Security News #0x3A
- If you want to learn how exploits are developed, you definitely want to read the SCRT blog post showing how they developed an exploit for Mongo-DB.
- Do you want to learn how to crack passwords offline? Nate Anderson has a great piece on how he learned to crack’em using widely available tools.
- Websense reports that 93% of Java installations are still vulnerable to the most recent attacks.
- Do you want to see one of the exploits used at the recently concluded iCTF competition? Of course you do!
- If you are a student getting ready for an exercise, and are wondering what you might do after getting system on a Windows machine- say via an MS 09-050 attack, then you might want to take a look at Mimikatz. Just in case this applies to anyone reading this blog. Say in my class. That has an exercise next week.
- Digging around the net, I ran across an older blog post that shows what happens when the author tried an SSH honeypot named Kippo. It certainly seems worth another look….
- Learn how to pivot Metasploit through SSH.
- Andrew Sorensen blogs about his experience on Red Team at the Pacific Rim CCDC competition.
- You may also be interested in a write-up from the Red Team point of view of the ISTS exercise.