In order to learn web app exploitation safely (and legally), it is useful to have practice applications to run on your local environment. Damn Vulnerable Web Application (DVWA) was created for just this purpose. DVWA contains many common web vulnerabilities such as SQL injection, XSS, and more that allow you Read more…
So, you have decided to install a pentesting distro to enjoy functionality that would be unavailable on a live usb. The very first question that needs to be asked is “How do I keep myself secure?” In addition to some of the more obvious features of most pentesting distributions, such as full disk encryption, macchanger and anonsurf there are some lesser known ways in which to ensure your Operational Security. In 5 easy steps we will seek to automate some of the tediousness of making sure your make sure your box is secure. (more…)
The Cuckoo Sandbox is an automated malware analysis sandbox where malware can be safely run to study its behavior. The benefits of setting up a Cuckoo Sandbox is immense. Having a private and an open source malware sandbox means that you can run any suspicious file without worrying about sensitive data being leaked to a public forum such as VirusTotal. Plus, this malware sandbox can be tailored toward your business security needs and tools. This guide will provide you with a basic installed and configured Cuckoo Sandbox to begin dynamically analyzing malware in a safe environment. (more…)
Sorry Mac users, you’re not as secure as you’ve been lead to believe. Granted, Linux being insecure has always been the case and isn’t a recent development.
The fruitfly malware has been in operation for 13 years and was created by a man from Ohio, and the creator and distributor, Phillip Durachinsky, faces a 16 count indictment. (more…)
There are two new vulnerabilities called Meltdown and Spectre with the latter affecting nearly every device in the world. That’s billions of devices.
Meltdown and Spectre have been known vulnerabilities for quite some time, but research teams had been under embargo. Details began to trickle out yesterday, and as a result of that trickle, there was a lot of speculation that led to many inaccurate assumptions about the full extent of the vulnerabilities and who and what was affected.