Quick tip on how to easily brute-force a password when users are using really lame passwords: Episode 294 Show Notes Episode 294 Part 1 (mp3) Episode 294 Part 2 (mp3) Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Learn how to use some useful scripts and tools to create an index page of all discovered HTTP(S) services: Episode 291 Show Notes Episode 291(mp3) Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Remember a while back we talked about using a “police scanner” to monitor POCSAG and Flex pager traffic, as well as listening in to 900Mhz baby monitors and cordless phones. Well, that was pretty fun, but it took a couple hundred dollars in gear AND a laptop. What if there was a better way?: Episode […]
Shout out to the fine folks at Offensive Security who wrote Metasploit Unleashed: Episode 290 Show Notes Episode 290 Part 1 (mp3) Episode 290 Part 2 (mp3) Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
The fine folks at LMG tell us all about a fun challenge and give you some technical tips on network forensics: Episode 290 Show Notes Episode 290 Part 1 (mp3) Episode 290 Part 2 (mp3) Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or […]
 2011 was a busy year for the Security Onion project and its owner Doug Burks. I just did a quick count of the releases on SourceForge and came up with a total of 32 for 2011! A number of these were bug fixes or application upgrades, but there were quite a few new apps […]
Here’s a handy tool to double check the SSL configuration of your web server. Â You’ve got the host stood up, an SSL certificate deployed, but you’re not quite sure what options SSL is offering. Â Enter sslyze, a cross platform utility written in Python. Â Simply download the code from http://code.google.com/p/sslyze/, extract the archive and run from […]
Ok, really anything with a 3 character password is going to get compromised, but it being a SCADA system just makes this a bit more insane. Â The basics of this is that the city of South Houston made their water control system accessible from the internet and “protected” it with a 3 character password. Â Sure […]
A couple of weeks ago I saw someone mention a little script called BozoCrack on Twitter and I decided to check it out. What caught my attention is that BozoCrack simply “cracks” md5 hashes by doing a search on Google for that hash. Once it finds the hash and the text that goes with it, […]
I was reading through the show notes and the story about WordPress sites being compromised due to a timthumb vulnerability jumped right out at me. I recently finished doing some incident response on a number of sites compromised by this one. The vulnerability was initially reported by Mark Maunder, a user of WordPress and Timthumb. […]
