HackingTheUniverse

You are browsing the archives of Tools.

The new second edition update to “Hacking Exposed – Wireless” has a companion web site that includes several extended versions of chapters. Hacking Exposed Wireless 2nd Edition – [hackingexposedwireless.com] Online Chapters Wireless is a very complex topic, and some may want to dig even further into the WiFi and Bluetooth specifications while learning more about [...]

Hacking Wireless Keyboards With Keykeriki – [securitytube.net] KeyKeriki is a hardware + software tool released by Remote Exploit to exploit wireless keyboards. You can download the theory slides from here. The details about the software and hardware requirements is available on their website. According to them: “Now 1.5 years after releasing our whitepaper “27Mhz Wireless [...]

Assessment – the process of testing the effectiveness of security controls to discover the level of protection they offer and any weaknesses. Assessment and Authorization – formerly known as C&A. The combination of the Assessment process and the Authorization process that together allow an information system to operate as safely as possible. SEE ALSO: Assessment, [...]

Brian Krebs leads the field in reporting on bank ATM machine skimmers that collect banking credentials from ATM customers and relay them to cyber thieves. This is another outstanding article by Krebs that exposes a little piece of the world of cyber-crime. Why GSM-Based ATM Skimmers Rule Earlier this year, KrebsOnSecurity featured a post highlighting [...]

All About Plugbot – [theplugbot.com] PlugBot is a hardware bot. It’s a covert penetration testing device designed for use during physical penetration tests. PlugBot is a tiny computer that looks like a power adapter; this small size allows it to go physically undetected all the while powerful enough to scan, collect and deliver test results [...]

A Botnet is a collection of many computers that have been compromised by an attacker and are being used surreptitiously for some purpose usually related to cybercrime. Botnet Methodology: Compromising Systems Email with infected attachment or link to infection site Website with infected code Other protocols: IM, IRC, FTP, P2P, twitter, and more… Controlling the [...]

Metasploit recently released version 3.4.0 of the Framework with many improvements and new exploits and a new commercial product, Metasploit Express. Today, they followed that up with a VM image that can be used as an exploitable practice target. Introducing Metasploitable – [metasploit.com] Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. [...]

Here’s a roundup of recent metasploit techniques: Nessus Scanning through a Metasploit Meterpreter Session – [pauldotcom.com] Scenario: You are doing a penetration test. The client’s internet face is locked down pretty well. No services are exposed externally and only HTTP/HTTPS are allowed OUT of the corporate firewall. You email in a carefully crafted email with [...]

Nmap, the free, open source utility that has become a basic tool for many network security professionals, has released a new version. Nmap 5.20 Released – [nmap.org] Happy new year, everyone. I’m happy to announce Nmap 5.20–our first stable Nmap release since 5.00 last July! It offers more than 150 significant improvements, including: o 30+ [...]

The Metasploit Framework is a framework that enables penetration testing by combining modular packages of exploit code, payloads and tools such as Meterpreter that allow the tester to maintain access, collect information on the target system and execute pivot attacks against other systems. This script helps the tester by maintaining backdoor access. Meterpreter Persistence – [...]