Known Vulnerabilities Read More » SECURITY CONCERNS AROUND REMOTE EMPLOYEES In the cloud-based economy, businesses of every size are hiring remote employees. Remote employees may decrease their capital costs, free the business from location limitations, and provide many of the intangible benefits of remote working. The increased number of employees working from diverse locations on a growing number of devices create several issues a business Security REVERSING TYPE 7 CISCO PASSWORDS While working on a recent pen test, I came across a few Cisco routers sitting on an internal network. The fact that they were using default cisco/cisco credentials made me cry a little inside, but wait, it gets worse So I’m in the router, reviewing the running config, and I notice something interesting. Note that Reversing Type 7 Cisco Passwords Read More » CREATING SSL CERTIFICATE REQUESTS USING CERTREQ.EXE AND This post picks up on my last about creating and authorizing an internal certificate authority. We are going to shift gears a bit and start looking at how to use this newfound infrastructure. There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows. However, there are Creating SSL Certificate Requests Using Certreq.exe and EnableDECODING F5 COOKIE
The first step in decoding an F5 cookie is to identify it. The following response header is an example of an F5 cookie being set: Set-Cookie: BIGipServerApp_Pool_SSL=839518730.47873.0000; path=/. The name of the cookie will probably be slightly different, but is should be similar and the value will be 3 values separated by periods. WEB PENETRATION TESTING WITH BURP AND CO2 Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of Web Penetration Testing with Burp and CO2 Read More » PROFESSIONALLY EVIL INSIGHTS Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » INTRODUCTION TO WIRELESS SECURITY WITH AIRCRACK-NG Introduction to Wireless Security with Aircrack-ng Today we’re going to walk through a few WiFi testing examples using Aircrack-ng, which is a suite of wireless network security tools. It allows us to monitor and export packet data, attack access points and clients, and crack WEP and WPA keys. I’ve included some links at the Introduction to Wireless Security with Aircrack-ng Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide a written definition of Policy Gap Analysis: Filling the Gaps Read More » USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More »SECUREIDEAS.COM
secureideas.com
PROFESSIONALLY EVIL INSIGHTS Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands GETTING STARTED WITH BEEF: THE BROWSER EXPLOITATION This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post. BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar Getting Started with BeEF: The Browser BETTER API PENETRATION TESTING WITH POSTMAN This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting Better API Penetration Testing with Postman – Part 1 Read More » INTRODUCTION TO WIRELESS SECURITY WITH AIRCRACK-NG Introduction to Wireless Security with Aircrack-ng Today we’re going to walk through a few WiFi testing examples using Aircrack-ng, which is a suite of wireless network security tools. It allows us to monitor and export packet data, attack access points and clients, and crack WEP and WPA keys. I’ve included some links at the Introduction to Wireless Security with Aircrack-ng Read More » A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording user BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » SSL CERTIFICATES: SETTING UP AND AUTHORIZING THE INTERNAL In this post, I wanted to give something directly to the Blue Teams out there. I also thought I would call us out a bit for sending mixed messages to our users. All too often we find internal websites using invalid SSL certificates when we are on an engagement. Almost every user awareness document or SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More » POLICY GAP ANALYSIS: FILLING THE GAPS In today’s world, something never seems to be true unless it is written down, and even then it is a guideline. In the business world there are policies that define how employees should present themselves as well as how company equipment can be used. The policies are important because they provide a written definition of Policy Gap Analysis: Filling the Gaps Read More » USING A THROWING STAR TO CAPTURE PACKETS Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister is writing them. Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere. When I say bait, you guessed it, I really mean bait as in fishing bait. Earthworms and such. With everyone writing these Using a Throwing Star to Capture Packets Read More »SECUREIDEAS.COM
secureideas.com
