Month: June 2013

Professionally Evil Toolkit – Sqlmap

In this series of the Professionally Evil Toolkit we will be talking about sqlmap. Sqlmap is an open source penetration testing tool that is written in python. Sqlmap automates the process of detecting/exploiting SQL injection flaws and taking over of database servers.  As you might know, SQL injection is ranked number one on the OWASP …

Professionally Evil Toolkit – Sqlmap Read More »

Getting Started with BeEF: The Browser Exploitation Framework

This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post.  BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar …

Getting Started with BeEF: The Browser Exploitation Framework Read More »

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS

This post picks up on my last about creating and authorizing an internal certificate authority.  We are going to shift gears a bit and start looking at how to use this newfound infrastructure.  There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows.  However, there are …

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS Read More »

Your Passwords Were Stolen: What’s Your Plan?

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

Your Passwords Were Stolen: What’s Your Plan? Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

Scroll to Top