SMSMS

Security

Penetration testing tool for domain controllers

Smbexec is a tool that you can use for penetration testing domain controllers; the program allows running post exploitation for domain accounts and expanding the access to targeted network. This gives pentesters full access without any privilege requirement.

Latest release includes improvements so it runs faster and there are more options in configuration and a module that support file search. Using smbexec allows easily going through all machines on the network and collecting the necessary information such as the UAC configuration or other system settings beside where the domain administrators’ credentials are in use.

Read more here – http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/

Share

Be the first to comment - What do you think?  Posted by George - April 4, 2014 at 1:00 pm

Categories: Security, Utilities   Tags: , ,

Google’s Project Shield

Project Shield is an initiative launched by Google Ideas to use Google’s own Distributed Denial of Service (DDoS) attack mitigation technology to protect free infrastructure online. The service allows other websites to serve their content through Google’s infrastructure without having to move their hosting location.

Read more here – http://projectshield.withgoogle.com/

Be the first to comment - What do you think?  Posted by George - October 24, 2013 at 12:53 pm

Categories: Security   Tags: , ,

Security Guidelines for Windows 7 and Windows 8

The security guidance published by the UK government’s National Technical Authority for Information Assurance (CESG), is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features. The UK government’s National Technical Authority for Information Assurance (CESG) advises organisations on how to protect their information and information systems against today’s threats.

The Windows 8 Secure Boot process alerts a user when an attempt to subvert the security controls has taken place. It is important that users know how to identify and respond to this alert.

Read more here – https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8/end-user-devices-security-guidance-windows-7-and-windows-8

Be the first to comment - What do you think?  Posted by George - October 15, 2013 at 11:29 am

Categories: Security   Tags: ,

Windows Phone 7 Application Security Survey

A survey by Andy Grant investigated the practices of major app developers with regard to data storage on Windows Phone 7. As more people use mobile devices for sensitive tasks such as, online banking and password storage, the data stored on the device increases in value. With each new mobile platform there are more opportunities for a mobile application developer to store data in an insecure manner.

Read more…

Be the first to comment - What do you think?  Posted by George - September 10, 2013 at 11:49 am

Categories: Security   Tags: , ,

Unveiling an Indian Cyberattack Infrastructure

The report below details a cyber attack infrastructure that appears to be Indian in origin. This infrastructure has been in operation for at least three years, more likely close to four years. The purpose of this framework seems predominantly to be a platform for surveillance against targets of national security interest (such as Pakistan). The report also shows how it has been used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations.

Download the report from here – http://normanshark.com/pdf/Unveiling%20an%20Indian%20Cyberattack%20Infrastructure-23_FINAL_052013.pdf

Be the first to comment - What do you think?  Posted by George - August 13, 2013 at 11:59 am

Categories: Security   Tags: , , ,

Malware Prevention and Handling Guide

This publication provides recommendations for improving an organization’s malware incident prevention measures and handling for Desktops and Laptops. It also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones.

Download the complete guide from here – http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf

Be the first to comment - What do you think?  Posted by George - August 2, 2013 at 12:06 pm

Categories: Security   Tags: , , ,

Using nmap scripts to enhance vulnerability assessment results

There is an alternative to perform vulnerability assessments to SCADA devices less risky and with good result information. You can use nmap scripting engine to add vulnerability scanning functionality.

Read more here – https://isc.sans.edu/diary/Using+nmap+scripts+to+enhance+vulnerability+asessment+results/16090

Be the first to comment - What do you think?  Posted by George - July 10, 2013 at 11:43 am

Categories: Security   Tags: , ,

Next Page »