Welcome!

How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by David Dodd

When performing a penetration test on a customer’s network by simulating an attack and trying to find a way inside many forget there is an easier way. Many networks have well established security protection through firewalls, Intrusion Detections/ Protections Systems that will alert to your presents. Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap, etc will alert many systems. By performing some research on the target and learn what the company does you can narrow your attack. By using some social engineering you can email your payload to an inspecting victim at the company that will allow you to establish a foothold thereby allowing you to further exploit their network. This can be accomplished by using the Metasploit binary payloads with Shikata-ga_nai encoding scheme. Metasploit Antivirus Bypass When making plans to email or deliver your ... (more)

Post Exploitation Using Metasploit Pivot and Port Forward

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. A very nice feature in Metasploit is the ability to pivot through a Meterpreter session to the network on the other side. This tutorial walks you through how this is done once you have a Meterpreter session on a foreign box. We begin right after a client sid... (more)

Tutorial: OpenSSL Command

The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases. Many Linux distributions have OpenSSL as part of the bundled packages and is most likely located in /usr/bin. To find it on your system type: $ which openssl /usr/bin/openssl $ openssl version OpenSSL 1.0.0a 1 Jun 2010 Versions may vary and currently openssl-1.0.0d Feb 8 is the current version. Most of the examples that are found in this document sh... (more)

RDP Exploitation Using Cain

The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server.  RDP is designed to support different types of network topologies and multiple LAN protocols.  Remote Desktop Services formerly know as Terminal Services on Windows 2000 Server allow a server to host multiple, simultaneous client sessions.  Remote Desktop uses Remote Desktop Services technology to allow a single session to run remotely.  Thus a user can connect to a Remote Desktop Session Host server by using Remot... (more)

Scanning Tools: The Target Environment

The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this process we'll perform a number of scans. Scan Types Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Network tracing – A facility for tracing the route of a computer that is connected to the Internet. Port scanning – software application designed... (more)