HackingTheUniverse

You are browsing the archives of penetration testing.

SEE ALSO: CCDC Nationals 2010 (part1) CCDC Nationals 2010 (part2) CCDC Nationals 2010 (part3) Here are some tips and thoughts on preparing a blue team defense in the CCDC: PREPARATION Know yourself – Know what your skills and limitations are, know who is good at what, know who wants to do what, know what your […]

SEE ALSO: CCDC Nationals 2010 (part1) CCDC Nationals 2010 (part2) Sunday morning found Team 7 hard at word trying to finish up the competition: Finally, they polished off the last few injects: After breaking down the network equipment, all the teams headed to the awards ceremony, where Dave Cowen, captain of the Red Team, delivered […]

SEE ALSO: CCDC Nationals 2010 (part 1) [see this post for the introduction to CCDC Nationals 2010] On Saturday morning, all the teams gathered again to hear an update briefing from Dwayne: The scoring engine was hard at work keeping track of everything: And the Alamo Cup was waiting for a new winner to be […]

The Collegiate Cyber Defense Competition (CCDC) is a national competition for college students designed to promote learning about cyber defense. Each year regional competitions across the nation act as preliminary rounds and then send the regional winners to a national competition in San Antonio. Each college team is required to defend an identical network from […]

The Metasploit Framework is a framework that enables penetration testing by combining modular packages of exploit code, payloads and tools such as Meterpreter that allow the tester to maintain access, collect information on the target system and execute pivot attacks against other systems. This script helps the tester by maintaining backdoor access. Meterpreter Persistence – […]

Penetration testing efforts don’t always get launched from a room full of computers with a crew busily working on them. Like wireless wardriving, it can go mobile. Here are two devices that can help put your pen-testers in motion and right in the thick of the action, even inside the physical perimeter. One scenario that […]

The Mid-Atlantic CCDC (Collegiate Cyber Defense Competition) for 2009 is over and the University of Pittsburgh team is the winner and will represent the Mid-Atlantic region in the national finals in San Antonio, TX in April. Systems for the college teams (blue teams) were upated this year to include more robust active directory services and […]

Cyber attack and defense gaming environments are becoming more commonplace as the realization grows that there is a serious need for training and skills development in this area and skills that go beyond abstract “book learning” and need hands-on lab time. Virtual environments makes this easier to accomplish. What is a Cyber Exercise? – [sans.org] […]

Shmoocon.org Before Shmoocon: I absolutely hate the Shmoocon ticketing process! Every year, I have to wait with great anticipation for the magical ticketing hour and then bang like crazy on my keyboard and mouse to try to get a ticket and then wallow in anxiety for a while, not knowing if anything went through and […]

dradis is an information sharing tool for penetration testing teams. It runs on linux and Windows (a Mac version is coming soon) and requires Ruby, Rake, RubyGemes, and SQLite3. Any penetration testing team will eventually have to figure out the best way to share information across the team during the test. As the team grows […]