pbnetworks - Computer Security Solutions

pbnetworks - Computer Security Solutions

What's New

  • 10/11/16 CyberFlow posted a link to my article.
    CyberFlow posed a link to my article in Linux Pro here.Powerful services like WildFire and FlowScape can help you defend against a new generation of persistent network attacks.The original network intruders were often misfit geeks operating from boredom or a need for thrills. As businesses went ..
  • 03/27/16 Forensic Analysis with Redline and Volatility
    We show you how to dig deep to find hidden and covert processes, clandestine communications, and signs of misconduct on your network. In a previous article [1], I described how to obtain a memory image from a Windows computer that would allow forensic analysis. I briefly discussed using..
  • 03/02/16 Web-based reconnaissance
    Check out my article on Web-based reconnaissance inside Admin magazine. Article from ADMIN 30/2015 By David J. Dodd The recon-ng web reconnaissance framework is an important tool in penetration testing. The Metasploit Framework Project..
  • 07/07/14 Forensic analysis with Redline and Volatility
    Caught in the Act Article from ADMIN 21/2014 By David J. Dodd We show you how to dig deep to find hidden and covert processes, clandestine communications, and signs of misconduct on your network. In a previous article [1], I de..
  • 04/08/14 Acquiring a Memory Image
    We describe tools you can use to obtain a memory image of an infected system.Protecting your network environment with the latest virus protection, controlling what software is installed and allowed to run, restricting network access, protecting web browsing, limiting user account access, updating se..
  • 05/28/13 Pen Test Tips 2
    Shell vs. Terminal pbnetworks Inc. has published another article for Admin magazine online edition.Shell access on a Unix-type server lets you send commands to a target as a user of the system and get a response back (standard input to a shell and standard output from that shell). This shell ser..
  • 12/13/12 LinuxCon in San Diego
    Security and the Open Cloud were featured at the most recent LinuxCon event.LinuxCon North America 2012 traveled to the Sheraton San Diego Hotel and Marina in California this year and was co-located with the Linux Kernel Summit and Linux Plumbers Conference. The event kicked off on Wednesday A..
  • 12/16/11 Cyber Summit: Protecting Our Digital Shores
    David J. Dodd president and founder of pbnetworks Inc. gave a presentation for The Security Network at National University on December 7, 2011. The topic was "Protecting Our Digital Shores" a take on the significance of the same day 70 years ago when our country was suddenly and deliberately attack..
  • 10/26/11 San Diego 2nd Annual Cybersecurity Awards
    The San Diego 2nd Annual Fall 2011 Cybersecurity Awards was on October 25, 2011 at the Sheraton San Diego Hotel & Marina. The event was sponsored by ESET, San Diego Business Journal, AIS, Bridgepoint, Microsoft, Norman, SDGE, and the Security Network. The categories were Awareness, Critical In..
  • 08/25/11 San Diego base ESET providing assistance to IRAN
    Charles Jeter who interviewed me in the SC Magazine story 'win2008-servers-pwned-by-the-jarhead-clan' broke a major story late yesterday about San Diego based anti-virus vendor ESET apparently assisting the county of IRAN. IRAN is currently covered by U.S. sanctions so this would be a major vio..
  • 08/20/11 BSidesLA con
    p { margin-bottom: 0.08in; }BsidesLAI attended the BsideLA con at the Dockweiler Youth Center in LA this past Thursday Aug 18th2011. The event had a nice turnout a bit less than anticipated though. The first talk was done by Kevin Albano & Christopher Price of Mandiant titled: Ankle Busters..
  • 04/06/11 Scapy 2 Tutorial
    This part two on the use of Scapy. We go over using the SYN scan ability in scapy and build a table using the make_table() function. Next we have TCP traceroute functionality. We convert entire packet into a hex string using the str() function then re import the produced hex string by selecting t..
  • 03/29/11 Scapy Tutorial
    This is the first video in a series that will cover the use of Scapy. Many of the examples in this tutorial are picked from the SANS SEC 567 Power Packet Crafting with Scapy. If you find that Scapy does not have a particular function/module to accomplish what you want, you can write your own modul..
  • 03/22/11 Nemesis Tutorial
    In this tutorial I show how to use nemesis to arp poison a windows 7 box. Nemesis is a command-line packet injection tool from Mark Grimes and Jeff Nathanhttp://www.packetfactory.net/projects/nemesis Nemesis Tutorial from David Dodd on Vimeo...
  • 03/17/11 Segmentation Fault in Linux
    In this tutorial I show how to gain control of a program running on a Linux box. This tutorial is a follow on to a webcast shot earlier this week by Stephen Sims. The webcast is called A Taste of SANS SEC660 Part III and should be available soon from SANS. ..
