Hakin9 Exploiting Software September Issue is out!

Another excellent issue of Hakin9 Exploiting Software is here!

Check out these exciting articles:

Windows 8 Security in Action
By Daniel Dieterle

In this issue I wrote the article “Windows 8 Security in Action” which gives a short look at the new Windows 8 look for those who haven’t seen it yet and then delve into its updated security features and lingering security issues from previous versions of Windows:

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

Raspberry Pi Hacking
By Jeremiah Brott

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – says the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Malware, Botnet and cyber threats, what is happening to the cyberspace?
By Pierluigi Paganini

The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.

Live Capture Procedures
By Craig Wright

Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.

  • SQL Injection By Wong Chon Kit
  • Network Pen Testing Breaking the Corporate Network through Hackers Perspective By Amar Wakharkar
  • Intel SMEP overview and bypass on Windows 8 By Artem Shikhin
  • Android Application Assessment By Nilesh Kumar

Check it out!

Advertisements

Hakin9 Exploiting Software July 2012 Issue is out!

Pentesting with Android – new Exploiting Software Hakin9 issue is out!

Are you curious how to turn your Wi-Fi smart phone or tablet into a pentesting tool? Check out the new issue of Exploiting Software Hakin9!

WHAT’S IN THIS ISSUE?

•    Searching For Exploits, SCAPY Fuzzing
•    Weak Wi-Fi Security, Evil Hotspots & Pentesting with Android
•    An In-Depth Analysis on Targeted Attacks
•    Automated security audit of a web application
•    Reverse Engineer Obfuscated
•    Cross Site Scripting(XSS)
•    Implementing Rsylog to forward log messages
•    They Are Offline But I Exploited Them

 

Weak Wi-Fi Security, Evil Hotspots and Pentesting with Android
By Dan Dieterle

Wireless networks and mobile Wi-Fi devices have saturated both the home front and business arena. The threats against Wi-Fi networks have been known for years, and though some effort has been made to lock down wireless networks, many are still wide open. In this article we will look at a few common Wi-Fi security misconceptions. We will also see how a penetration tester (or unfortunately, hackers) could set up a fake Access Point (AP) using a simple wireless card and redirect network users, capture authentication credentials and possibly gain full remote access to the client.

Finally we will look at the latest app for Android that allows you to turn your Wi-Fi smart phone or tablet into a pentesting tool. With it you can scan your network for open ports, check for vulnerabilities, perform exploits, Man-in-the-Middle (MitM) attacks and even sniff network traffic on both your Wi-Fi network and wired LAN.

Searching For Exploits, SCAPY Fuzzing
By Craig Wright

SCAPY is a series of python based scripts that are designed for network level packet manipulation. With it, we can sniff network traffic, interactively manipulate it, and fuzz services. More, SCAPY decodes the packets that it receives without interpreting them. The article is going into some of the fundamentals that you will need in order to understand the shellcode and exploit creation process, how to use Python as a launch platform for your shellcode and what the various system components are.

And much more…

For additional article information click here or…

Hakin9: Computer Security Testing with the Social Engineering Toolkit

The February issue of the Hakin9 Exploiting Software magazine is out!

Included in this issue is an article I wrote on the Social Engineering Toolkit (SET):

Using the Social Engineering Toolkit to Test Network Security

Hackers using Social Engineering attacks are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions.

Social engineers are Hackers that focus in on using personal information mixed with human reactions, emotions or fear to trick you into opening an infected file or visiting a malicious website. Social engineering attacks are one of the top techniques used against networks today.

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses most anti-viruses, firewalls and many intrusion detection systems?

Daniel will explain some of the techniques used by attackers and he will show you how they could get full control of your computer and most importantly, how to stop them.

Also in this issue is:

  • Beyond Automated Tools and Frameworks: the shellcode injection process
  • Tabnapping Attack: Hijacking Browser Tabs
  • The Power Of Exploitation Tools
  • Hardening of Java Applications against AOP exploits
  • Enterprise Vulnerability Management

I really enjoyed Craig Wright’s article, “Beyond Automated Tools and Frameworks: the shellcode injection process“. This is a series of articles that delves into creating your own shellcodes and exploits.

Hakin9 Exploiting Software February 2012 – Check it out!