The February issue of the Hakin9 Exploiting Software magazine is out!
Included in this issue is an article I wrote on the Social Engineering Toolkit (SET):
Using the Social Engineering Toolkit to Test Network Security
Hackers using Social Engineering attacks are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions.
Social engineers are Hackers that focus in on using personal information mixed with human reactions, emotions or fear to trick you into opening an infected file or visiting a malicious website. Social engineering attacks are one of the top techniques used against networks today.
Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses most anti-viruses, firewalls and many intrusion detection systems?
Daniel will explain some of the techniques used by attackers and he will show you how they could get full control of your computer and most importantly, how to stop them.
Also in this issue is:
- Beyond Automated Tools and Frameworks: the shellcode injection process
- Tabnapping Attack: Hijacking Browser Tabs
- The Power Of Exploitation Tools
- Hardening of Java Applications against AOP exploits
- Enterprise Vulnerability Management
I really enjoyed Craig Wright’s article, “Beyond Automated Tools and Frameworks: the shellcode injection process“. This is a series of articles that delves into creating your own shellcodes and exploits.
Hakin9 Exploiting Software February 2012 – Check it out!
Hakin9 is well known in the security circles and is just a great magazine. It is known as “A magazine for IT security professionals by IT security professionals”. It covers some of the latest information on attack and defense tactics that are out there.
For those of you who are not familiar with Hakin9, the Worldwide IT Security magazine started in 2005 and is released 4 times a month:
- Hakin9 (release date:1stof each month) – 50 pages of content dedicated to IT security, few regular columns written by specialists
- Hakin9 Mobile (release date: 7th of each month) – 40 pages of content devoted to hacking and security of mobile devices and applications
- Hakin9 Extra (release date: 15thof each month) – 50 pages of strictly topical content dedicated each time to different hot security topic
- Exploiting Software (release date: 22nd of each month) – 40 pages of content dedicated to latest software exploits and security
This months Exploiting Software magazine has some interesting articles including:
Starting to Write Your Own Linux Schellcode
Buffer Overflow Exploitation A to Z
Anatomy of the Black Hole Exploit Kit
Hacking Applets: A Reverse Engineering Approach
The Gentoo Hardened Project: Or How to Minimize Exploits Risks
And, forgive me for some shameless self promotion, How to Recover Passwords from a Memory Dump.
How to Recover Passwords from a Memory Dump
Malware analysis is an amazing field. To be able to grab a memory dump from a live machine and then have the capabilities to pull useful information from it just amazes the author. Can we find pertinent system settings, and even pull information from them? Were you ever curious about what could be done with a memory dump of an active computer? This article is a short demonstration on how to acquire a memory dump from a running system, and then how to use tools to not only recover the system password hashes from the memory dump, but also how to decode them.
The Hakin9 article I wrote is based on the memory forensics topics & hash cracking posts that have been covered recently here on CyberArms. I am pretty excited about it, and hope you like it too.
Check it out!