So earlier today I noticed a discrepancy in traffic to question-defense.com and because of a previous incident I knew exactly where to look. Sure enough a similar attack had been performed which we are coining Search Engine Click Jacking. In this case we are sure that a single files permissions were left open and the…
I recently presented at Hack3rcon in West Virginia on the subject of using Oclhashcat and a fingerprint attack to crack password hash’s.The original article by Atom can be found here. This is the video I made for a back up of my talk in case the live demo failed.
One of the hottest new tools in Backtrack 4 final is the Social Engineering Toolkit otherwise known as SET. The tool was written by a major contributor to Backtrack, David Kennedy (ReL1k). He is also a friend. The homepage for SET is http://www.secmaniac.com/ and there is more useful information there.
The btmp log keeps track of failed login attempts. I have seen on a default linux setup with logrotate configured where the btmp log is left out of rotation and eventually grows out of hand. So first you want to make sure that the btmp log is rotated using logrotate with the below information. Log…
The directions below will provide simple instructions on changing the prefix to your WordPress blog’s MySQL database from wp_ to whatever you choose. Its a good idea to change this prefix to prevent zero-day SQL injection attacks from being performed against your WordPress installation since your database tables will be known to everyone if you…