Posted by chris on Wednesday, January 27, 2010 – 9:30 PM
If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.
But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.
Posted by chris on Friday, November 20, 2009 – 2:07 AM
t’s been about a year since one of the best pen testing tools has seen an upgrade to the framework. Metasploit Framework 3.3 is now available. Not only does it support Linux, Windows, OS X, and many versions of BSD, but now it also supports Windows 7. And according to the website this release has 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. However one of the new features that I’m pleased about is you can now run a full console version in Windows using Cygwin which is how I like to run nmap when I’m on my Windows computers, and RXVT. To be honest, I haven’t fired up any of my Linux machines in a while. I just boot from a Linux Live CD most the time but I digress.
The Windows installer works on all versions of Windows from 2000 to Windows 7 and the Linux installer works on most versions of Linux released in the last five years.
I’d like to point out, this is not a toy. This is the bad boy of penetration testing tools. I love using this because I know that if I can’t get into the system I’m testing with it, I can feel pretty confident that system is pretty secure. I wouldn’t go so far as to say that I’m 100% secure because I’ve been doing this long enough to know there is no such thing. But if you can’t successfully attack one of your computers with this, then chances are neither can the script kiddies.
Posted by chris on Monday, March 30, 2009 – 12:45 PM
An interesting post today, on the Internet Storm Center, reminds us to look over our router logs. Also, disable remote administration of the router, unless it’s absolutely necessary.
You can see what happens when someone guesses an easy password and gets into a router, and the lsessons learned, here.
Posted by chris on Thursday, March 6, 2008 – 10:35 PM
We interrupt the previous story to get down to what I said we would be featuring this month, Hacking. When it comes to hacking, video tutorials, this site is one of the best. Irongeek’s Hacking Illustrated Videos
can be found at, where else, Irongeek.com
There’s a lot of them and he has been making them himself for years. He also has a tutorial on how he makes the videos. This site isn’t the prettiest sight around but it more than makes up for its looks with great content. From the Basic Nmap Usage, Sniffing VoIP Using Cain, Metasploit Flash Tutorial, Using SysInternals’ Process Monitor to Analyze Apps and Malware, Creating a Windows Live CD for System Recovery and Pen-Testing with Bart’s PE Builder,
and so many more. There’s bound to be something of interest to all but the most seasoned veterans.
While Irongeek maybe best known for his video tutorials, he has also written some nice netowrk security articles. His latest, State Hacking/Computer Security Laws, is very informative and was posted at the end of December of 2007, so it’s current. How To Cyberstalk Potential Employers “This article is less diabolical than its title might imply. Essentially, I want to give the reader some tips for finding more information about a potential employer than the job listing may reveal.” And he does. It’s well written and I like his inclusion of screen shots.
If irongeek.com only had the video section, that would be enough alone for me to recomend it. I’m sure he laid the ground work and inspired others to make hacking video tutorials. There’s also a couple scripts/apps that he wrote, some reviews, and don’t forget the clips of him working out. And if my word isn’t good enough, there’s also half a dozen campuses that use his material. And here’s a nice little link that shows you all the info that can be seen from your browser.
This one is a keeper. Definitely worthy of a bookmark and some time for further exploration. I tip my proverbial hat to Iron Geek. Well done sir.
