Here is a link that may help everyone on assignment 2 and 3. You will be able to see more information on the left side if you follow the tree. Also, you can search previous versions of windows group policy information for a step-by-step guide. The one I like is for Windows 2000. Keep in mind, the Windows 2000 guide is like version 1 of the…[Read more]
Flash can be disabled in all popular internet browsers. Plus, you can set up office to not allow files with flash or any plug in.
To stop flash in group policy:
Search Group Policy editor –> Computer Configuration –> Administrative Templates –> Windows Components –> Internet Explorer –> Security Features –> Add On…[Read more]
Fred Zajac commented on the post, Kali Update – 404 error when using update && upgrade, on the site MIS 5212-Advanced Penetration Testing 1 week, 3 days ago
Sorry, here is the information link. Just realized I forgot to include.
Fred Zajac wrote a new post, Kali Update – 404 error when using update && upgrade, on the site MIS 5212-Advanced Penetration Testing 1 week, 5 days ago
I was getting the 404 with several tools when apt-get update && apt-get upgrade. This command worked.
wget -q -O – archive.kali.org/archive-key.asc | apt-key add
You can read more up on repositories on […]
Sorry, here is the information link. Just realized I forgot to include.
Thanks Fred, this will definitely help!
Thanks for sharing. My kali from last semester works with this command:
wget -q -O – https://archive.kali.org/archive-key.asc | apt-key add
I also got 52 upgrades including exploitdb for metasploit:
root@kali:~# apt-get -y upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
bsdmainutils burpsuite cracklib-runtime dbus dbus-user-session dbus-x11
exploitdb firmware-amd-graphics firmware-atheros firmware-bnx2
firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intel-sound
firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi
firmware-libertas firmware-linux firmware-linux-nonfree
firmware-misc-nonfree firmware-myricom firmware-netxen firmware-qlogic
firmware-realtek firmware-samsung firmware-siano firmware-ti-connectivity
gnome-control-center gnome-control-center-data gnome-terminal
gnome-terminal-data imagemagick imagemagick-6-common imagemagick-6.q16
libaudit-common libaudit1 libcrack2 libdbus-1-3 libicu57
libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3
libsodium18 libtiff5 metasploit-framework python-flask python-formencode
python-tornado recon-ng sysstat
52 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
The general public is way too willing to add content to their social conglomerate that they are forfeit basic privacy.
Challenge questions that can be guess by visiting social media sites:
What is your high school mascot?
Where did you go to elementary school?
What road did you grow up on?
What is your favorite sports team?
We are using Patch Management for our clients using a third-party product. If you are interested in the product, let me know and I will give you info.
One of the things you mention is patching causing issues with applications. This is something we run into from time to time from our clients. Another issue we have is patching…[Read more]
Satwika & Frederic,
I agree patching is a very big deal, but what if the IoT manufacture didn’t provide enough space for constant patching? Example: Hardrive limit.
The patching will crash the hard drive at some point because of the file additions. Also, as you mention in a previous post,
The manufacturer may have used a very basic…[Read more]
Are you in the mood for love, but forgotten what love is?
Valentine’s Day is a day when people of all ages express their “love” towards people very close to them. Elementary schools are engaging in […]
I would also like to see these scanners, but playing the other side of the coin…
The users of these scanners are creating the database for them. Example: As a pentester, I use Chronicle to search for vulnerabilities of a specific IPAddress. It then scan’s the IPAddress for vulnerabilities. It does or doesn’t identify…[Read more]
Another online scanner you may want to check out is Censys.io. It uses Zmap and Zgrab to identify specific information about a network. It is glitchy sometimes and have to play around with how you search for mulitple IPAddresses or even a range, but it is a good and quick recon tool to identify how you may want to handle the pentest.
I am a fan of Nessus and OpenVAS. Nessus is free and available for Windows. You can download on local host and scan your home / small office network. Nessus / Tennable offers several plug-in’s for different types of scans. You could also do the basic scan, which we did in Ethical Hacking, but this won’t discover the Mirai vulnerability. You…[Read more]
Fred Zajac commented on the post, Amazon to Let Delivery Drivers Open your Front Door, on the site ITACS 5211: Introduction to Ethical Hacking 2 months, 3 weeks ago
Great find! Here is a quick story…
I used to own a corner property between the local middle school and elementary school. It wouldn’t be uncommon to see groups of kids walking across my property before and after school. On a few occasions, I would have packages missing from my door. I remember a cell phone and cable box…[Read more]
CNBC.com repots uber was hacked because of a third party web provider. They paid $100,000 to keep things quiet. The FTC is looking at uber policies regarding employee and privacy.
small but it shows c […]
Great post. I was very shock that Uber didn’t announced data breach and try to use money to cover up.
I don’t believe that UBER was hacked. UBER had a long history on setting on setting customers and drivers data. They always come with new stories about been victims.
A quick search on Google will give you the statistics about how many times UBER was hacked.
The decision to allow certain penetration and vulnerability scan tools should be properly discussed prior to deployment, and each tool should be assigned to the utility owner. The utility owner will be the only authorized administrator, which would assign other users.
I believe the decision to allow these tools is based on the job description…[Read more]
Nick Wells reported a story on CNBC.com with a headline suggesting online fraud is not a bad thing.
He comments on a report from Forter, an e-commerce fraud-prevention company. Forter monitors customer […]
Interesting article Fred. I am not really sure how I feel about Nick Wells’ statement. When he said, “It’s the cost of doing business.”, I completely agree with it. There are always risks making purchases online and one need to be proactive in paying close attention to what links you are clicking on and if the websites are legitimate. I don’t necessarily feel comfortable when he says “A little bit of fraud helps.” I personally do not want to be that 2% and I do not think anybody wants to. I am not that familiar, but possibly some fraud cases are easily solved, but what about the ones that are not? The ones where others are going months and months of trying to get everything resolved.
I have to agree with Elizabeth. Just because the fraud occurring benefits the consumer instead of them being the victim doesn’t make the fraud ok. In the same vein, just because brick and mortar stores plan and budget for shrinkage doesn’t make stealing from them ok, no matter how large and greedy the retailer may be. Fraud is a cost of doing business that retailers and consumers should plan for, but I don’t think it is ever ok to just accept that that is how things are. They should plan for if it happens but take steps to prevent it from happening in the first place.
Fred Zajac wrote a new post, Is it possible for a plastic surgeon to implant revenge?, on the site ITACS 5211: Introduction to Ethical Hacking 3 months, 2 weeks ago
A plastic surgeon of the celebrities in London decided to fight back against the hacker group, “Dark Overlord” after the group downloaded patient pictures and information. Fighting back by organizations has been […]
- Load More