• Subscribe to the low volume list for updates.

Blog

Recon-NG Tutorial

The interactive console provides a number of helpful features such as command completion and contextual help. Recon-ng Installation Often used with the Kali Linux penetration testing distribution, installing within Kali is a simple matter of apt-get install recon-ng. For those wanting to the very latest code on Ubuntu the process is nearly as simple. Make […]
Read More

Internet Wide Scanning – Remote access granted

In the beginning there were Google Dorks, by using specific Google search queries it is still possible to find thousands of unsecured remotely accessible security cameras and printers. Now with search engines such as Shodan.io and Censys.io finding open devices on the Internet has gone to the next level. Google dorks work because Google happened […]
Read More

15 Essential Open Source Security Tools

There are thousands of open source security tools with both defensive and offensive security capabilities. The following are 10 15* essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and […]
Read More

100K WordPress Powered Sites

Analysis of the 100K Top WordPress Sites provides us with insight into the technology and the security posture of these Internet properties. While WordPress Powered sites number in the millions around the world, the focus here are sites that have significant Internet traffic. Web Servers of the Top WordPress Powered Sites These statistics are based […]
Read More

OpenVAS 9 install on Ubuntu 16.04

If you are installing OpenVAS into an Ubuntu virtual machine I suggest adding as much CPU as you can as this will speed up your scan times. A suggested minimum is 8GB of RAM and 4 cores. An interesting new feature mentioned in the latest release is the development towards build a distributed system for […]
Read More

16 Offensive Security Tools for SysAdmins

Offensive security tools are used by security professionals for testing and demonstrating security weakness. Systems Administrators and other IT professionals will benefit from having an understanding of at least the capabilities of these tools. Benefits include preparing systems to defend against these types of attacks and being able to identify the attacks in the case […]
Read More

Enable OSSEC Active Response

Many OSSEC users start of running with active response disabled to ensure that the OSSEC agent does not affect the server especially when running in a live production environment. Once you have an understanding of the number of alerts and types of alerts you are seeing, it is a good idea to enable active response. […]
Read More

Proxy your Phone to Burp

In this guide we configure Burp Suite to proxy all the traffic from your phone, tablet or other wifi device. As a bonus you will also have full access to all the WIFI packets for consumption by Wireshark or your traffic analysis tool of choice.  Use this traffic analysis technique to hunt bug bounties in […]
Read More

Exploring the Hacker Tools of Mr Robot

The debut season of Mr Robot has received a nod from the security focused twitters for its attempts at trying to keep things for the most part realistic. In the episodes so far we have seen hacker types communicating using IRC, there are Linux boxes as far as the eye can see and the main […]
Read More

Quietly Mapping the Network Attack Surface

When assessing the network security of an organization it is important to understand the breadth of the attack surface. A single forgotten host or web application in the network will often become the initial foothold for an attacker. Passively Mapping the Network Attack Surface Using open source intelligence (OSINT) techniques and tools it is possible […]
Read More