  • 03/17/11 Root Access redirecting EIP
    This is a tutorial on gaining root access by redirecting EIP to your shellcode. The shellcode will open up TCP port 9999 on the local system and provide an admin shell to anyone who connects to that port. This is a follow on to a demonstration that Stephen Sims did during a webcast this week for th..
  • 03/15/11 Meterpreter encoding & pivot
    In this tutorial I use the Back|Track distro and metasploit to encode the psexec.exe then copy it over to a WindowsXP fully patched box.  We can get our executable to our victim machine a number of ways and I will that for later. I have listed the steps involved in using metasploit below a..
  • 03/15/11 Meterpreter tutorial on Windows 2003 Server SP2
    Here is a tutorial on using meterpreter on a Windows Server 2003 SP2.&nbsp; I have included the steps involved in using meterpreter below along with a video.<br />msf> use exploit/windows/smb/ms08_067_netapimsf> set payload windows/meterpreter/bind_tcpmsf> set rhost 192.168.1.131m..
  • 03/15/11 Metasploit Nessus bridge part I
    This video demonstrates using nessus within the Metasploit framework.&nbsp; I found that doing a separate nessus scan and importing the results into Metasploit had too many steps. Below is the steps involved along with the video.<br />1. open terminal and start nessus - 2. open termin..
  • 03/15/11 Dumping RAM on Windows 7
    Here is tutorial on dumping RAM on Windows 7 to provide a forensics investigator knowledge on the machine use.&nbsp; I dump the file to a *.dmp file and use foremost on Linux to view the image.<object width="425" height="344">..
  • 03/15/11 Arp Poisoning connection between Win 7 & Win2008
    Here is tutorial of using Cain to arp poison an RDP connection between Windows 7 and Windows 2008 R2 Server...
  • 03/15/11 metasploit attack on Windows 2008 R2 Server
    While reading an article on Attacking an Unpatched Windows 2008 Server I wanted to try the exploit on an VM of Windows 2008 service pack 2 NL (Netherland). Now the two exploits that are described in the article ms_09_050_smb2_negotiate_pidhigh and ms_09_050_smb2_session_logoff are to cause the OS..
  • 09/21/10 Twitter 'mouse over' hack causing chaos
    Twitter's security team said it has fixed a serious vulnerability on the site that created micro-blogging mayhem on Tuesday.The cross-site scripting flaw on the Twitter.com site creates a means for posting code into updates that activated when users rolled their mouse over a link. Moving a mouse o..
  • 07/27/10 WPA2 Hole196 Vulnerability
    Researchers at wireless security company AirTight Networks have uncovered a vulnerability in the widely used WPA2 security protocol, part of the 802.11 standard. The vulnerability, termed "Hole 196", which can be exploited by attackers already authenticated to the network, allows decryption of d..
  • 06/24/10 IG Finds Cybersecurity Unit Lacks Authority, Manpower
    A key government team responsible for preventing and responding to cybersecurity attacks lacks the authority to ensure that federal agencies are properly protecting their information technology networks and has insufficient staffing to perform its missions, the Homeland Security Department's inspect..
  • 03/30/10 'Smart' utility meters have security holes and can be hacked, expert finds
    SAN FRANCISCO — Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways. At the very least, the vulnerabilities open the door for attackers ..
  • 02/16/10 Police nab hacker over central Moscow porn show
    Police in south Russian have detained the hacker responsible for the broadcast of a hardcore porn clip on a central Moscow advertising screen last month, a paper said on Tuesday.The showing of a two-minute pornographic clip on a massive advertising screen caused a traffic jam in downtown Moscow i..
  • 02/16/10 Social Engineering Scammers Offer Live Support
    Just like legitimate software companies, cyber scammers are experimenting with online services supported by human intelligence.Symantec reports that those behind the fake antivirus software known as Live PC Care have added a new social engineering element -- live support agents who will try to con..
  • 02/16/10 Core Integrates Its Penetration Testing Product With Metasploit
    Another sign of the times in the maturing penetration-testing market: Core Security Technologies today announced that its commercial product will operate hand-in-hand with Metasploit's open-source tool.Core, which sells the user-friendly penetration product Core Impact, says the next version of i..
  • 02/11/10 CookieMonster nabs user creds from secure sites
    Websites used for email, banking, e-commerce and other sensitive applications just got even less secure with the release of a new tool that siphons users' authentication credentials - even when they're sent through supposedly secure channels.Dubbed CookieMonster, the toolkit is used in a variety ..
