WireShark

Here is a video on using WireShark if you are new to it.

Posted in Security Blog | Tagged , , , , , , | Comments Off on WireShark

(ISC)^2 Code of Ethics

Code of Ethics Canons:

  1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  2. Act honorably, honestly, justly, responsibly, and legally.
  3. Provide diligent and competent service to principals.
  4. Advance and protect the profession.

Check here to validate the integrity of this post.

Posted in Security Blog | Tagged , , | Comments Off on (ISC)^2 Code of Ethics

Burp Suite

burpsuite

Burp Suite is a web applications security tool.

Here is where to download it for free or buy it.
http://portswigger.net/burp/download.html

https://www.carmelowalsh.com/2014/03/dr-susan-loveland-hack-website/

Posted in Security Blog | Tagged , , , , | Comments Off on Burp Suite

Pablos Holman at TEDxMidwests

This was a fun watch. Nerdy and fun.

Posted in Security Blog | Tagged , , , , , | Comments Off on Pablos Holman at TEDxMidwests

Sniffing, Arp Poisoning, and Armitage

Here is a little video of sniffing passwords with Ettercap while Hacking the box with Armitage. This video is a little old since Kali linux has replaced backtrack by Offensive Security.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Sniffing, Arp Poisoning, and Armitage

Goohost.sh

Here is where you can get Goohost.sh https://app.box.com/s/gm3x0iuiyz5u6mlc6cst

First create a directory for the installation
$ mkdir -p /pentest/enumeration/google/goohost/
Then download the tool and make it executable:
$ cd /pentest/enumeration/google/goohost/
If this wget statement doesn’t work, use my link above to download a copy of it.
$ wget http://dl.dropbox.com/u/10761700/goohost.sh
$ chmod +x goohost.sh

Syntax
$ ./goohost.sh -t domain.tld [-m -p <1-20> -v]

Options
-t
target domain. E.g. backtrack.linux.org
-m
method:
Default value is set to host
host: raw google hosts and subdomains search
ip: raw google hosts and subdomains search and performs a reverse DNS resolution
mail: raw google email search
-p
Max number of pages (1-20) to download from Google.
Default 5
-v
verbosity.
Default is set to off

From http://www.aldeid.com/wiki/Goohost

Here is a video from Ultimate Peter

Posted in Security Blog | Tagged , , | Comments Off on Goohost.sh

Make Your Wifi Password Complex

And for crying out loud, don’t put it up for the world to see!!1!!

hSeszDV

Posted in Security Blog | Tagged , , | Comments Off on Make Your Wifi Password Complex

Facilitated Risk Analysis Process (FRAP)

Though I prefer a quantitative risk analysis, such as Factor Analysis of Information Risk (FAIR), sometimes a quicker method, such as the Facilitated Risk Analysis Process (FRAP), a qualitative method is needed.

Qualitative methods are much quicker, they don’t require asset valuation, aside from a SWAG (Scientific Wild Ass Guess) and the following:

  • A brainstorming session to list threats,
  • The assignment of a simple probability (i.e. High/Medium/Low) to each threat,
  • The assignment of simple impact (i.e. High/Medium/Low) to each threat,
  • The identification of controls for the listed threats, and
  • A management summary.

Here is a SlideShow I found on the Facilitated Risk Analysis Process

Uploaded on SlideServe by undefined

http://www.slideserve.com/calantha/facilitated-risk-analysis-process-frap-adapted-from-tom-peltier-associates

Posted in Security Blog | Tagged , , , , , | Comments Off on Facilitated Risk Analysis Process (FRAP)

Java

Java

Posted in Security Blog | Tagged , , | Comments Off on Java

What am I doing?

Computer Security

Posted in Security Blog | Tagged , , , , , | Comments Off on What am I doing?