HackingTheUniverse

You are browsing the archives of Penetration.

DOD, SANS, CSIS, several universities and other partner organizations are collaborating to find students with cyber abilities and train them to become future cyber warriors. Pentagon Seeks High School Hackers – [forbes.com] The so-called Cyber Challenge, which will be officially announced later this month, will create three new national competitions for high school and college [...]

APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent in their efforts. They tend to use sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good situational awareness by evaluating defenders responses and escalating their [...]

Some fast food restaurants use cash register keyboards with symbolic diagrams of different food products on them to make it easier to train new staff. The US military is also moving in that direction, trying to take a field that is complex and often accomplished at a highly intuitive level by self-trained individuals and move [...]

In what may be the first publicly recorded hack of a zero-day flaw in virtualization software, attackers have wiped out data from over 100,000 web sites hosted by VAServ in the UK. Webhost hack wipes out data for 100,000 sites – [theregister.co.uk] Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening [...]

Cold boot attacks involve a cold reboot of a computer into an environment designed to retrieve information from memory even after the ram chips have not been refreshed by current for several minutes. It seems that ram chips hold memory content much longer than the specifications call for. If a computer system is not gracefully [...]

Ophcrack is a free and open source tool that can be used either within an existing OS (linux, Windows, OS X) environment or as a live-CD that boots its own version of linux. Either way, it has the ability to retrieve Windows password hashes and crack both LM and NT versions using a set of [...]

Core Impact is a professional penetration testing framework tool that can operate in both automated and manual modes. It is very expensive, but sets the standard to measure other tools against. It comes with a constantly updated and state of the art collection of exploit code. Core can either perform its own reconnaissance or can [...]

John the ripper is a password hash cracking tool that is available free for both unix/linux and Windows platforms. It autodetects the type of hash and by default uses a hybrid approach of dictionary and brute force attacks to attempt to crack the hash as quickly and efficiently as possible. It can use a wide [...]

Backtrack is live CD (bootable) that is a compilation of network security tools. Based on SLAX, Backtrack 3 currently has over 300 tools. Backtrack is available from remote-exploit.org Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a [...]

Metasploit is an exploitation framework. That means it offers a framework from which to launch exploit code that can be used for the penetration of computer systems. It has a large list of exploits and a variety of payloads to be delivered by the exploit. The Metasploit Project The Metasploit Framework What is it? The [...]