Month: June 2013

Getting Started with BeEF: The Browser Exploitation Framework

This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post.  BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar …

Getting Started with BeEF: The Browser Exploitation FrameworkRead More »

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS

This post picks up on my last about creating and authorizing an internal certificate authority.  We are going to shift gears a bit and start looking at how to use this newfound infrastructure.  There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows.  However, there are …

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPSRead More »

Your Passwords Were Stolen: What’s Your Plan?

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

Your Passwords Were Stolen: What’s Your Plan?Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate AuthorityRead More »