Archive for Penetration

You are browsing the archives of Penetration.

APT (more)

A new paper that discussed Advanced Persistent Threat (APT) has been released by Mandiant and has sparked new interest in the topic. excerpt from the original post on APT APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent […]

Mossad Hack

German magazine Der Spiegel describes how a computer hack by the Israeli foreign intelligence agency, the Mossad, enabled Israel to identify and eventually destroy a Syrian nuclear installation. How Israel Destroyed Syria’s Al Kibar Nuclear Reactor – [spiegel.de] In late 2006, Israeli military intelligence decided to ask the British for their opinion. But almost at […]

Malware Evolution

This thoroughly researched paper by Dave Dittrich at the University of Washington, reflects on how malware and cyber criminals have evolved their techniques and activites over recent years. Hybrid combinations of penetration methods make it more difficult to defend against the malware and good use of social engineering increases the success percentage. Nugache in fact […]

SANS Cyber Risk List

For many years, the top worry of defensive security specialists has been focused on closing/patching holes/vulnerabilities in the operating systems at the perimeter of the information system. This excellent report published by SANS suggests that the attackers are re-focusing their efforts on client side software and web applications that remain more vulnerable. Client applications that […]

Cyber Challenge

DOD, SANS, CSIS, several universities and other partner organizations are collaborating to find students with cyber abilities and train them to become future cyber warriors. Pentagon Seeks High School Hackers – [forbes.com] The so-called Cyber Challenge, which will be officially announced later this month, will create three new national competitions for high school and college […]

Advanced Persistent Threat

APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent in their efforts. They tend to use sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good situational awareness by evaluating defenders responses and escalating their […]

Hack by Numbers

Some fast food restaurants use cash register keyboards with symbolic diagrams of different food products on them to make it easier to train new staff. The US military is also moving in that direction, trying to take a field that is complex and often accomplished at a highly intuitive level by self-trained individuals and move […]

Zer0 Vee Attack

In what may be the first publicly recorded hack of a zero-day flaw in virtualization software, attackers have wiped out data from over 100,000 web sites hosted by VAServ in the UK. Webhost hack wipes out data for 100,000 sites – [theregister.co.uk] Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening […]

Cold Boot Attack

Cold boot attacks involve a cold reboot of a computer into an environment designed to retrieve information from memory even after the ram chips have not been refreshed by current for several minutes. It seems that ram chips hold memory content much longer than the specifications call for. If a computer system is not gracefully […]

ophcrack

Ophcrack is a free and open source tool that can be used either within an existing OS (linux, Windows, OS X) environment or as a live-CD that boots its own version of linux. Either way, it has the ability to retrieve Windows password hashes and crack both LM and NT versions using a set of […]