background preloader


Facebook Twitter


Cloud. DNS. Forensics. Honeypot. SSL. Pentest. Using WinDbg to Begin Reverse Engineering Unknown Malware from Memory. Hacks. PwnedList. Registry Decoder: Digital registry forensics. Home Of PaulDotCom Security Podcast. Network Security Blog.

Security Blogs. How to check if your details have been compromised. Ever wonder where the term "Pwned" came from?

How to check if your details have been compromised

Rumour has it that is started with the game World of Warcraft (WoW), where a map designer, intending to write "the player has been owned", mistyped it as "the player has been pwned". In any case, it is widely used today to mean you have been screwed in some way. So there I was, perusing the web, and I found this rather interesting piece on Brian Krebs' blog called Are you on the Pnwedlist? , a piece which introduces a new service from DVLabs (part of Tipping Point) called PwnedList.

PwnedList introduces itself as "...a tool that allows an average person to check if their accounts have been compromised. Now this will sound like great news to a lot of people. And no doubt that it could be useful if you needed proof that your identity has been compromised and wanted to "prove" the case to your bank or other businesses you interact with. This is not the first site to offer this service. Do you use the same password on several sites? Using Debian/Hardened SELinux — Debian SELinux Handbook v0.1.

Blog TechBiz Forense Digital. Livros para quem quer aprender sobre segurança da informação. Por Gustavo Lima+ em 14/09/11 às 3:29 pm A editora Jonas & Bertlett lançou um conjunto de 12 livros focados em segurança da informação e altamente recomendados.

Livros para quem quer aprender sobre segurança da informação

Estes livros compõem a série Information Systems Security & Assurance Series, ISSA. Eu acabei adquirindo na minha última compra o Security Strategies in Linux Platforms and Applications que por sinal é excelente. Esta série de livros tem como objetivo ensinar/treinar o leitor nos principais temas que envolvem segurança da informação, para isso, a editora criou um método bem interessante, no final de cada capítulo há um questionário sobre aquilo que foi explicado.

Excelente para os preguiçoso. Para o pessoal que deseja seguir a carreira técnica ou aprender como as coisas funcionam, eu recomendo os seguintes títulos: Security Strategies in Web Applications and Social Networking Security Strategies in Windows Platforms and Applications Security Strategies in Linux Platforms and Applications Hacker Techniques, Tools, and Incident Handling. Google is Your Friend - If You're a Lulzer. While the digital paparazzi were lined up waiting to snap photos of the Lulzboat crew getting vanned, some of us focused on how this collection of low tech script kiddies were able to knock over SONY, AT&T, the CIA, Arizona's DPS and numerous other sites and make off with highly confidential contents again and again.

Google is Your Friend - If You're a Lulzer

It turns out that they had an accomplice, Google. Now before the good townspeople grab their torches and pitchforks and beat a hasty path to Mountain View, let it be known that Google's part in these massive hacks isn't actually Google's fault. Or perhaps it can be if the public still wants to blame them anyway and question why this information is there on Google for the taking in the first place. But that's not really the issue at all. The blame in my opinion lies once again with the administrators of the sites which were attacked. After all, page crawls weren't considered privileged information - they're all part of the "public internet" available to anyone who drops by. or. A Tcpdump Tutorial and Primer. Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback] Por Gustavo Lima+ em 29/09/11 às 8:16 am Rafael, um profissional que já trabalhou na pesquisa e no desenvolvimento de vacinas e antivírus, indicou o livro, The Art of Computer Virus Research and Defense, o qual foi base para o seu curso de pós-graduação focado na análise de Malware.

Coruja de TI Indica o Livro: The Art of Computer Virus Research and Defense [Paperback]

SSHtrix - Multithreaded SSHv1 e SSH1v2 cracker. Por Gustavo Lima+ em 17/09/11 às 9:54 pm SSHtrix é uma daquelas ferramentas que precisam constar no seu cinto de utilidades de pentest, eles simplesmente consegue realizar login cracker multithreaded em SSHv1 e SSHv2.

SSHtrix - Multithreaded SSHv1 e SSH1v2 cracker

Simples, rápido e fantástico, essa ferramenta é muito útil na hora de realizar um teste para saber se a password utilizada para o usuário X via ssh está forte ou não. A instalação do SSHtrix não é uma das coisas mais simples, porém, eu consegui fazer um guia depois de passar alguns minutos debugando o carinha. Vejam que este tutorial foi feito para instalação no BackTrack 5 R1, vamos lá: apt-get install libssl-dev # Instalando Openssl-Devel apt-get install cmake wget --no-check-certificate libssh-0.5.2.tar.gz tar -xvf libssh-0.5.2.tar.gz cd libssh-0.5.2 mkdir build cd build/ cmake /pentest/stressing/sshtirx/sshtrix-0.0.1/libssh-0.5.2 -DCMAKE_BUILD_TYPE=Debug make && make install cd .. ldconfig wget tar -xvf sshtrix-0.0.1.tar.gz.

How To Set Up SSH Encrypted MySQL Replication - Network Computing - StumbleUpon.