-
Vince Kelly commented on the post, Progress Report for Week Ending, September 29, on the site 6 years, 7 months ago
Pretty cool – got Ettercap running just using VM’s and Kali!
I posted a 9 minute video (with the PDF of the slides) of an example of an Ettercap M-t-M attack running on Hyper-V VMs only. I don’t know if it’s because Hyper-V was used for the VMM or if it works on VMW/Virtualbox VMM’s as well (happy to send the Hyper-V .vhdx VM files that yo…[Read more]
-
Vince Kelly commented on the post, ICE 5.1 Telling a Story through Visualization, on the site 6 years, 7 months ago
Chinese hackers accused of targeting US defence firms linked to South China Sea
Cybersecurity group says companies were targeted for information that could prove useful for Beijing in disputed maritime watersAs support for…[Read more]
-
Vince Kelly wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 7 months ago
Warning – 3 Popular VPN Services Are Leaking Your IP Address
A team of security researchers discovered vulnerable flaws with three VPN service providers that could compromise user privacy. The thr […]
-
Vince Kelly commented on the post, Progress Report for Week Ending, September 29, on the site 6 years, 8 months ago
Good post Kevin. What’s really scary about it (I think) is that it is going to become easier and easier to do this given that there are ‘tons’ of open source platforms and frameworks that are just now starting percolate thru git -like ROS, Microsoft Robotics Developer Studio, Orca, etc., etc, etc.
I’m certainly no expert here but I’d think…[Read more]
-
Vince Kelly wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
I wrote an example of a *very* basic, ‘El-Cheapo’ man-in-the-middle attack that leverages the Python socket library to ‘eavesdrop’ on a series of message transmissions between a ‘legitimate server’ VM and its […]
-
Vince Kelly commented on the post, Progress Report for Week Ending, March 1, on the site 6 years, 8 months ago
I wrote an example of a *very* basic, ‘El-Cheapo’ man-in-the-middle attack that leverages the Python socket library to ‘eavesdrop’ a series of message transmissions between a ‘legitimate server’ VM and its associated ‘client’ VM..
Basically, the attacking VM (called ‘Evil Server’) spins up a Python socket receive thread that accepts any…[Read more]
-
Vince Kelly commented on the post, Week 4 Update, on the site 6 years, 9 months ago
Interesting post Shi, thanks. It seems like a bit of a stretch thought don’t you think? It assumes the malware can be planted and then happily just sit there regulating/manipulating the workloads without being detected?
I guess you never know:)
Good point on wireless – I seem to recall that several of the early versions of Wireless NIC’s…[Read more]
-
Vince Kelly commented on the post, Week 4 Update, on the site 6 years, 9 months ago
yes, just a Surface Pro 4. If you have Windows10 it comes with it. I did a write up on how to turn it on and configure VMs over the last couple of weeks – *EXTREMELY* easy to do and use!!!!
Obviously, all those .iso’s and VM files suck up a lot of disk space – but then you’ve got that problem anyway for any hypervisor,. I just didn’t want…[Read more]
-
Vince Kelly commented on the post, Progress Report for Week Ending, September 22, on the site 6 years, 9 months ago
leaving comment per r=the request last week for everyone to test the community blog page
-
Vince Kelly commented on the post, Week 3 Update, on the site 6 years, 9 months ago
…..posting the XML failed a second time. I think this el-cheapo blogging tool may be trying to interpret the XML statements – so you’ll have to check it out on your own or send me an email and I’ll reply with the text
-
Vince Kelly commented on the post, Week 3 Update, on the site 6 years, 9 months ago
sorry, it looks like this blogging software truncated the config file text (I guess ya get what you pay for;). Here is the cut & paste of the configuration file again:
”Centos7 VM for VboxVMLab NGNE Fundamentals
base VM NO Software Installed
user=xxxxxxxxxxxxxxxxxxxxxxxxxxx
password=xxxxxxxxxxxxxxxxxxxxxxxall openstack…[Read more]
-
Vince Kelly commented on the post, Week 2 Update, on the site 6 years, 9 months ago
…follow-up to the initial story:
Pentagon reviews policy after fitness app reveals military locations
https://finance.yahoo.com/news/pentagon-reviews-policy-fitness-app-225200741.html“US Defense Secretary Jim Mattis has ordered a review of the [fitness tracking smart phone] situation”,
‘In a statement, the Pentagon said, “We take…[Read more]
-
Vince Kelly commented on the post, Week 1 Update, on the site 6 years, 9 months ago
good points. I wonder how long before the ramifications of having lax IoT security begin to manifest themselves in unexpected ways – Insurance companies refusing coverage to an company because it hasn’t upgraded it’s old SCADA controllers, 4th amendment issues with a law enforcement agency hacking into a driver-less car in order to determine…[Read more]
-
Vince Kelly commented on the post, Week 1 Update, on the site 6 years, 9 months ago
Mark,
First, thank you for your service. Totally agree with your assessment. In addition, what was worrisome to me was the observation about exploits that fall outside of the orderly scanning and patching process – for example the iPhone leveraging a nearby accelerometer to detect what someone typed. I seem to recall several years ago…[Read more] -
Vince Kelly commented on the post, Week 1 Update, on the site 6 years, 9 months ago
Thank you Jason. Completely understand and agree Jason – I guess its more a issue of quibbling/semantics. I don’t believe that dirtyc0w is a privilege escalation method at all, its simply a tool that can be used as part of privilege escalation – right? In other words, dirtyc0w itself doesn’t ‘do’ the privilege escalation any more than the C…[Read more]
-
Vince Kelly's profile was updated 7 years, 2 months ago