  • 12/29/09 Secret mobile phone codes cracked
    On Sunday 27th of December at the 26th Chaos Communication Congress (26C3) in Berlin, security researchers published open source instructions for cracking the A5/1 mobile telephony encryption algorithm and for building an IMSI catcher that intercepts mobile phone communication. The Global System..
  • 12/29/09 New Google CAPTCHAs now cracked
    Even the latest images in Google’s reCAPTCHAcan be cracked with sufficient reliability to allow protective services to be exploited. Last week, Google complained that claims to this effect only related to an old CAPTCHA method from 2008 that is no longer used.Now, Jonathan Wilkins, the author of ..
  • 12/29/09 Microsoft confirms IIS hole
    Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executa..
  • 12/01/09 Microsoft investigating 'black screen of death'
    Microsoft said on Monday that it is looking into reports that its latest security updates are causing some serious problems for certain users.The problem has been dubbed the "black screen of death" because those affected are left with a black desktop and little else on their screen. "Microsoft is i..
  • 12/01/09 Microsoft releases password attack data
    Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with "password" and "123456" being the most common.The data is part of a project to monitor att..
  • 08/04/09 Contractor returns money to Pentagon
    Apptis Inc., a military information technology provider, repaid $1.3 million of a $5.4 million Pentagon contract after investigators said the company provided inadequate computer security and a subcontractors system was hacked from an Internet address in China.Privately held Apptis, based in Chan..
  • 05/06/09 Thief holds Virginia medical data ransom
    An online thief compromised the network of the Commonwealth of Virginia's Department of Health Professions, allegedly stealing healthcare data on nearly 8.3 million patients, according to reports.The network intruder left a message claiming to have taken 8.26 million patient medical records and a..
  • 05/03/09 Diving Niihau arches
    ..
  • 04/29/09 US cyber-security 'embarrassing'
    America's cyber-security has been described as "broken" by one industry expert and as "childlike" by another.The criticism comes as President Obama prepares to release the results of a review he had ordered. Tim Mather, chief strategist for security firm RSA, told BBC News: "The approach we have re..
  • 04/28/09 Sea Turtle at Po'ipu Beach
    ..
  • 04/21/09 Data stolen from US Joint Strike Fighter project
    Unauthorised persons have succeeded in gaining access to plans for an American fighter aircraft project. The Wall Street Journal is reporting that computer spies have stolen "several terabytes" of data from the Joint Strike Fighter project. Since the plans relate to the design and the electronic s..
  • 04/17/09 Wireless MITM video
    ..
  • 04/17/09 Metasploit3 Postgres on windows video
    This is a video tutorial by Lou Lombardy showing how to use the new Metasploit GUI in a Windows XP environment. You will need to have a Windows XP machine and a target machine. The latest Metasploit 3.1 framework for Windows and the Postgres Database will need to be installed on the Windows XP mac..
  • 04/17/09 Brutish SSH attacks continue to bear fruit
    The number of attacks against secure shells protecting Linux boxes, internet routers and other network devices has continued to climb over the past several years, an indication that they still bear fruit for the miscreants who mount them.Data collected by DShield.org, a organization that aggrega..
  • 04/17/09 NSA oversteps relaxed wiretapping laws
    A recent investigation into the National Security Agency's electronic eavesdropping activities has found that the federal agency exceeded its authority to wiretap Americans, the New York Times reported this week.The revelations, made by numerous unnamed sources in the story, come nine months afte..
  • 04/17/09 Vulnerabilities in Linux allow root privileges
    According to a number of Linux distributors, a bug in the udev service under Linux can be exploited to obtain root privileges. The kernel uses udev to dynamically create device-specific files and folders (/dev/) for input and output, so that only devices which are actually connected appear in /d..
  • 04/15/09 SecureState SQL injection Video
    SecureState SQL injection Video..
  • 04/13/09 Power grid's vulnerability no surprise
    Security professional greeted this week's media reports of hackers infiltrating the electric grid with a collective yawn.On Wednesday, the Wall Street Journal kicked off a fresh awareness of the vulnerability of U.S. critical infrastructure when the newspaper reportedthat cyber spies from China and ..
  • 04/13/09 StalkDaily/Mikeyy continues to flood Twitter
    Despite Twittersaying the initial issue with the StalkDaily wormhad been resolved, Twitter users are now seeing the effects of a fourth generation of the worm. Now known as the Mikeyy worm, after Mikeyy Mooney, a 17 year old who claimed responsibility, the new worm promotes Mikeyy and taunts Twit..
Return to Home
Copyright © 2024 pbnetworks. All Rights Reserved. ip information