home

16zWyT4nwXf4uFih7jLhmdq1hgmJvZkF7j

  • Security BSides Orlando & SANS 2014 Security BSides Orlando 2014What a awesome week! Last weekend (April 5, and 6th) was Security BSides Orlando 2014. So much was packed into just two days. To start out Kevin Johnson from Secure Ideas gave an awesome keynote touching on the value of certifications, and the potential of creating a centralized licensing institution. One example he gave was for a penetration tester to become "licensed" he would have to perform a real world pentest and provide a report to a "bar" of InfoSec professionals. This would be an in person review of the candidate where they would be asked questions about their testing methodologies to determine if they truly know what they are talking about. After the keynote talk ...
    Posted Apr 13, 2014, 1:28 PM by DAFT HACK
  • DAFTHACK Hacking Challenge #1 UPDATE: THIS CONTEST IS NOW CLOSED.This is DAFTHACK's first ever Hacking Challenge! I wanted to try my hand at creating a challenge so I put together this contest.  If this one goes well I might try to put more together in the future. This first challenge will involve PCAP analysis. The rules are simple:Analyze the PCAP file below, find the flag, email it to me here: beau{at}dafthack.comIf you find the flag, and are the first person to email it to me you will receive free entrance to BSides Orlando 2014 ($20 value) on April 5th, and 6th 2014. Also, I will buy whoever solves this challenge first a beer of their choice at ...
    Posted Apr 13, 2014, 10:53 AM by DAFT HACK
  • BSides Tampa 2014 This past weekend I attended BSides Tampa. This was a very well put together event. The only thing that bugs me is that there was so much going on at the same time it was hard to decide what to do! For this BSides event I decided I wanted to dedicate all my time to the CTF. I missed out on the talks, and lockpick village but I heard good things from others who attended them.   Everyone met in the open area in the center of South University to get their badges and shirts. There were a few vendor tables set up here too. Great shirts and badges guys!  I brought a few extra locks for the Lockpick Village... The ...
    Posted Feb 18, 2014, 12:45 PM by DAFT HACK
  • How to Spear Phish Your Employees: Part 3, Hook, Line, and Sinker Now that we have SPToolkit up and running as detailed in part 1, and have tested out the functionality in part 2 we will get to the really evil... um… I mean really fun part of spear phishing training, customizing your attacks! In this final installment we will create our own customized message templates, use the built in site scraper to build a replica site to get users to enter their login credentials, and we'll modify the training materials to fit your organizations best practices.The built-in templates are great but generally will get caught by phishing filters. Real life attackers won't be using these templates to target your organization. They will be creating customized and targeted ...
    Posted Feb 7, 2014, 10:25 AM by DAFT HACK
  • Target: A Breakdown of What Happened Today, it has been revealed how the hackers that stole 40 million credit and debit cards from Target initially got in. I have been hesitant to report anything on this massive story because I have been waiting to hear how the initial compromise occurred. It is now known that the attackers stole a third party HVAC companies network credentials, and used them to login to Target’s network and deploy their malware. FAZIO Mechanical Services is a refrigeration and HVAC system company used by Target at a number of their locations. FAZIO’s network credentials for Target’s network are allegedly the source of this attack.Before diving too deep into this story here is a brief timeline of what ...
    Posted Feb 5, 2014, 8:24 PM by DAFT HACK
  • DAFTHACK Newsletter! We have just launched our DAFTHACK Newsletter. Please join our mailing list to receive periodic updates from dafthack.com. DAFTHACK wants to reach our readers on a new level. This newsletter will help us learn more about our target audience as well as inform them of all that is going on in the DAFTHACK world. We look forward to hearing feedback from our readers!The plan is to send periodic updates including the following:The latest information security newsRecent postings on www.dafthack.comHacking and information security tipsDon't worry though. We will not be spamming you on a weekly basis. At most we will send them out monthly.To subscribe click here.
    Posted Feb 5, 2014, 11:38 AM by DAFT HACK
  • How to Spear Phish Your Employees: Part 2, Testing Functionality Now that we have SPToolkit set up after following part 1 of this series we will begin testing the functionality of the software. First we will walk through sending ourselves a test phishing message, make sure the training materials are able to be accessed on link click, and then import a list of targets for future tests.You may end up sending yourself quite a few test messages in the process of setting up the perfect attack. If you run into any issues with the below guide, make sure you correctly configure your SMTP environment. Configuring an SMTP relay is out of the scope of this guide but you may be able to get some information from error messages in ...
    Posted Feb 7, 2014, 10:09 AM by DAFT HACK
  • How to Spear Phish Your Employees: Part 1, The Setup The SPToolkit is a fantastic open-source tool for training your employees about the dangers of spear-phishing. I have been using it for a couple of years now to perform internal spear-phishing training against my employees. It can be used to send targeted emails to individuals within your organization with the intent of getting them to click a malicious link. It is possible to set up your own training materials so that once a user clicks a potentially malicious link they will be redirected to your own internal security training materials. There is a nice console built-in that will show you the users that clicked the malicious links so you can keep track of how many employees ...
    Posted Feb 3, 2014, 12:23 PM by DAFT HACK
  • Security BSides If you work in information security, or are a hacker of any sort and haven't heard of these events known as Security BSides you should definitely read this post. BSides are community driven events put on by members of the security community. These events usually consist of technical talks, CTF's, lock pick villages, demos, participant networking, and on occasion a zero-day might be dropped. Most of the events are either really cheap or free to attend! Generally, they are one or two day events.  Two upcoming Security BSides events I will be attending are BSides Tampa, and BSides Orlando. Last year was BSides Orlando's inaugural event. You can read my full review from that event here ...
    Posted Feb 3, 2014, 12:26 PM by DAFT HACK
  • How Not to Sell a Wireless Router on Ebay This is a post about why you don't sell electronics to strangers on sites like Ebay without factory resetting the device and completely wiping any data that might be on it. This post is also partly about open-source intelligence and partly about attacking wireless routers. To give some background about how this came about I am giving a lecture of sorts on Wi-Fi hacking to a local group of information security professionals in a few weeks. One of the attacks I am going to demonstrate is the WPS PIN brute force attack. I bought a wireless router on Ebay that came with the previous owners SSID and pre-shared key. Hacking ensued.In the following blog post ...
    Posted Oct 4, 2013, 1:27 PM by DAFT HACK
Showing posts 1 - 10 of 56. View more »

DAFTHACK Newsletter