How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by David Dodd

Gitrob on the Network Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined.  Sometimes Employee might publish things that might be sensitive in nature and these things might lead to compromise of a system. Gitrob is a tool that Michael Henriksen developed that scans the github repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a lis... (more)

Planning, Scoping and Recon Techniques

The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking. Introduction During reconnaissance we'll gather information from public sources to learn about the target and try to find what is importan... (more)

Tutorial: OpenSSL Command

The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases. Many Linux distributions have OpenSSL as part of the bundled packages and is most likely located in /usr/bin. To find it on your system type: $ which openssl /usr/bin/openssl $ openssl version OpenSSL 1.0.0a 1 Jun 2010 Versions may vary and currently openssl-1.0.0d Feb 8 is the current version. Most of the examples that are found in this document sh... (more)

Metasploit Helpful Tips

Introduction The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. This tutorial will walk you through how to use the latest version of Nessus pre-built plugin filter ‘Metasploit Framework' in your pentest assignments. It will also cover some useful metasploit tips to achieve privilege escalation. Wouldn't it b... (more)

Capture File Filtering with Wireshark

Intrusion detection tools that use the libpcap C/ C++ library [1] for network traffic capture (such as Snort [2] and Tcpdump [1]) can output packet capture information to a file for later reference. The format of this capture file is known as pcap. By capturing packet data to a file, an investigator can return later to study the history of an intrusion attempt – or to turn up other important clues about clandestine activity on the network. Of course, the traffic history data stored in a pcap file is much too vast to study by just viewing the file manually. Security experts use spe... (more)