Pretty cool – got Ettercap running just using VM’s and Kali!
I posted a 9 minute video (with the PDF of the slides) of an example of an Ettercap M-t-M attack running on Hyper-V VMs only. I don’t know if it’s because Hyper-V was used for the VMM or if it works on VMW/Virtualbox VMM’s as well (happy to send the Hyper-V .vhdx VM files that yo…[Read more]
Chinese hackers accused of targeting US defence firms linked to South China Sea
Cybersecurity group says companies were targeted for information that could prove useful for Beijing in disputed maritime waters
As support for…[Read more]
Vince Kelly wrote a new post, Warning – 3 Popular VPN Services Are Leaking Your IP Address, on the site MIS 5212-Advanced Penetration Testing 1 year, 5 months ago
Warning – 3 Popular VPN Services Are Leaking Your IP Address
A team of security researchers discovered vulnerable flaws with three VPN service providers that could compromise user privacy. The thr […]
Good post Kevin. What’s really scary about it (I think) is that it is going to become easier and easier to do this given that there are ‘tons’ of open source platforms and frameworks that are just now starting percolate thru git -like ROS, Microsoft Robotics Developer Studio, Orca, etc., etc, etc.
I’m certainly no expert here but I’d think…[Read more]
Vince Kelly wrote a new post, El Cheapo Man-in-the-middle Attack Example Video and PPT Available, on the site MIS 5212-Advanced Penetration Testing 1 year, 5 months ago
I wrote an example of a *very* basic, ‘El-Cheapo’ man-in-the-middle attack that leverages the Python socket library to ‘eavesdrop’ on a series of message transmissions between a ‘legitimate server’ VM and its […]
I wrote an example of a *very* basic, ‘El-Cheapo’ man-in-the-middle attack that leverages the Python socket library to ‘eavesdrop’ a series of message transmissions between a ‘legitimate server’ VM and its associated ‘client’ VM..
Basically, the attacking VM (called ‘Evil Server’) spins up a Python socket receive thread that accepts any…[Read more]
Interesting post Shi, thanks. It seems like a bit of a stretch thought don’t you think? It assumes the malware can be planted and then happily just sit there regulating/manipulating the workloads without being detected?
I guess you never know:)
Good point on wireless – I seem to recall that several of the early versions of Wireless NIC’s…[Read more]
yes, just a Surface Pro 4. If you have Windows10 it comes with it. I did a write up on how to turn it on and configure VMs over the last couple of weeks – *EXTREMELY* easy to do and use!!!!
Obviously, all those .iso’s and VM files suck up a lot of disk space – but then you’ve got that problem anyway for any hypervisor,. I just didn’t want…[Read more]
…..posting the XML failed a second time. I think this el-cheapo blogging tool may be trying to interpret the XML statements – so you’ll have to check it out on your own or send me an email and I’ll reply with the text
sorry, it looks like this blogging software truncated the config file text (I guess ya get what you pay for;). Here is the cut & paste of the configuration file again:
Centos7 VM for VboxVMLab NGNE Fundamentals
base VM NO Software Installed
all openstack…[Read more]
…follow-up to the initial story:
Pentagon reviews policy after fitness app reveals military locations
“US Defense Secretary Jim Mattis has ordered a review of the [fitness tracking smart phone] situation”,
‘In a statement, the Pentagon said, “We take…[Read more]
good points. I wonder how long before the ramifications of having lax IoT security begin to manifest themselves in unexpected ways – Insurance companies refusing coverage to an company because it hasn’t upgraded it’s old SCADA controllers, 4th amendment issues with a law enforcement agency hacking into a driver-less car in order to determine…[Read more]
First, thank you for your service. Totally agree with your assessment. In addition, what was worrisome to me was the observation about exploits that fall outside of the orderly scanning and patching process – for example the iPhone leveraging a nearby accelerometer to detect what someone typed. I seem to recall several years ago…[Read more]
Thank you Jason. Completely understand and agree Jason – I guess its more a issue of quibbling/semantics. I don’t believe that dirtyc0w is a privilege escalation method at all, its simply a tool that can be used as part of privilege escalation – right? In other words, dirtyc0w itself doesn’t ‘do’ the privilege escalation any more than the C…[Read more]