background preloader

Securite

Facebook Twitter

Guides de responsabilité sur les réseaux sociaux. En cette rentrée 2012, la Commission scolaire des Patriotes (au Québec) a mis en ligne 2 guides de qualité élaborés dans un cadre pédagogique qui comprennent des conseils pratiques pour agir de manière responsable sur les médias sociaux : Guide à l’intention des élèves et leurs parents : Vivre sur les médias sociaux comme dans la vraie vie!

Guides de responsabilité sur les réseaux sociaux

Framapad. Framablog. How to Crack WPA2 WPS WiFi password. Wifi Protected Setup or WPS is a 802.11 certified standard for delivering security over your Wireless network.

How to Crack WPA2 WPS WiFi password

Wi-Fi Protected Setup enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. WPS has been accompanying WPA2 since 2007, with over 200 wireless routers that support WPS with WPA2. Warning: This guide is to showcase weaknesses in Wifi security standards & is purely for educational purposes only. The Best Hacking Tutorial Sites - Learn Legal Hacking. Written by: Daniel Robson•edited by: Aaron R.

The Best Hacking Tutorial Sites - Learn Legal Hacking

•updated: 2/13/2011 Whether it's to understand potential attack vectors or simply for the fun of it, learning the basics of hacking is something that a lot of people aspire to. Here's our list of the top tutorial based hacking sites. Introduction Films like Swordfish and Hackers have made hacking seem cool, a lifestyle choice almost. Hacking - Beginning txt. Hacking Websites with SQL Injection - Computerphile.

How to easily delete your online accounts. Internet responsable. CYBER-RESISTANCE : COMMENT SURFER ANONYME EN DEUX MINUTES. Une petite piqure de rappel grand public, ça ne fait pas de mal… Merci à l’équipe de Linux Manua pour ce travail de vulgarisation indispensable !

CYBER-RESISTANCE : COMMENT SURFER ANONYME EN DEUX MINUTES

[Linux Manua - 17/03/2009] En ces temps obscurs de surveillance généralisée et de répression, être anonyme sur le Net devient essentiel – Alors voilà la méthode pour avoir temporairement une adresse IP du Canada, de Russie, des Seychelles et même de Chine (un comble) puis, par exemple : dénoncer les lois liberticides visant à surveiller le Web et réprimer les internautes,critiquer les puissants sans retenue et sans risquer la répression,riposter aux satrapes qui traitent les internautes de terroristes ou de criminelstélécharger des fichiers interdits par des législations locales dictées par des lobbys mercantiles, Bien entendu, ces fictions invraisemblables ne concernent pas la France, pays de la Liberté. Mes propos se veulent aussi universels et apolitiques. 1) Se connecter à un serveur proxy anonyme étranger gratuit : hostip.fr ip-adress.com. Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells.

Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT.

Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells

Don’t call security, I did this in a contained environment within virtual machines. To continue on with my pen testing experiment, in this post I’ll explore a few basic steps and techniques used by hackers after they’ve entered a system. Where Am I? One of the first tasks for a hacker is to map out the surrounding terrain in the victim’s environment. Remember: the RAT is running on some remote computer, and the only information the hacker has is a single public IP address. As a practical matter, you’d want to know what other computers are connected to the target. One quick baby step is simply to look at the ARP tables. The address resolution protocol or ARP is used to map IP addresses to MAC addresses. Exploring the local network with arp -a. Penetration Testing Explained, Part II: RATs! Remote Access Trojans or RATs are vintage backdoor malware.

Penetration Testing Explained, Part II: RATs!

Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you want to get a handle on what hackers are doing after they’ve gained access, you’ll need to understand more about RATs. A RAT’s Tale RATs came on the scene in the late 1990s or early aughts, and may have been first used as administrative tools—hence its other name, Remote Administrative Tool.

But it quickly evolved backdoor capabilities and became stealthier and deadlier. BO2K, SubSeven, and Netbus are just a few of the more common critters in the RAT world — see this Microsoft TechNet article for a complete rundown. Penetration Testing Explained, Part IV: Making the Lateral Move. You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land.

Penetration Testing Explained, Part IV: Making the Lateral Move

You’re scrounging around the victim’s website using what’s available — shells, networking utilities, berries, poorly protected password files, etc. Kidding about the berries, but the idea is to import as little malware as possible and leverage what you find for more exploration and new attacks. This whole topic goes under the name of “malware-less” hacking, which is much harder to detect than old-school techniques. Ed Skoudis noted in our interview last month that attackers are even starting to use PowerShell for their post-exploit work.

This next post in the series will focus on moving off the original hacked site — lateral movement in pen testing speak. Acme Company Domain If you can find the goodies on the original target’s site, then you make a quick getaway. I now will disclose that I made the server firewall less restrictive than was called for in the Amazon specs. Penetration Testing Explained, Part VI: Passing the Hash. We’re now at a point in this series where we’ve exhausted all our standard tricks to steal credentials — guessing passwords, or brute force attacks on the hash itself.

Penetration Testing Explained, Part VI: Passing the Hash

What’s left is a clever idea called passing the hash or PtH that simply reuses a password credential without having to access the plaintext. Mimikatz Remember the simple test environment I had set up? I have a Windows domain with two servers for the mythical Acme company with its beer-based server naming scheme.

Penetration Testing Explained, Part VII: Exfiltration and Conclusions. In this series of posts, I covered ideas to get you started using basic testing software to find security vulnerabilities.

Penetration Testing Explained, Part VII: Exfiltration and Conclusions

There are more advanced tools, such as Metasploit, which lets you speedily try different hacking scenarios, but many of its principles are based on what I’ve already written about. In short: you can get a lot of mileage from trying out simple remote access trojans or RATs, reverse shells, password/hash crackers, hash dumping, and pass-the-hash in your own IT environment. Whatever approach you settle on, keep our Inside Out philosophy in mind. Penetration Testing Explained, Part I: Risky Business. In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment.

Penetration Testing Explained, Part I: Risky Business

You can find this requirement in HIPAA, PCI DSS, EU GDPR, NIST, and SANS, to reel off just a few four- or five-letter abbreviations. What is risk assessment? It’s the process by which you decide where the vulnerabilities are in your system, the likelihood of the holes being exploited, and then the potential impact on your business. The Art of Risk Assessment If you want a more formal definition, here’s how the folks at the Payment Card Industry (PCI) define it: Process that identifies valuable system resources and threats; quantifies loss exposures (that is, loss potential) based on estimated frequencies and costs of occurrence; and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure. Risk assessment, though, is more than just an item you check off after chatting with your IT admins.

Enter the Pen Tester.