How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by David Dodd

Gitrob on the Network Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined.  Sometimes Employee might publish things that might be sensitive in nature and these things might lead to compromise of a system. Gitrob is a tool that Michael Henriksen developed that scans the github repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a lis... (more)

Metasploit Nessus Bridge on Ubuntu

Nessus is a vulnerability scanner program; it is free for personal use using the nessus for home. They also have a nessus for business which requires a fee. I will be discussing the nessus for home use and using it with the popular metasploit framework. Acquire the latest release of nessus homefeed Nessus-4.4.1-ubuntu1010_i386.deb and register for the activation code. Follow the instructions listed in the document ion for installing with Ubuntu and start to configure. Nessus daemon cant be started until nessus has been registered and the plugin download has occurred. $ sudo /opt... (more)

Malware Analysis | Part 1

Having your network environment protected with the latest virus protection, control what software is installed and allowed to run, restrict ingress and egress network access, protect web browsing, limit user account access, update security patches, change management practices, etc. All these efforts are critical to follow in the corporate environment but all will fall short if you don't have the proper monitoring in place to detect badness on your network and to respond quickly and effectively when it happens. When your network has the proper monitoring in place and knowledgeable... (more)

Post Exploitation Using Metasploit Pivot and Port Forward

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. A very nice feature in Metasploit is the ability to pivot through a Meterpreter session to the network on the other side. This tutorial walks you through how this is done once you have a Meterpreter session on a foreign box. We begin right after a client sid... (more)

Scanning Tools: The Target Environment

The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this process we'll perform a number of scans. Scan Types Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Network tracing – A facility for tracing the route of a computer that is connected to the Internet. Port scanning – software application designed... (more)