Ben Akrin has released a new IPv6 discovery tool that looks promising. Available from here: ipv6_surface_analyzer_1.0.tar.gz Purpose With more devices coming IPv6 ready out of the box, a shadow network is emerging that nobody is paying attention to. There’s...

One of the common techniques I generally use during a penetration test is often referred to as pivoting or leap frogging. Essentially, when you compromise one machine, the information on the single server often yields a second or multiple compromises...

The new version of set 3.0 is finally out! https://www.secmaniac.com/blog/2012/02/20/the-social-engineer-toolkit-set-3-0-wethrowbaseballs-has-been-released/ It is awesome to see we now have windows support, can’t wait to get cracking with it! new...

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal pentests when you want to quickly check for unauthorised...

The scenario for this post is that you’re connected to the local LAN of the systems you’re pentesting – possibly in a DMZ or multi-tiered architecture. If you’re on an externally-facing LAN, you may find that there aren’t...

awesome post by Tim Tomes on paul.dot that I will definately be adding to my arsenal, see below: Ever have that moment where hashes just aren’t good enough? Where you don’t have time or power to brute force a 15 character NTLM password? Well...

Great post form shipcode here http://blog.rootcon.org/2012/02/10-pentesting-linux-distributions-you.html about the different pentesting distro’s out there.

As a pentester I frequently find time is my biggest enemy for assessments, I am always running out of it, and if you don’t have a multi GPU password cracking machine like I have Cloudcracker.com may be your answer. https://www.cloudcracker.com A...

In case you didn’t already know, cisco have some fantastic Security Design Guides for the different solutions that you can implement, basically security BP’s for different network devices/layouts/designs. They have sample router/asa config’s...

Hi Everyone, I will be delivering a new presentation called ‘Security & real world threats’ at a Kiandra IT breakfast event on Wednesday 7th March. Detail below… If you are interested in attending, please drop me an email at securityservices...

For several years, companies and consultants pushed very heavily on enhancing perimeter security through the use of firewalls and other network defense technologies intended to prevent unwanted traffic from entering the network. While this hardened outer...

Although conferences, news articles, and everyday conversations make attacks on large organizations seem so simple, it may be hard to believe that these things work. The goal of this series of blog posts is to demonstrate the closest thing to getting...

You can find them here http://www.shmoocon.org/presentations to make your lives easier, I have compiled the list of them all for you just save the below into a text file, and in linux use wget –i and point it to the file… too easy! http:...

The latest version of THC-Hydra came out a few days, if you haven’t already tried Hydra, you don’t know what you are missing. Hydra is my choice hands down when it comes to a lot of the password cracking I do, in particular web based forms...

We should start to see all the stats for 2011 come out soon, here is the first major one for the year… http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx

Long Live IE! IE9 has again proved to be the most secure web browser.. see the post here , see below…. IE 9 proves 96-plus percent effective in blocking malware, while Chrome, Firefox, and Safari all lag Internet Explorer 9 should be the go-to...

Maltego 3.1 is the new flagship product from the guys at Paterva and offers a range of fantastic new features and enhancements to the already phenomenal product. If you haven’t tried Maltego , you don’t know what you are missing. Some of the...

Are you using BT5-Gnome and find that many of the tools are either missing or out of date? If the answer is yes then use this bt5-fixit.sh script to add many missing tools and replace the installed tools with their svn counter parts. You can find the...

I thought I would share a combination of Metasploit scripts I use to eviscerate networks on a large scale. These post-exploitation tools will make short work of controlling as many targets as possible and leverage work by Joshua “Jabra” Abraha...

darkoperator.com has released his next post on the metasploit pentest plugin he created for people like me! keep up the good work.. http://www.darkoperator.com/blog/2012/1/29/metasploit-pentest-plugin-part-2.html you can find the original part 1 with...

I ended up having to use the smb/upload_file module on a pentest. I was able to get the local admin hashes but for some reason the psexec module wouldn’t get code execution, it would act like it would work but wasn’t. So we decided to push...

Great post here on just how easy it is for paypass cards to be read and forged… a great read. http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/

Pedro Joaquin, Chief Security Officer of Websec, has released a tool to facilitate penetration testers with the exploitation of vulnerabilities in embedded devices. This tool is Routerpwn and can be found at www.routerpwn.com Routerpwn is a web application...

At the beginning of the last year, Dmitry EvTeev Ha raised the issue of post-exploitation in a Microsoft Active Directory domain. The brought forward approach addressed the variant aimed mostly at the case of the loss of admin privileges rather than their...

Great howto on SQL backdooring, WordPress & PHBB3 Examples here: http://www.blackhatacademy.org/security101/SQL_Backdoors worth the read