Ben Akrin has released a new IPv6 discovery tool that looks promising. Available from here: ipv6_surface_analyzer_1.0.tar.gz Purpose With more devices coming IPv6 ready out of the box, a shadow network is emerging that nobody is paying attention to. There’s...

One of the common techniques I generally use during a penetration test is often referred to as pivoting or leap frogging. Essentially, when you compromise one machine, the information on the single server often yields a second or multiple compromises...

Back to the future ? What do I mean with back to the future ? What has Windows to do with the Famous Hollywood movie name ? For the ones who is “old” enough or have good memory , the new Windows 8 Logo looks like the first Windows 1.0 logo...

My “What is Windows Intune” Article is published in Microsoft Learning's official blog. I am happy to be in BTL ( Born To Learn) and I am looking forward to see you all in the forms. http://borntolearn.mslearn.net/ To read my article in...

Thank you very much for attending the seminar @ Westpac Bank, 60 Martin Place Sydney. We had a full room of Security Guru’s (attendees) , and as we run out of seats no one went away and they took notes of my presentation on how can they “...

The new version of set 3.0 is finally out! https://www.secmaniac.com/blog/2012/02/20/the-social-engineer-toolkit-set-3-0-wethrowbaseballs-has-been-released/ It is awesome to see we now have windows support, can’t wait to get cracking with it! new...

Are you still not sure what Windows Intune is ? Here is a easy way for you to understand Windows Intune. Questions and answers based on Pictures 1) What is Windows Intune ? The Windows Intune is cloud service helps you centrally manage and secure your...

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal pentests when you want to quickly check for unauthorised...

The scenario for this post is that you’re connected to the local LAN of the systems you’re pentesting – possibly in a DMZ or multi-tiered architecture. If you’re on an externally-facing LAN, you may find that there aren’t...

awesome post by Tim Tomes on paul.dot that I will definately be adding to my arsenal, see below: Ever have that moment where hashes just aren’t good enough? Where you don’t have time or power to brute force a 15 character NTLM password? Well...

Great post form shipcode here http://blog.rootcon.org/2012/02/10-pentesting-linux-distributions-you.html about the different pentesting distro’s out there.

As a pentester I frequently find time is my biggest enemy for assessments, I am always running out of it, and if you don’t have a multi GPU password cracking machine like I have Cloudcracker.com may be your answer. https://www.cloudcracker.com A...

As the release date comes closer more and more rumour's are hitting the blogs how Windows 8 is going to look like, and how its going to work. After the Developer Preview, Microsoft will release Windows 8 this time a “Consumer Preview”...

Below is a news article from CNET about Nortel. The article reminded me the a book “The Most Dangerous Man in the World: The Explosive True Story of Julian Assange and the Lies, Cover-ups and Conspiracies He Exposed “ ( Amazon ) This book...

Virus Alert, by Microsoft Security Essentials, I am not really sure what is going on. One of the End Users in the office called me and asked for Help. Every time he goes to “Google” , his security essentials was warning him, “Potential...

In case you didn’t already know, cisco have some fantastic Security Design Guides for the different solutions that you can implement, basically security BP’s for different network devices/layouts/designs. They have sample router/asa config’s...

Hi Everyone, I will be delivering a new presentation called ‘Security & real world threats’ at a Kiandra IT breakfast event on Wednesday 7th March. Detail below… If you are interested in attending, please drop me an email at securityservices...

For several years, companies and consultants pushed very heavily on enhancing perimeter security through the use of firewalls and other network defense technologies intended to prevent unwanted traffic from entering the network. While this hardened outer...

Although conferences, news articles, and everyday conversations make attacks on large organizations seem so simple, it may be hard to believe that these things work. The goal of this series of blog posts is to demonstrate the closest thing to getting...

Are your PC’s still infected with the trojan, which effected many of the Fortune 500 companies? Are you still not sure if you are affected or not? What is this DNSChanger Malware??? This article is all about this, never say I wont get effected ...

You can find them here http://www.shmoocon.org/presentations to make your lives easier, I have compiled the list of them all for you just save the below into a text file, and in linux use wget –i and point it to the file… too easy! http:...

The latest version of THC-Hydra came out a few days, if you haven’t already tried Hydra, you don’t know what you are missing. Hydra is my choice hands down when it comes to a lot of the password cracking I do, in particular web based forms...

We should start to see all the stats for 2011 come out soon, here is the first major one for the year… http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx

AISA Sydney Branch Meeting: Information security and the human element, or is that ailment? Date: Tuesday 21 February 2012 8:00-10:00 AM Time: 8:00am for prompt 8:15am start of presentation, 10:00am expected close. Venue: Westpac, 60 Martin Place, Plaza...

Long Live IE! IE9 has again proved to be the most secure web browser.. see the post here , see below…. IE 9 proves 96-plus percent effective in blocking malware, while Chrome, Firefox, and Safari all lag Internet Explorer 9 should be the go-to...