Jul 052012
 

JtR 1.7.9 with Jumbo 6 now offers GPU support for computationally intensive (slow-hash) password encryptions like WPA-PSK.  This POST will detail compiling JtR with OpenCL support.  I have an really old ATI Radeon HD card but it works with OpenCL so here goes.  This compile works for Ubuntu LTS 12.04 and 10.04.  You should read the doc file README.opencl for notes for more info on how to compile JtR with OpenCL support.

Continue reading »

Sep 192011
 

I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.

Mar 302011
 

I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.

Update:  The latest version is now v4 on Ubuntu 11.4 Natty Narhwal.

Feb 242011
 

I put together a Technical Assessment Plan that can be used to conduct external fingerprinting using the tools and utilities that a penetration tester would use.  The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a work-paper process.  The plan provides helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement.  The Technical Assessment Plans that I have created can be found here.

Aug 312010
 

A question was raised today during a presentation about what utilities you can use without installing them. There are engagements that the auditor is not allowed to use their own laptop and must use a laptop provided by the auditee. This severely limits how effective an engagement can be but it is not impossible to obtain the information you need when you connect to the auditee’s network. I’ve made changes to the Security Tools page to highlight which tools are stand-alone and do not require installation.  Also for reference see Penetration Testing Ninjitsu which I pulled from a Core Security webcast.

Mar 102010
 

I’ve created an updated configuration tutorial for setting up your Linux laptop to conduct system and network audits.  This version details how to get everything up and running on the latest Ubuntu currently at version 10.04 LTS (Lucid Lynx).  See the Configuration Tutorials to download the latest pdf document (currently at version 3).