How to Connect to Backtrack 5 from your Windows System

Have you ever been watching one of Vivek’s amazing tutorials on Security Tube (Very recommended by the way ūüôā ) and wondered how in the world he is accessing his Backtrack Linux system from a Windows box?

Welcome to the wonderful world of Putty and SSH (Secure Shell). SSH is a secure network protocol that you can use to connect to your Linux box remotely. Putty is a slick little Windows based client that lets you SSH into you Linux system and operate it just like you are sitting in front of it. Think of it as Remote Desktop for Linux.

All you need is Backtrack 5 – even works great in a Virtual Machine, your Windows system and Putty. This will give you the ability to use a remote Linux text terminal. If you want to use X (Graphical) programs, then you will need an x based server for Windows, “Xming” works great.

There is some minor setup on Backtrack’s side and some settings you need to set in Putty to make it all work right. 2Neon has created a great video (see above – set it to 720 HD for clarity) and an instructional write up on his blog. The video is nice, because it also shows how to install File Zilla to transfer files back and forth between your Windows and Backtrack system.

Check it out!

Infosec Island offers chance to win ISO 27001 & BS 25999 Training

Great opportunity today from our friends over at Infosec Island. Win an ISO 27001 & BS 25999 Annual Membership for Online Trainings from IS&BCA!

Check this out:

Quantity: Two Drawing Winners
Value: (US)$975.00 each
Description: Annual Membership for live online trainings includes:

  • Registration for 1 attendee for an unlimited number of trainings during a 1 year period
  • Unlimited access to all webinar recordings
  • Download of presentation decks for each training
  • 1 year access to E-learning tutorials
  • 30 minutes of private consultation with the trainer for each training
  • Documentation templates for each training
  • Each training contains workshops on how to fill in the documentation
  • Certificate of Completion for each training

For a chance to win one of the¬†prizes, all you need to do is sign up as a member¬†of¬†Infosec¬†Island,¬†complete¬†an account profile, and¬†upload a profile picture. It’s free, quick and pain-free.

And you will become part of a great community of fellow infosec comrades, including me!

Check out Infosec Island today for more information.

Upcoming Computer Security Seminars for 1/25/11

A couple interesting sounding computer security webinars are being presented today (Information from presenters sites):

Top Tips for Defending Against Database Threats in 2011
Please join us for our annual 2011 Database Security Top Threats and Tips webinar and learn more about the current threat climate and top tips for protecting sensitive information in the database.
2:00 pm Р3:00 pm EST By Application Security. 
Get the latest tips and trends to:


  • Defend against the latest cyber espionage methods including both insider and outsider attacks
  • Effectively manage separation of duties
  • Patch documented vulnerabilities
  • Protect against the latest SQL injections
  • Defend against social engineering attacks
  • Manage database security in the cloud
  • Protect against database rootkits and infection kits

Windows 7 Migrations and PC Lockdown with Privilege Management
Date: Tuesday, January 25, 2011 at 2PM EST
Speaker: Greg Shields, MVP and Windows Platform Expert, Concentrated Technology 

With the Windows XP sunset date fast approaching, plans for Windows 7 migrations are in full swing, prompting most organizations to also re-assess their approach to PC lockdown. With the advanced privilege management capabilities, enterprises have an alternative to the ‚Äúall or nothing‚ÄĚ approach to least privileges ‚Äď because an ‚Äúall or nothing‚ÄĚ methodology prohibits organizations from meeting compliance, security and desktop operations goals. To ensure compliance enforcement, you‚Äôll also need to consider compliance validation reporting and privileged account activity auditing.

Other Upcoming Security Seminars:

Data Security Simplified: Reducing Risk, Costs and PCI Scope with E3‚ĄĘ End-to-End Encryption

Upcoming Webcasts:

January 27, 2011:
Analyst Webcast: A Real-Time Approach to Continuous Monitoring
Sponsored By: NetWitness, Splunk

January 28, 2011:
              Ninja Developers: Penetration Testing and Your SDLC

January 31, 2011:
              From Exposure to Closure РThe life and times of an exploitable Vulnerability An Industrial Control Systems View 

February 01, 2011:
Analyst Webcast: Remote Administration and Security Compliance
Sponsored By: Netop
February 02, 2011:
Tool Talk: Pre-flight Checklists & Seatbelts for Your Applications Trip to the Cloud
Sponsored By: Veracode
February 03, 2011:
Improve firewall security odds: Prevent misconfigurations and compliance concerns by automating firewall audits.
Sponsored By: Skybox Security, Inc.
February 09, 2011:
Internet Storm Center Threat UpdateISC Webcast
Sponsored By:
February 11, 2011:
Proactive Compliance for PCI-DSS
Sponsored By: NitroSecurity

February 24, 2011:
             Continuous Monitoring: NOT Harder Than It Looks
             Sponsored By: Tripwire, Inc.

Persistent Cross-Site Scripting (XSS) Demo

If you ever wanted to know how cross-site scripting works, look no further. The video was created by Aleksander Gorkowienko, a database and application security expert with the company 7safe.

In “Cross-Site Scripting Explained”, Aleksander¬†simulates an¬†XSS attack against a fictitious online financial company.¬†He demonstrates how a hacker could jump from one authenticated user (using a password and a PIN) to another using PHP Session cookies.

In the attack, Aleksander¬†uses¬†the Browser Exploitation Framework (BeEF),¬†JavaScript and the Web Application security testing platform Burp Suite.¬†I haven’t played with BeEF in a while, so it was good to see it in action again.

This demonstrates why it is important to test web applications for vulnerabilities like XSS.  The video is definitely a must see!

For more information, check out Aleksander’s website IT Security Lab.