Penetration Testing
Page 1 of 612345...Last »

Mar 21st, 2013

Comments: 0
Category: Penetration Testing
Read More

Tools of the trade – USB powered Switches

As a bit of a tech geek I have a tendency to pick up a variety of pieces of hardware and software to see if they’ll be useful on tests.  One of my more successful purchases has been a USB powered Ethernet switch that handles PoE pass-through and has a couple of mirrored ports. It’s pretty compact so it goes easily […]

Jan 20th, 2011

Comments: 0
Category: Penetration Testing
Read More

Just the Facts Ma’am

Sometimes when you’re testing it’s good to be able to quickly get a feel for where to focus your attention or to get an overview of all the ports you’ve got open, so you can be sure you investigate all of them. Once you’ve done several scans as part of a job, you end up […]

Oct 25th, 2010

Comments: 0
Category: Penetration Testing
Read More

Creating a Simple Vulnerability Database – Part 2

We left off last time having created a simple vulnerability database using Ruby on Rails. So the next piece of the puzzle is getting that data into Dradis. Luckily Dradis has a nice plugin system which is designed to ease the process of importing and exporting data from Dradis, so this isn’t too tricky. Creating […]

Oct 20th, 2010

Comments: 0
Category: Penetration Testing
Read More

Creating a Simple Vulnerability Database – Part 1

One of the main tools that I’ve found useful in pen. testing is the Dradis Framework, it’s a good way of keeping track of findings and notes during a test and I’ve also found it’s template feature is good for keeping a list of things to remember during a test. One of the features available […]

Jan 4th, 2010

Comments: 0
Category: Penetration Testing
Read More

Tools I use – Burp

I’ve been meaning to do a post on burp for a while, and courtesy of my new years resolution to stop procrastinating, here it is 🙂 I was thinking of a way to sum up burp, so far the best I’ve got is “If you’re doing web application testing and not using Burp, you’re missing […]

Oct 28th, 2009

Comments: 0
Category: Penetration Testing
Read More

Tools I use – Dradis

I’ve been using Dradis for a couple of months now. It’s an interesting piece of software that’s designed to help teams of people share information on penetration tests. That said I find it useful on the tests I do even when I work alone. Essentially Dradis provides the base environment for users to work in, […]

Aug 26th, 2009

Comments: 1
Category: Penetration Testing
Read More

Testing SNMPv3

After encountering some SNMPv3 servers recently and looking into the differences from a pen. test perspective, I thought it may be worth a quick write-up. SNMPv1 and v2 do not respond when traffic is sent their way unless there is a valid community string in the message, a fact used by scanners like onesixtyone . […]

Aug 9th, 2009

Comments: 0
Category: Penetration Testing
Read More

Defcon 17

So I got across to Defcon this year (and of course security Bsides) There were several interesting presentations , here’s some notes on some of the ones that I got along to. The CD is up at defcon.org, and you can get the slides for most of the presentations there. SSL Talks – There were […]

May 12th, 2009

Comments: 2
Category: Metasploit
Read More

Some Metasploit and Oracle Notes – Part 2

So More Oracle and Metasploit stuff tonight. as CG pointed out on the last post, most of this has been covered on his series of posts at the carnal0wnage blog (and lots more besides), this is just my working through the process for my own benefit and hopefully pointing out some of the potential things […]

May 4th, 2009

Comments: 0
Category: Metasploit
Read More

Metasploit Resources

So I’ve been playing a bit with Metasploit over the holiday weekend (hey what are days off for..), and as usual when researching stuff, I’ve come across a load of links I don’t want to lose track of, so I’ll put them up here, may be useful to someone else as well.. I’ll refrain from […]