Home > Uncategorized > Security News #0x3A

Security News #0x3A

  • If you want to learn how exploits are developed, you definitely want to read the SCRT blog post showing how they developed an exploit for Mongo-DB.
  • Do you want to learn how to crack passwords offline? Nate Anderson has a great piece on how he learned to crack’em using widely available tools.
  • Websense reports that 93% of Java installations are still vulnerable to the most recent attacks.
  • Do you want to see one of the exploits used at the recently concluded iCTF competition? Of course you do!
  • If you are a student getting ready for an exercise, and are wondering what you might do after getting system on a Windows machine- say via an MS 09-050 attack, then you might want to take a look at Mimikatz. Just in case this applies to anyone reading this blog. Say in my class. That has an exercise next week.
  • Digging around the net, I ran across an older blog post that shows what happens when the author tried an SSH honeypot named Kippo. It certainly seems worth another look….
  • Learn how to pivot Metasploit through SSH.
  • Andrew Sorensen blogs about his experience on Red Team at the Pacific Rim CCDC competition.
  • You may also be interested in a write-up from the Red Team point of view of the ISTS exercise.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: