The open-source encryption software and successor to Truecrypt Veracrypt has been updated to v1.19 to address vulnerabilities discovered in a recently completed code audit. The update addresses all critical, medium and low-risk vulnerabilities and workarounds have been provided for those vulnerabilities not yet addressed. The audit was completed against Veracrypt v1.18 and was completed on […]
Category: /dev/random
Vulnerability Assessment or Penetration Test, which do I need (and why)?
When I meet people and tell them what we do (I usually lead with ‘Offensive Security’, that seems to be a real conversation starter), the conversation almost always ends up going something like “What is a vulnerability assessment, what is a penetration test, do I need one and, if so, which one do I need?” […]
Hacking a penetration tester
I just finished reading this article titled “Hacking a Penetration Tester” and made a few notes that I thought may be helpful to pass along. The basic premise of the article is that the author (Wesley McGrew) and his team were conducting a penetration test and found a Meterpreter shell that had been left behind […]
Hiding in plain sight, how attackers use your network against you
We’ve all seen the movies and television shows where ‘hackers’ use elaborate tools to break into networks and, once in, use more elaborate tools to move around undetected doing whatever they set out to do. It’s true, there are some pretty cool tools out there (a few noted below) but, as this article at Threatpost […]
DEF CON 24 Workshop Schedule Live
DEF CON 24 is now less than 2 months away and the schedules are starting to finalize. Below is a link to the DC24 workshops and I’ll try to post the other schedules (villages, skytalks, etc.) as I catch them. https://defcon.org/html/defcon-24/dc-24-workshops.html
Happy Memorial Day
Memorial Day is the day set aside each year for us to give thanks to the men and women who have given their lives defending the freedom and way of life that we enjoy as Americans. On behalf of a grateful nation, we thank you and are eternally grateful. Photo Credit
What is a blockchain? Hint, it’s not just for Bitcoin.
The blockchain’s current and first killer app is Bitcoin, the secure, anonymous digital currency or cryptocurrency. Cryptocurrencies like Bitcoin have gotten a lot of press lately because they are the defacto standard method that Ransomware accepts payment (because it’s secure and anonymous). Like Bitcoin though, the blockchain has a lot of uses outside of just […]
The beauty (and danger) of storing employee (or any) passwords
Backstory So, the basic story is this. Alice‘s company is hired by Bob to conduct a penetration test against Bob’s company. Bob is pretty sure that the network is secure but he’s hearing a lot of stories about how Mallory is wreaking havoc on law firms, medical facilities and even high end managed [technical] services […]
How to use Encryption in 15 minutes (with screenshots)
Encryption for Humans Real-world encryption in 15 minutes, with screenshots Abstract – the purpose of this article is to provide a quickstart guide for protecting sensitive data with strong encryption using the free, open source encryption software VeraCrypt. This is not an exhaustive guide and does not provide extensive details on what is happening. Instead, […]
FBI asking for help with new ransomware
The FBI is asking businesses and software security experts for emergency assistance in its investigation into a pernicious new type of “ransomware” virus used by hackers for extortion. “We need your help!” the Federal Bureau of Investigation said in a confidential “Flash” advisory that was dated March 25 and obtained by Reuters over the weekend. […]