BETTER API PENETRATION TESTING WITH POSTMAN In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. Better API Penetration Testing with Postman – Part 2 Read More » SECURE IDEAS ARCHIVES Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands A BRIEF INTRODUCTION TO MFA 2FA and MFA authentication are certainly a huge improvement over the traditional username and password only authentication of the past, but you should be aware that the primary technique used to attack 2FA protected sites is currently using a phishing approach (an email is sent to the user with a link that acts as a go-between passing all messages back and forth and recording userHASHING FUNCTIONS
Today we’re going to take a quick look at hashing functions, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between hashing, encryption, and encoding, so one of the purposes of this article is to help differentiate between them. To start , a hash function is Hashing Functions – CISSP Domain3 Read More »
DEFENDING AGAINST PASS-THE-HASH (PTH) ATTACKS Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, Defending Against Pass-the-Hash SECURITY CONCERNS AROUND REMOTE EMPLOYEES In the cloud-based economy, businesses of every size are hiring remote employees. Remote employees may decrease their capital costs, free the business from location limitations, and provide many of the intangible benefits of remote working. The increased number of employees working from diverse locations on a growing number of devices create several issues a business Security PATCHING BINARIES WITH BACKDOOR FACTORY When was the last time you downloaded a binary file from the Internet or grabbed one off of a network share that is used by your organization to store commonly used software? Did you verify the hash of that binary with the hash supplied by the official software distributors? If not then you could very Patching binaries with Backdoor Factory Read More » WEB PENETRATION TESTING WITH BURP AND CO2 Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training is scheduled for Thursday, January 8th, 2015 at 2pm EST. Portswigger’s Burp Suite is a very popular and flexible intercepting proxy tool among web application penetration testers. During this training session I will provide an overview of Web Penetration Testing with Burp and CO2 Read More » REVERSING TYPE 7 CISCO PASSWORDS While working on a recent pen test, I came across a few Cisco routers sitting on an internal network. The fact that they were using default cisco/cisco credentials made me cry a little inside, but wait, it gets worse So I’m in the router, reviewing the running config, and I notice something interesting. Note that Reversing Type 7 Cisco Passwords Read More » XBOX ONE - NETWORK SCANS AND TRAFFIC ANALYSIS This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some folks were very interested in what we are doing with the Xbox and I apologize for the delay. We decided to push back this post due Xbox One – Network Scans and Traffic Analysis Read More » This app works best with JavaScript enabled.Portal
Portal
Home Consulting Scout Training Community Contact UsRequest Quote
NEED STRATEGIC EXPERTISE? Let us help you build an elite application security team with SASTA!Learn about SASTAPENETRATION TESTING
Need expert penetration testing? Learn MoreSECURITY TRAINING
Webcasts, online training, and live training customized to yourneeds.Learn More
SEMI-AUTOMATED TESTING Leverage our Scout solutions for your automated vulnerabilityscanningLearn More
SECURITY CONSULTING
Need a security architecture review or gap analysis?Learn More Secure Ideas is a dedicated team of experts who are passionate about technology and information security. Our primary objectives are to help companies improve their security postures and to train the next generation of security professionals.Request Quote
PENETRATION TESTING AND CONSULTING Is your business or organization interested in engaging an expert team to assess your security? Whether you need our team to conduct a penetration test of your security controls, an assessment of your security architecture, or even a gap analysis to see how you match up against industry standards, our expert consultants can deliver. We have experience working across industries and welcome challenging scenarios.Learn More
SCOUT
Do headlines of IT breaches have you worried? Are you concerned your team might be missing something in the way of security? Our Scout services include hybrid solutions designed to frequently and regularly scan, assess, and identify vulnerabilities. We offer regular testing of internal and external networks, web applications, and users for resistance to social engineering.Learn More
SECURITY TRAINING
Do you want to improve your organization's security posture by educating your personnel? Or maybe you want to accelerate your career development in information security? Whatever your motivation is, we offer a training solution that fits your needs. Our training options presently include tailored training for organizations, live courses, recorded online material, and an interactive User Awareness Training application.Learn More
STILL HAVE
QUESTIONS?
Contact Us
Portal
Office Location
3412 Kori Rd.
Jacksonville, FL 32257, USA Contact InformationPhone: 1-866-404-7837 Email: info@secureideas.comDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0