Rainbow Tables: Your Password's Worst Nightmare
While you might think of Rainbow Tables as eclectic colorful furniture, those aren't the ones we are going to discuss. The Rainbow Tables that we are talking about are used to crack passwords and are yet another tool in the hacker's ever-growing arsenal. What are "Rainbow Tables"? How could something with such a cute and cuddly name be so harmful? The Basic Concept Behind Rainbow Tables We're a bad guy who has just plugged a thumb drive into a server or workstation, rebooted it, and ran a program that copies the security database file containing usernames and passwords to our thumb drive. The passwords in the file are encrypted so we can't read them. What are the options for cracking passwords? When a password is "tried" against a system it is "hashed" using encryption so that the actual password is never sent in clear text across the communications line. Hashing a password is a 1-way function, meaning that you can't decrypt the hash to see what the clear text of the password is.
Dogbert's Blog: BIOS Password Backdoors in Laptops
Synopsis: The mechanics of BIOS password locks present in current generation laptops are briefly outlined. Trivial mechanisms have been put in place by most vendors to bypass such passwords, rendering the protection void. A set of master password generators and hands-on instructions are given to disable BIOS passwords. When a laptop is locked with password, a checksum of that password is stored to a so-called FlashROM - this is a chip on the mainboard of the device which also contains the BIOS code and other settings, e.g. memory timings. For most brands, this checksum is displayed after entering an invalid password for the third time: The dramatic 'System Disabled' message is just scare tactics: when you remove all power from the laptop and reboot it, it will work just as before. The bypass mechanisms of other vendors work by showing a number to the user from which a master password can be derived. Other vendors just derive the master password from the serial number.
SPARTA | Penetration Testing Tools
SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent setting up commands and tools, more time can be spent focusing on analysing results. Source: Homepage | Kali sparta Repo Author: SECFORCE (Antonio Quina and Leonidas Stavliotis)License: GPLv3 Tools included in the sparta package sparta – Network Infrastructure Penetration Testing Tool SPARTA Usage Examples When SPARTA is first launched, either via the Kali Applications menu or by running sparta at the command line, the main interface will open, presenting you with your workspace. After clicking “Add to scope“, the Nmap scan will begin and we are presented with a progress indicator in the Log pane.
Documentation - Openscap
From Openscap The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. The following sections provide information about using oscap for both, normal users and developers. The user part covers explanation of the most common oscap operations and shows the relevant examples. The developer part provides information on tasks related to OpenSCAP development. An alternative to the oscap command line tool is SCAP Workbench - a GUI application with scanning and tailoring capabilities. This part of documentation explains usage of the most common oscap operations and presents examples based on industry standard data (SCAP content). $ man oscap Installation You can either build the OpenSCAP library and the oscap tool from source code (for details refer to Compilation), or you can use an existing build for your Linux distribution. # yum install openscap-utils Common Usage $ oscap -V Displaying Information About SCAP Content Scanning Check engines
The Penetration Testing Execution Standard
The Cyber Incident Tsunami - Time to Get Ready | Online Trust Alliance
In advance of Data Privacy & Protection Day, we just released the Cyber Incident & Breach Trends Report (press release here), a look back at the cyber incident trends in 2017 and what can be done to address them. This report marks the tenth year OTA has provided guidance in this area, and while the specifics have certainly changed over time, the core principles have not. Originally we just looked at the number of reported breaches, but last year we broadened the definition to “cyber incidents,” which includes ransomware infections, business email compromise (BEC), distributed denial-of-service (DDoS) attacks and infiltrations caused by connected devices. This broader definition paints a more realistic picture of the threats and associated impact facing organizations today. This year we found that the number of cyber incidents nearly doubled to 159,700 globally, and given that most incidents are not reported, this number could easily exceed 350,000. Rise in Ransom-Based Attacks.
CI CENTRE
OpenVAS - OpenVAS - Open Vulnerability Assessment System
Cyber Security Training | SANS Courses, Certifications & Research
Home · Arachni/arachni-ui-web Wiki
Thumbcache Viewer - Extract thumbnail images from the thumbcache_*.db and iconcache_*.db database files.