del.icio.us

Discuss in Forums (25)

EH-Net Exclusive
First 4 Chapters of Daemon

WARNING: The following sample chapters contain adult content. Some content may be unsuitable for those under the age of 18. Those who are under 18, please visit www.disney.com. You have been duly warned.

del.icio.us

Discuss in Forums (7)

New book NOW AVAILABLE from our own wireless guru, Dan Hoffman!

New Radio Interview on Monday June 18.

Catch Dan and EH-Net Editor, Donald C. Donzal, live from 5:00 - 6:00 PM PST on the Computer Outlook Radio Program discussing Dan's book and ChicagoCon. If you miss it, find it in the Archives.

del.icio.us

Discuss in Forums (6)

Overview of Video

In this video we explore the revised MSFWeb interface for the Metasploit Framework 3.0. We specifically take a look at running "browser" exploits where you have to get the victim to connect back to your listening Metasploit instance. We'll use the ie_createobject exploit via the MSFweb GUI, and then we'll use the wmf_setabortproc exploit using the built in msfconsole (a new addition in MSFWeb 3.0). We'll also take a look at using custom meterpreter scripts; first to see if the victim is running in vmware and second, to clear the event logs.

Clear Event Log Scripts

clearseclog.rb
clearalllog.rb

Enjoy and keep an eye out for future videos. Feel free to post comments and suggestions for future videos.

Thanks,
Chris Gates

del.icio.us

Discuss in Forums (2)

By EH-Net Member Cutaway, GSEC-G, GSNA-G, GCUX-S, GAWN-C, and CISSP

Self-employed security professionals, or those who are involved with small businesses, will invariably find themselves conducting security assessments and penetration tests of Internet facing systems and services. These activities will happen through resources that are generally not as robust as those supplied to security professionals in medium and large organizations. The following is a list of a few items that a security team should take into consideration before performing security related activities under these conditions.

del.icio.us

Discuss in Forums (6)

By Daniel V. Hoffman, CISSP, CWNA, CEH

So, why write an article called "Cool and Illegal Wireless Hacks" that details how to perform hotspot hacks?  Some would say it is irresponsible and enables those with ill intent to hack unsuspecting victim's machines.  It really depends which way you look at it.  Would you rather be left in the dark on what types of attacks can occur, how they are performed and not know how to protect yourself against them?  Doing so would not make the threats go away; in part, you would simply be denying that they exist.  Surely, it is safer to be open and honest about the threats, understand how they can occur then become educated on and implement the appropriate countermeasures.  In large part, that is why my articles always detail not only how to perform the hacks, but really focus on how to protect against them.  The purpose is not to teach people how to hack, but rather to educate on how to prevent systems from being exploited.

Now, on with the hacks/cracks/techniques that you will hopefully find to be "cool," informative and which are most certainly illegal.

del.icio.us

Discuss in Forums (19)

By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Recently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. I thought that was just too much money for a quick internet connection, and my layover between flights was about 3 hours. I decided to see what I could access while connected to there AP.

Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. I hold no responsibility for any actions or damage that might accrue if you try anything explained in this paper. “Do not do this at home kids” hacking/cracking/pen testing might be harmful to your health.

del.icio.us

Discuss in Forums (3)

Incident handling is a specialized field which is done best after proper training, guidance and experience.  However, if you follow the six core steps to incident handling, you will have a better chance of recovering favorably from an unforeseen incident.  The example below is an actual incident I experienced recently.  I have outlined the steps taken as they pertain to the six steps of Incident Handling.

I offer up this outline not as an example of the perfect Incident Handling Process but rather as a good faith gesture to the community. There is a Latin Proverb that states, "A wise man learns by the mistakes of others, a fool by his own." I believe a wise man also learns from the experiences of others. Hopefully this month's column puts both of us on a path towards wisdom.

del.icio.us

Discuss in Forums (7)

The top threat affecting the world right now is the ANI Zero Day. Even the Internet Storm Center's INFOCon status was bumped to yellow based on this threat alone. In order to protect yourself and the networks under your command, you need to see how devastating this attack can be.

[Enter stage left] Mati Aharoni of Offensive Security has put together an action movie demonstrating the evilness of this 0 day exploit. The Animated Cursor Overflow affecting all of Windows operating systems is demonstrated using his now famous live Linux security distro, BackTrack v2 with Metasploit 3. Admins, beware... and learn!

Stay tuned for a customized Ethical Hacker Network version of BackTrack v2 featuring MSF3 and a few other exclusive features. Be sure to check out our design contest for the EH-Net Special Edition of BT2.