Does Ubuntu need anti-virus? This is a question posed by many of the legions of new users who try out Ubuntu Linux everyday. New users dive into Linux booting up the massively popular Ubuntu Linux. Now for a quick background check; Ubuntu is stable, easy to use and a rock solid desktop. I have been [...]
Security Testing WordPress
A couple of wordpress security assessment tools have popped up over the past couple of months, this has to be a good thing with the number of WordPress installations sky-rocketing. First of course there is the HackerTarget.com scan, externally facing and coming in at a fairly high level. The system downloads some of your pages, [...]
Backdoor Corporate Networks with Metasploit
HD Moore recently announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. Let’s first look at a common locked down Corporate Network. Then we will show how [...]
Hydra 6.4 Password Brute Forcer
The latest version of Hydra has been released with some bug fixes. Problems noted in my post comparing hydra with ncrack and medusa have been addressed and after testing I can confirm these issues are no longer present. CHANGELOG for 6.4 ================= * Update SIP module to extract and use external IP addr return from [...]
w3af web application security testing framework stable released
The latest version of w3af has been released and its a “stable” 1.0 release. To fire it up on Ubuntu only a couple of steps are required: Download the latest version from here: http://sourceforge.net/projects/w3af/files/ sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny [...]
New WordPress Version Released 3.1.3
Hot on the heels of the release of our new WordPress Security Scanner is a new update to wordpress. The release includes multiple security fixes and hardening. Update your installations now. Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props [...]
Brute Forcing Passwords with ncrack, hydra and medusa
Lets test some password breaking tools. Password’s are often the weakest link in any system. Testing for weak passwords is an important part of security assessments. I am focusing on tools that allow remote service brute forcing. There are also powerful tools available for cracking encrypted password hashes on a local system. The three tools [...]


