Module 08
In this module, we learn some system hacking techniques. The chapter explains in detail how to use key loggers and how to crack the passwords. Lastly, we also review the system hacking countermeasures and how to configure the password policies.
Malicious actors can use key-loggers or rainbow tables to crack user passwords. However, there is also another method often used by pen-testers. The method is to gather the user password from the pwned password database. This technique is very successful since a lot of people use the same password for multiple accounts.
For anybody who wants to check if the online account has been breached check your credentials on this website https://haveibeenpwned.com/ .
Sunday, March 15, 2020
Sunday, March 8, 2020
Module 07
Module 07
This week we learn about the vulnerability assessment process. The chapter goes into detail on how to develop a vulnerability management program and which tools to use. The vulnerability scanning its a critical part of any security program since it will reveal any system weaknesses and will allow us to properly asses the security risk.
This week I found interesting an article about corona virus spam campaigns. Corona virus is also spreading through phishing scams, please take a look at the following article showing some samples of corona virus scams.
This week we learn about the vulnerability assessment process. The chapter goes into detail on how to develop a vulnerability management program and which tools to use. The vulnerability scanning its a critical part of any security program since it will reveal any system weaknesses and will allow us to properly asses the security risk.
This week I found interesting an article about corona virus spam campaigns. Corona virus is also spreading through phishing scams, please take a look at the following article showing some samples of corona virus scams.
Sunday, March 1, 2020
Module 06
Module 6
In this module, we review the enumeration techniques and tools. The enumeration is the process of gathering the user and system information such as username, passwords, OS versions. The gathered information is used to find the vulnerabilities and weak points of the system. For example, Some outdated systems like Microsoft Server 2000 - 2003 allow the password hash extraction which then can be cracked, this can be a golden-mine for hackers or pen testers. With tools like Nessus, you can easily find default or weak passwords. A lot of administrators forget about built-in default accounts and passwords and if they are not disabled or changed this can be an easy gate to get in.
For this week article I chose the news about new ransomware type whihc avoids detection by using the safe mode to skip the endpoint protection. https://cyware.com/news/new-snatch-ransomware-variant-avoids-detection-using-safe-mode-08a512f7
In this module, we review the enumeration techniques and tools. The enumeration is the process of gathering the user and system information such as username, passwords, OS versions. The gathered information is used to find the vulnerabilities and weak points of the system. For example, Some outdated systems like Microsoft Server 2000 - 2003 allow the password hash extraction which then can be cracked, this can be a golden-mine for hackers or pen testers. With tools like Nessus, you can easily find default or weak passwords. A lot of administrators forget about built-in default accounts and passwords and if they are not disabled or changed this can be an easy gate to get in.
For this week article I chose the news about new ransomware type whihc avoids detection by using the safe mode to skip the endpoint protection. https://cyware.com/news/new-snatch-ransomware-variant-avoids-detection-using-safe-mode-08a512f7
Subscribe to:
Posts (Atom)