The Ethical Hacker Network - Latest posts of: KevinInGuardians

Latest Additions

EH-Net Login

Welcome Guest.

No account yet? Register

Who's Online
We have 43 guests online

Free Business and Tech Magazines and eBooks

You are here: Home

EH-Net

May 22, 2013, 09:12:56 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

Login

Register

Show Posts
Pages: [1]

1	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part III: Network Reconstructive Surgery	on: March 30, 2009, 10:36:20 AM
Quote from: vijay2 on March 30, 2009, 09:20:33 AM Thanks Kevin, Sounds like a little research project VJ That would be wonderful! Kevin

2	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part III: Network Reconstructive Surgery	on: March 30, 2009, 10:35:38 AM
Quote from: Ketchup on March 30, 2009, 09:55:43 AM Quote from: KevinInGuardians on March 30, 2009, 08:32:29 AM Quote from: Jhaddix on March 25, 2009, 06:49:40 AM Is the recording up for this yet? You don't happen to have a link for it, do you? Thanks! The archive on SANS' website is at https://www.sans.org/webcasts/show.php?webcastid=92114 Kevin

3	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part III: Network Reconstructive Surgery	on: March 30, 2009, 08:35:52 AM
Quote from: vijay2 on March 25, 2009, 08:19:28 AM I guess this question is not particularly related to this WebCast, but maybe Kevin or Ed point me to some decent documentation for BeEF. Just looking for background info, setup and workings. Thanks VJ I am not sure of any "good" documentation other then the bit on the bindshell.net web site. It has a bit of information. You can also find some postings on various blogs around the internet. Kevin

4	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part III: Network Reconstructive Surgery	on: March 30, 2009, 08:32:29 AM
Quote from: Jhaddix on March 25, 2009, 06:49:40 AM Is the recording up for this yet? Hi- Yes, my understanding is that the recording is now available. Kevin

5	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny	on: January 23, 2009, 12:21:33 PM
Quote from: mtgarden on January 22, 2009, 10:53:21 AM Where would I find an older/vulnerable version of Joomla to test with w3af? Setting up a VMWare environment: Debian etch LAMP to host Joomla and a Samurai machine as a pentesting environment. Thanks. Joomla 1.0 is available here: http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=3365 You can then update to what ever version using the patches. Kevin

6	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Part II: Client-Side Mutiny	on: January 22, 2009, 10:39:48 AM
I would like to second Ed's thanks for the kind words and I am looking forward to the conversations starting here. Kevin

7	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:48:11 AM
Quote What tools can be used to automate SQL injection attacks? There are a number tools for SQL injection. SQLMap and Absinthe come to mind immediately. SQLMap is available from http://sqlmap.sourceforge.net Absinthe is available from http://www.0x90.org I personally recommend w3af as it includes SQLMap and many other tools for web testing. W3af is available from http://w3af.sourceforge.net

8	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:46:15 AM
Quote Options to prevent the "BeEF" attack is preventing the use of a wireless network by an admin ? Actually, the only prevention of BEeF attacks is to fix the XSS vulnerabilities within applications.

9	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:45:37 AM
Quote Does BeEf leave a signiture rthat can be searched? The hook script does not. Currently it is not detected by any antivirus tools that I have tested. The controller application is detected by antivirus.

10	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:44:47 AM
Quote How do you rate BeEF in comparison to metasploit? Similar? Better? Just another tool? BEeF and metasploit actually fit into two different niches. Metasploit is an framework for creating, building and delivering exploits. BEeF is a framework for delivering browser payloads, but does not provide any means for creating or building them.

11	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:43:48 AM
We received many questions about the Tokoso! tool and where to look into it. Quote Yokoso! Is the tool I mentioned. It is an infrastructure fingerprinting system delivered via XSS attacks. More information regarding it is available at http://yokoso.inguardians.com

12	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:42:14 AM
In the next few posts, I am going to post some of the questions we received after the web cast was finished as well as answering them. Kevin

13	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 22, 2008, 10:37:31 AM
Quote from: vijay2 on October 22, 2008, 07:34:45 AM Great webcast guys, finally got it it . Now that I have listened to it, I have new tools to play around with. Kevin - I was just browsing through the samurai CD and could not see BeEF on it. As there plans to put it there ? Thanks VJ Glad to hear you are checking out Samurai. As to BEeF, it is installed. Since it is a web application, it is found in the bookmarks on Firefox. The controller and the hook are in the "Samurai Tools" bookmark folder. Kevin

14	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 21, 2008, 11:37:13 AM
Quote from: Thomas on October 17, 2008, 07:18:50 PM I missed it live but I watched the archive yesterday. It was really good to see how different pen testers approach different customer scenarios. Glad to hear you enjoyed it. I always love hearing tips and tricks from the perspective of other people also. Quote from: Thomas on October 17, 2008, 07:18:50 PM I am looking forward to Part II and will spend some time with BeEF until then. As you can tell from the webcast, BEeF is one of my favorite tools. I recommend highly that you look into how to expand the system. Kevin

15	EH-Net / Special Events / Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I	on: October 16, 2008, 08:42:26 AM
Quote from: BillV on October 15, 2008, 01:03:03 PM There was a tool mentioned on the 'Using XSS to pivot' slide... it was briefly mentioned about comparing administrative interface fingerprints (or something similar). Can you post a link/name of that tool or maybe a brief rundown of what it does if I misunderstood? Hi BillV, The tool we mentioned is Yokoso! and will be at yokoso.inguardians.com. We are currently looking to get fingerprints from people and are hoping to get the first set of tools out this weekend. (Depending on my copious amounts of free time) If you would like to help out, yokoso@inguardians.com or the developers mailing list are perfect places. Kevin

Pages: [1]

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com

Page created in 0.09 seconds with 21 queries.

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format! Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Polls

Compared to this year, 2013 will be:

	Great!
	Better.
	About the same.
	Little worse.
	FUBAR!

Recent Forum Topics

EH-Net News Feeds
Latest Additions

Privacy Notice
for TDCC & All Properties

Advertisement

© 2013 The Ethical Hacker Network

Joomla! is Free Software released under the GNU/GPL License.