Keeping Cyber Security Simple
In a recent PCI DSS Compliance Report, I had an HTTP Header Internal IP Disclosure Vulnerability; which, I have dealt with before on a vanilla 2016 Exchange server but have really struggled to find any up to date information on this Vulnerability and the best way to fix it… I use the term vulnerability very loosely in this tutorial as its what is stated in the PCI Compliance Report. Having only the internal IP…
In this tutorial, I will show you how to do a password audit of a Windows Domain Controller by extracting the NTLM password hashes from the Ntds.dit file; In order to crack the hashes with Hashcat and see their clear text value The Ntds.dit is a database that stores Active Directory data, which includes all the password hashes for all the users of the domain. To be able to retrieve the NTLM password hashes, we…
My, Top 10 list of security YouTube Channels is not based on subscribers, or the amount of content they produce but my own personal views. Based mainly on how relevant I have found their content; coupled with, the direction they have been taking there channel. When I was doing the research for this list, I found all of the top links in Google stated, lots of vender specific channels like McAfee, Sophos or Kaspersky…
In this tutorial, I will show you how to beat the Low, Medium and Hard levels of the brute force challenge within DVWA (Dame Vulnerable Web App). If you want to follow along and have not yet got DVWA setup, take a look at this tutorial on Setting up a Vulnerable LAMP Server. This will run you through setting up a vulnerable virtual machine and installing DVWA. I have used this as bases for all…
A few weeks ago I saw a Post over at hackforums.net that stated Bypassing Machine Learning tools and behavioural analysis. Intrigued by this I took a look only to find that it was someone promoting their new book How To Hack Like a Legend, after a few minutes it dawned on me that this was Sparc FLOW the same author of books like How To Hack Like a PornStar and How To Investigate Like a…
In this tutorial, I will show you how to capture and then crack WPA/WPA2 Wireless passwords. This I hope will be part of a new series of tutorials dedicated to hacking wireless networks. The weakness in WPA/WPA2 wireless passwords is that the encrypted password is shared in what is known as a 4-way handshake. When a client authenticates to an access point the client and the access point go through a 4 step process…
Once you have compromised a system with Meterpreter, your next goal is to learn more about your target environment. To accomplish this goal we can do all our scanning and port forwarding through our Meterpreter session and use our compromised system to pivot through the network. Find The IP Address First, we need to find out what IP address our compromised system has. Run Ipconfig from within the meterpreter session, this will list all…
Python can run a simple HTTP server, using a built-in module called SimpleHTTPServer this provides standard GET and HEAD request handlers. The great thing about this is that you do not have to configure anything, you only have to have Python installed. This is perfect to use when you need a quick web server and don’t want to mess with setting up apache. You can use this to turn any directory on your system…
The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. Hacker’s Wet Dream Imagine being sent back in time, lets say to…
The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. INTRODUCTION I received a lot of positive feedback from the first story,…
