Security

F1 Key Lets The Bad Guys In

By jpereira ⋅ March 1, 2010 ⋅ Post a comment

Microsoft warns of new IE code execution flaw

SQL Injection: Lazy Mans Method

By jpereira ⋅ February 16, 2010 ⋅ One comment

This lazy mans method is probably for you. It requires: (1) very little thought, (2) a vulnerable site and (3) a few skills at working your command prompt.

Black Market Vulnerability Detection

By jpereira ⋅ February 13, 2010 ⋅ 2 comments

For most security professionals, subscribing to security alerts is a must. These are often subscription services or bulletins that are posted by the makers of commercial security software.
A second way to ensure that you are completely up to date with the latest vulnerabilities and exploits is to monitor the web sites of what I [...]

How To: Enumerate Directories and Files

By jpereira ⋅ February 12, 2010 ⋅ 10 comments

How can a pen-tester identify directories and files that are hidden from the public? This is where it gets easy.

How I Will Hack You – Part III: ‘You’ll Do What You Do Best’

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

I have now taken the guess work out of my confidence scheme. I can now deal with you using actual facts.

How I Will Hack You – Part II: ‘Thanks For The Info’

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

I know Old Gorman, his employee kitchen, his financials, his employees, his products, his vendors. To be blunt I own Old Gorman.

How I Will Hack You – Part I: ‘The Disturbed Customer’

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

I am in the trust business. Gaining it dishonestly that is. Sort of a conundrum, gaining trust dishonestly, huh?

Mini Series: ‘How I Will Hack You’ – Introduction

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

A streetwise guide to protecting your company from hackers and intruders.

Social Engineering: Test To Protect, Part IV

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

PDF Key Scanner
Goal: Send an email to your customer support department with title – “Acceptable Internet Use Policy” and body “Please carefully review the attached PDF – it contains changes to our Acceptable Internet Use Policy (AIUP). Regards, Human Resources”.
The goal is to get employees to open this PDF.
Description:
This PDF has been [...]

Social Engineering: Test To Protect, Part III

By jpereira ⋅ February 8, 2010 ⋅ Post a comment

Spoof and Steal
Goal: Spoof your company’s login page. Send an email asking certain employees to click the provided link and login to your companies service to change their password. Hook to use: “due to new company policy you must change your password today and every 90 days henceforth.”
Description: If your company login site is login.yourcompany.com [...]

Search

F1 Key Lets The Bad Guys In

SQL Injection: Lazy Mans Method

Black Market Vulnerability Detection

How To: Enumerate Directories and Files

How I Will Hack You – Part III: ‘You’ll Do What You Do Best’

How I Will Hack You – Part II: ‘Thanks For The Info’

How I Will Hack You – Part I: ‘The Disturbed Customer’

Mini Series: ‘How I Will Hack You’ – Introduction

Social Engineering: Test To Protect, Part IV

Social Engineering: Test To Protect, Part III

Categories

Get Texted With Updates

Standard rates may apply from your carrier

Recent Comments

Most Emailed

Meta

Search

Security

Categories

Get Texted With Updates

*Standard rates may apply from your carrier*

Recent Comments

Most Emailed

Tag Cloud

Meta

Standard rates may apply from your carrier