Using twitter to build password cracking wordlist This is going to be a quick one. We're going to show how to use twitter to build a word list for cracking passwords. We'll use John the Ripper, and as a target we'll use the MilitarySingles.com md5 password hashes that were released by the artist formerly known as lulzsec. First, let's hack out a quick script that will get relevant tweets for us. And yes, I use a lot of tabs.
Mobile Pwn2Own at EuSecWest 2012 - MWR Labs Today MWR Labs demonstrated an Android vulnerability at the EuSecWest Conference in Amsterdam. The demonstration of the 0day exploit took place at the Mobile Pwn2Own competition. The exploit was developed in a team effort between our South African and UK offices. The vulnerability was found and the exploit was developed by Tyrone and Jacques in South Africa and Jon and Nils in the UK.
Blackhat paper - I, Hacker Well, my talk for Blackhat (My Arduino can beat up your hotel room lock) is over. Â Things could've gone better in terms of execution -- went through it too quickly and ended up using 30 minutes of my 60 minute slot. Â But people really enjoyed it and I spent a good hour or so answering questions. Now it's time to release everything. There's still work to be done on the paper, but that will happen in time.
(In No Order of Preference. Hover over links for book previews) Penetration Testing Building a Security Lab Professional Penetration Testing by Richard is good starting point for most of the average professional out there to start and operate a formal hacking and pentesting lab. For advanced folks, some chapters may be little generic but nevertheless provides good dos and don’ts while designing a lab. Must Have Security Books - The iViZ Blog
Pentesting VOIP From BackTrack Linux This article was contributed by NightRang3r. Penetration Testing VOIP with BackTrack
application vulnerability | Penetration Testing | website security testing
The malicious code in x86/x64 firmware can potentially reside in many places. One of them is in the PCI expansion ROM. In the past, the small amount of memory during PCI expansion ROM execution acted as a hindrance to this malicious code. The limited space for codes and data limited the possible tasks that could be carried out by such malicious codes. However, this article explains how a malicious PCI expansion ROM might exploit a little-known BIOS memory management interface to break through the memory “barrier,” thus creating a potentially more complex threat. The discussion in this article is limited to PCI expansion ROM conforming to PCI firmware revision 3.1 specification. Malicious Code Execution in PCI Expansion ROM
Introduction - Metasploit Unleashed “If I had eight hours to chop down a tree, I’d spend the first six of them sharpening my axe.” -Abraham Lincoln This saying has followed me for many years, and is a constant reminder to me that approaching a problem with the right set of tools is imperative for success. So what does this semi philosophical opening have to do with the Metasploit Framework? Before approaching a penetration test or an audit, I take care to “sharpen my tools” and update anything updatable in BackTrack. This includes a short chain reaction, which always starts with a prompt “msfupdate” of the Metasploit framework.
Black Hat ® Technical Security Conference: USA 2011 // Venue Caesars Palace Las Vegas, NV • August 3 - August 4 Cofer Black 10th Anniversary of 9/11 and Lessons Learned for Black Hat