WordPress Scanner is the latest tool added to our kit. It can be used to test the security of your wordpress installation from an external perspective. No plugin installation is required, our systems will do an external passive analysis of your wordpress installation and highlight wordpress security issues along with recommendations to improve the security [...]
Archive by Author
Brute Forcing Passwords with ncrack, hydra and medusa
Lets test some password breaking tools. Password’s are often the weakest link in any system. Testing for weak passwords is an important part of security assessments. I am focusing on tools that allow remote service brute forcing. There are also powerful tools available for cracking encrypted password hashes on a local system. The three tools [...]
New OpenVas Report Option
OpenVas is one the most popular tools we have online, and is an excellent way to perform a thorough vulnerability scan of a system to determine if there are any security issues or holes present. We have in the past couple of weeks added a new “Enhaned PDF” reporting option to our scanner, that is [...]
Web Tech 2011 – Part 2
google.load(“visualization”, “1″, {packages:["corechart"]}); google.setOnLoadCallback(drawChart); function drawChart() { var data = new google.visualization.DataTable(); data.addColumn(‘string’, ‘Type’); data.addColumn(‘number’, ‘Top 1 million’); data.addColumn(‘number’, ‘Netcraft’); data.addColumn(‘number’, ‘Fortune 1K’); data.addRows([ ['Apache', 66.3, 60.1, 28.5], ['IIS', 17.3, 20.0, 55.1], ['nginx', 7.5, 7.6, 0.5], ['Google', 3.0, 5.1, 0.1], ['LiteSpeed', 1.1, 0, 0], ['lighttpd', 0.5, 0.7, 0.1], ['IBM HTTP', 0.3, 0, 7.7], ]); var [...]
Web Tech 2011 Report
The HackerTarget.com Web Tech 2011 Report has just been released. This is the first edition of the report and aims to provide insight into the web technologies in use by the worlds most popular websites. Based on the Alexa top 1 million sites; content management system popularity, web servers, server side scripting, web development frameworks, [...]
Wireshark Tutorial and Cheat Sheet
A powerful tool in any security practitioners toolkit is WireShark. Having a basic understanding of wireshark usage and filters can be a time saver when you are wanting to quickly look at some “interesting” data on the wires (or wifis). Hopefully this short wireshark tutorial and cheatsheet will help you get started. Before we get [...]
psad – Port Scan Detection in Ubuntu Linux
Being quite familiar with nmap and other port scan programs, I hadn’t really played around with many port scan detection programs on the Linux Operating System. I recommend and run ossec.net as an excellent host based intrusion detection program on all my linux machines, however this does not have a native port scan detection capability. [...]
OSSEC on NGINX and Ubuntu 10.04 LTS
As mentioned in previous posts my web server has moved to a Nginx environment. Being a fan of the ossec host based intrusion detection software (hids) of course I had to add it the new host. Installed as usual. Then it was merely a matter of adding the log files (access.log and error.log) from my [...]
Membership Benefits
Port scanning is one of the most common reconnaissance techniques used by testers to discover the vulnerabilities in the services listening at well-known ports.
Knowledge is Power
. 
