Showing 32 results for: December 2012 ×

Be Off the Beaten XPath, Go Blind

XPath (XML Path Language) is a language used to query XML documents in order to extract data. XML files are commonly used to store information on the server and particularly configuration settings. There are some small application that would manipulate...

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've had the makings of a career consultant - different client each week, different city, different nature of work. It's been a long...

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore with out...

Getting Terminal Access to a Cisco Linksys E-1000

Over the past couple weeks, I've been spending a lot of time hacking on various embedded devices to figure out how they work and perhaps identify a couple vulnerabilities in the process. One of the fun parts about this experimentation...

SpiderLabs Radio December 28, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers breeches at the Council of Foreign Relations, Fort Monmouth, and RBS Banks mobile app. Sony lost Michael Jackson. The Verizon breech that wasn't....

SpiderLabs Radio December 21, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers a password resetter who gets 10 years, Samsung flaw risks Android, Bulgaria bust 56, Android botnets, Sweet Orange, Carberp, Anon hits WBC, Risks...

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and Security B-Sides Seattle. The combination of some of those talks succeeded in keeping some persistent issues alive in the hopes of finding a solution....

TrustKeeper Scan Engine Update - December 18, 2012

We're proud to announce we've just completed the one thing that's on everyones' holiday wish list this year: the latest update to the TrustKeeper Scan Engine! This release includes several performance enhancements, as well 52 new vulnerability tests for major...

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a corporation's networks should be how to analyze network capture files (PCAP files) obtained from sniffers. Putting a sniffer on the network can not...

You down with LNK?

Oftentimes on an Internal pen test, I find myself with a limited-privilege domain user account. On a recent test, I got ahold of an account like this through various means of hackery. It didn't have local admin anywhere, it wasn't...

Abusing the Android Debug Bridge

The android debug bridge (or ADB for short) is a valuable tool, it is what allows smart phone tinkerers unobstructed access to their device for customization. This said, the debug bridge has a major caveat of being too easily left...

SpiderLabs Radio December 14, 2012 w/ Space Rogue

We are back with another episode of SpiderLabs Radio hosted by Space Rogue. This weeks news covers the freedom of Gary McKinnon, ExploitHub exploited, Ghost in the Shell, App verifier unverified, RANSOMWARE, Patch Tuesday, Niagra SCADA, The Mother of All...

My 5 Top Ways to Escalate Privileges

During a penetration test, rarely will the tester get access to a system with the administrator privileges in the first attempt. You are almost always required to use privilege escalation techniques to achieve the penetration test goals. Several people have...

Abusing SAP Servers

During some recent penetration tests I have noticed that large companies have many similarities in their IT infrastructures. One of the things that caught my attention was that quite a few of these companies have SAP systems on their networks....

The Dexter Malware: Getting Your Hands Dirty

A very interesting piece of malware that targets Point of Sale systems has recently surfaced in the malware community. As a guy who frequently reverses malware that targets card data (aka. Track data), this caused me to take notice. Before...