Jump to content

Search the Community

Showing results for tags 'pen test'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 5 results

  1. Hi i have been very interested in the idea of being a pen tester, I have messed around with Kali Linux a few times before and I am setting up a laptop to run its primary OS as Kali Linux. One day i will be joining my countries defence force and will hope to make my way up in the security field and work for my county in intelligence. I am haven't even scratched the surface on how to pen test and use linux with ease. If anyone could send me in the right direction to start learning I would be extremely grateful. I also understand the task i wish to take on is not easy, I know that i will have to put in a lot of work to get to where i want.
  2. Hello, I am looking for suggestions for legitimate pen testing service providers for an embedded automotive application (black box and/or white box). Need someone that is familiar with embedded RTOS devices, UDS Services, CAN FD & Flexray scom., board level attacks, etc. My searches have yielded very few legitimate options. Process / Deliverables should include (at a minimum) Security Architecture Review, Information Gathering, Passive Analysis, Active Analysis, and a complete report. Any suggestions would be appreciated. Thanks
  3. I want to build a workstation to polish my Pen test Skills for my Security Analyst job interviews and want to have something powerful to do the all Security related work. so I want to know that what GPU and CPU is better for such Cracking passwords and hashes plus can also handle serious workload?. Are professional GPUs better for hacking sort of work or the Gaming GPUs?. I also want to know which CPU is better to go for Xeon or i7 extreme?.Thanks
  4. Hi everybody One of the largest and well known Enterprise Security Conferences in Germany is C-Forge, run by Virtual Forge, a large Security Software Company. C-FORGE, May 30 + 31st 2017 , Heidelberg, Germany It is all centered around the (in)famous SAP ERP Software, used by almost all medium and large companies in the world. Since I am a professional pen tester for large SAP systems, I was asked to held a presentation. Everybody liked the proposal of a one-hour presentation of my Hak5-Backpack, with RubberDucky, LANTurtle, BashBunny, of course Pineapple TETRA and a great german product called miniChameleon, which copies and mimics RFID and NFC Cards (like hotel keys and corporate badges) . This will be a rundown about a SAP PenTest playbook scenario (with live elements) to get passwords and hashes with these devices. My experience is, that HW-attacks are often overlooked in Enterprises, but are much more risky, dangerous and overall much more likely than any network hack. So if you happened to be in the area, stop by. It is of no cost, if you are working for a SAP-customer. Check my presentation link and more conference information: C-Forge Presentation "Cracking the SAP Perimeter"
  5. First off, my web dev skills are greatly rusty these days. It's been a while since I've had the chance to work on anything. Anyway, I was thinking about a way to use the MKIV for a targeted phishing attack. The Idea: A captive portal for harvesting domain credentials of a targeted company (for legitimate pen testing engagements). Using Karma (and possibly a deauth flood), clients connect to the MKIV. DNSSpoof forwards all requests to the local index.php which checks if the client has a valid session. If session is valid, it redirects the client to their requested URL. If session is NOT valid, it redirects the client to captiveportal.html where they are prompted to login with their domain credentials. Submitting the form POSTs to process.php which opens creds.txt, writes the entered credentials, builds the session, and redirects to success.html. Success page makes the client feel good and then redirects to the originally requested page. Implementation: I have attached* what I have done so far for anyone that wants to help out. I currently have a few of the pages done up. Index.php is properly redirecting to captiveportal.html, but when I submit the form I just get a blank white page for process.php. It doesn't look like it ever writes out the credentials or builds any session info. Drawing blanks on that for now. Any thoughts, feedback, code is appreciated. I'd like to eventually get this to the point that it can be wrapped up into a module/infusion for quick and easy implementation. This way, attacking companies with better wireless implementations becomes easier. You no longer have to use freeradius-wpe to capture the challenge/response and then crack. Why waste that time when you can just ask them nicely for their credentials? *It won't let me upload any of the files, so I threw it up in on github here: https://github.com/vidkun/captivePhish
×
×
  • Create New...