We Didn’t Test Sony’s Security.
Disappointment in Sony. OK so we didn't test Sony's security. If you don't want something like this to happen to your business get your security pentested. Everyday a business goes down. This time though it being Sony, many people are starting to take security a little more seriously….Finally. Ok I will Admit.. OK so I agree Sony was probably pretty arrogant and not checking there security most likely thinking.."Really? I am Sony. I no be hackz." Which is apparently untrue. I mean they have been hacked 20 times...
Read MorePenetration Testing: The Hacker’s Mind
Welcome back. If you have been following along you should know everything there is too know about your client now. If you haven't then you should go back and read The Hackers Eyes pt1 and The Hackers Eyes pt2. I Am Drowning in Information! Now What Do I do? Now that you have plenty of information you would think that the information gathering step is done….WRONG information gathering is the whole process of social engineering. You use social engineering to gather more information depending on your goal. Some of the things I do with information is split it up...
Read MoreWifi Man-in-the-Middle Attack
While I was contracted out for another company NBC-2 wanted us to do a segment on wifi security or insecurity to be exact. Here is the end result. [video src=http://crystalatatrium.com/wp-content/uploads/wifi.mp4] Here is the link to the NBC page. Wifi Warning – NBC-2.com
Read MorePenetration Testing: The Hackers Eyes pt 2
Welcome back. Now if you have not read part one of this series please go read that one first or you may be lost. Here is a link to help you on your way Part 1. So the place that I left off was web based information gathering. Now that you know some about the company let us turn to a more tech related topic. Lets find out everything about there site. We have done some of this in Part 1, but now we are going deeper. What else is there to know? CMS Before I got into that let me explain a few things. CMS stands for Content Management System. They are easily deployed and set up. They...
Read MorePenetration Testing: The Hackers Eyes
So what? we all have eyes. Yea I guess thats true. Maybe I should of called it the mind. Anyway it will make more sense as I explain it. This will be a multi-part blog. If this is your first post your reading I would recommend reading my Hacker Roadmap. If you think your ready or your just too lazy to read the other one then continue on. Before you read on please read the disclaimer. What you may need to understand this: Basic knowledge of how a website is built. How to view source-code of a webpage. Some basic HTML knowledge. So this guy Doug Hotz asked me how I would go about...
Read MoreSQL injection Break down
Inject 2cc of SQL and call me in the morning I know there are many sql injection tutorials. However I will write this one mostly for the people who do not have much knowledge of SQL or programming. This tutorial is for people that want to know how it works not how they can use it. However if you do know basic programming in php and sql then you will also learn the latter. Quirky text in bold’ OR 1=1 Ok so best way to put this in an example is with the english language. The ending of a sentence is a period (lets keep it simple and forget ! and ?). When someone reads a period the...
Read More