Escalate Privileges
After penetration, if the established presence doesn’t have admin/root privileges, a top priority may become escalating privileges so that further action become possible. There are a variety of ways to…
Information Security
Whoami?
One of the first tasks of the attacker after penetrating a system is to figure out what account status is associated with the presence established and what permissions and privileges…
Password Strength Requirements
While the main premise of the article linked below is correct, it understates a key part of password cracking methodology. There are two primary means of cracking passwords: using word…
Zero Day Vulnerabilities Have No Patch Yet
When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even…
Physical Attacks
Physical attacks are attacks that involve penetrating the physical security protecting information systems. In a facility with low physical security or public access, it can be as simple as walking…
Application Attacks
Application attacks focus on application software instead of the operating system, where most classical perimeter exploit vulnerabilities are found. A wide variety of application attacks are aimed at web servers…
Client-side Attacks
Client-side attacks take advantage of weaknesses found in client software usually running on users workstations. Most client-side attacks involve either a web link to a web page that can deliver…
Wireless Attacks
Wireless attacks are constantly changing and so are the defensive techniques used against them. Here are some of the areas involved with different wireless attacks: Recon Most wireless attacks start…
Perimeter Attacks
Perimeter attacks involve using exploit code to take advantage of weaknesses detected in perimeter devices to take control of them or leverage some level of access into greater access. The…
Operations Security = OPSEC
Operations Security or OPSEC is about identifying critical information that can be used against you by an opponent and minimizing access to that information. This is a sub process of…