Website Design 101
Today we are going to talk about website design. We see many bad practices just traveling around the web. We are always looking for new prospects and when we come across websites with bad design or security errors, we try to let them know. Although, 90% of the time they do not listen. The most demotivating thing about this job is that most small businesses haven’t caught up to technology. Most small businesses believe that having a website means they are online and have an online presence. Usually, this is not the case, in fact...
read moreWe Didn’t Test Sony’s Security.
Disappointment in Sony. OK so we didn't test Sony's security. If you don't want something like this to happen to your business get your security pentested. Everyday a business goes down. This time though it being Sony, many people are starting to take security a little more seriously….Finally. Ok I will Admit.. OK so I agree Sony was probably pretty arrogant and not checking there security most likely thinking.."Really? I am Sony. I no be hackz." Which is apparently untrue....
read morePenetration Testing: The Hacker’s Mind
Welcome back. If you have been following along you should know everything there is too know about your client now. If you haven't then you should go back and read The Hackers Eyes pt1 and The Hackers Eyes pt2. I Am Drowning in Information! Now What Do I do? Now that you have plenty of information you would think that the information gathering step is done….WRONG information gathering is the whole process of social engineering. You use social engineering to gather more information depending on your goal. Some...
read moreWifi Man-in-the-Middle Attack
While I was contracted out for another company NBC-2 wanted us to do a segment on wifi security or insecurity to be exact. Here is the end result. [video src=http://crystalatatrium.com/wp-content/uploads/wifi.mp4] Here is the link to the NBC page. Wifi Warning – NBC-2.com
read moreViruses What and Why?
You may ask yourself. Why are viruses made? Why are viruses created? What kind of people make viruses? Well I will explain in this short post. Viruses Is there a cure? Short answer…No Why are viruses made you ask? Well mainly 3 reasons. 1. Because someone whether it be a kid or adult was seeking revenge or just bored. 2. Making a name for themself….this doesn’t happen as much anymore just because viruses are easy to make and your no better than your peers if you do it. 3. Money. Infecting many people is profitable. Lets...
read morePenetration Testing: The Hackers Eyes pt 2
Welcome back. Now if you have not read part one of this series please go read that one first or you may be lost. Here is a link to help you on your way Part 1. So the place that I left off was web based information gathering. Now that you know some about the company let us turn to a more tech related topic. Lets find out everything about there site. We have done some of this in Part 1, but now we are going deeper. What else is there to know? CMS Before I got into that let me explain a few things. CMS stands for Content Management...
read morePenetration Testing: The Hackers Eyes
So what? we all have eyes. Yea I guess thats true. Maybe I should of called it the mind. Anyway it will make more sense as I explain it. This will be a multi-part blog. If this is your first post your reading I would recommend reading my Hacker Roadmap. If you think your ready or your just too lazy to read the other one then continue on. Before you read on please read the disclaimer. What you may need to understand this: Basic knowledge of how a website is built. How to view source-code of a webpage. Some basic HTML knowledge. So...
read moreSQL injection Break down
Inject 2cc of SQL and call me in the morning I know there are many sql injection tutorials. However I will write this one mostly for the people who do not have much knowledge of SQL or programming. This tutorial is for people that want to know how it works not how they can use it. However if you do know basic programming in php and sql then you will also learn the latter. Quirky text in bold’ OR 1=1 Ok so best way to put this in an example is with the english language. The ending of a sentence is a period (lets keep it simple and...
read moreAll your “bases” are belong to us
Bases? You mean where I keep my flag? So I spoke to a man today who was pretty well versed in computers. We got on the subject of hexadecimals and binary. I found out he knows hexadecimal for colors and he understands them somewhat and he knows binary is the language computers use and can read them if need be. However here on Crystal Atatrium that is not good enough. So per his request and some others that may want to understand more I will explain Bases and positional systems. More of a mathematical explanation but should be...
read moreSocial Engineering…Too easy?
Social Engineering, No assembly required If you do not know what social engineering is, read here . Put simply, it is hacking people. Like most of the things on this site, this is about learning. I do not recommend lying your way into a company. Also, on the topic of learning, if there is a word you do not know on here, I provided links so you can read about it. So, back to the issue at hand here, a couple days ago, I got a call at my office to go on-site to a new company. They wanted me to come in and fix any problems that I could find on...
read more