penetration

Hacking Trust Relationships – Part II

This is the second article in a series of six that covers the topic of hacking trust relationships. This article focuses specifically on Vulnerability Identification against a target system, in order to identify and exploit potential trust relationships. Author: THOMAS…

Eavesdropping on VoIP

This information could be used in a penetration-testing scenario. This is how I would approach an unsecured VOIP implementation. This test was conducted on 30 phones and the laptop used was able to handle the load since the voice codec…

Hacking Trust Relationships

This article is the first in a series of six, which covers the topic of hacking trust relationships. This first article focuses specifically on Information Gathering against a target system, in order to identify potential trust relationships. Author: THOMAS WILHELM…

Eavesdropping on VoIP

This information could be used in a penetration-testing scenario. This is how I would approach an unsecured VOIP implementation. This test was conducted on 30 phones and the laptop used was able to handle the load since the voice codec…

Pentest Labs Using Live CDs

For those individuals interested in learning how to perform penetration testing, they quickly realize there are many tools to learn, but almost no legal targets to practice against – until now. De-ICE.net has developed LiveCDs that simulate fully-functional servers that…

Auditing Oracle in a Production Environment

This paper is based on real penetration testing of Oracle servers on HP-UX systems and the methodology the auditor must follow in order to combat the stringent situations which present themselves. We will dissect the errors and explore the ways…

IPsec Policies

Switch Overview. The Data Link Layer, or Layer 2 of the OSI model is the protocol layer that provides the functional needs for data transportation between multiple nodes on a network. Ethernet, PPP, and Frame Relay are examples of data…

Hacking ASLR & Stack Canaries on Modern Linux

This article will demonstrate methods used to hack stack canaries and Address Space Layout Randomization (ASLR) on modern Linux kernels running the PaX patch and newer versions of GCC. Author: STEPHEN SIMS Source: Hakin9 5/2009 https://hakin9.org WHAT YOU SHOULD KNOW… Readers should have…

Hacking Through Wild Cards

This paper sheds light on the usage of wild characters that lead to hacking. The wild characters are used effectively in a different sphere. The inappropriate use of wild characters can lead to misconfiguration of parameters thereby resulting in a…

More Thoughts on Defeating AntiVirus

Faced with the daunting task of detecting and quaranting thousands of new viruses, Trojans and other malware discovered every day, AntiVirus software vendors rely on AV signatures to protect their customers. Author: JIM KELLY Source: Hakin9 3/2009 https://hakin9.org WHAT YOU WILL LEARN… How…

Metasploit Alternate Uses for a Penetration Test

The Metasploit Framework is a program and subproject developed by Metasploit LLC. It was initially created in 2003 in the Perl programming language, but was later completely re-written in the Ruby Programming Language. Author: STEPHEN ARGENT Source: Hakin9 2/2009 https://hakin9.org WHAT YOU WILL…

Ettercap

Ettercap is a multipurpose sniffer, ARP spoofer, and is used for Man in the Middle attacks and much more. Authors: Marco Figueroa and Anthony L. Williams Source: Hakin9 2/2009 https://hakin9.org Quick Start. Ettercap is an open source cross platform tool written entirely in…