SplunkLive! DC – 7/19 @ The Convention Center
Our friends at Splunk are pleased to announce that Registration is Now Open for SplunkLive! Washington, D.C. on July 19.
Author Archive for: kellepc
Entries by Kellep Charles
Installing ClamAV on CentOS 7
Referenced from Linux-Audit: To get ClamAV on CentOS installed, we have to use the EPEL repository (Extra Packages for Enterprise Linux). Fortunately, the Fedora project provides this with an easy installation. Unfortunately the default configuration is not properly working. In this post we collect some of the issues and required changes. Let’s start with installing […]
Burp to Brute Force a Login Page
Using Burp to Brute Force a Login Page Authentication lies at the heart of an application’s protection against unauthorized access. If an attacker is able to break an application’s authentication function then they may be able to own the entire application. The following tutorial demonstrates a technique to bypass authentication using a simulated login page […]
Accessing and Installing GSM Community Edition – OpenVAS
Version: 4.2.17 (includes OpenVAS-9) Download: https://dl.greenbone.net/download/VM/gsm_ce_4.2.17.iso (350 MByte) sha256sum: a4490e1c1d5b93c52b67eb533da8aa0ebe435551f89c8cea1619e6a772733a97 Compatibility: VirtualBox, ESXi, Hyper-V Minimum requirements: 2 CPU Cores, 2 GByte RAM The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is […]
Reset the admin password in OpenVAS
Try this: openvasmd –user=admin –new-password=new_password Or you can create a new administrative account with : openvasad -c add_user -u your_new_login_here -r Admin Then use this account to change the default admin’s password.
5 pen testing rules of engagement: What to consider while performing Penetration testing
Penetration testing and ethical hacking are proactive ways of testing web applications by performing attacks that are similar to a real attack that could occur on any given day. They are executed in a controlled way with the objective of finding as many security flaws as possible and to provide feedback on how to mitigate the risks posed by such flaws.
OWASP Top 10 Application Security Risks
The OWASP Top 10 focuses on identifying the most serious risks for a broad array of organizations. For each of these risks, we provide generic information about likelihood and technical impact using the following simple ratings scheme, which is based on the OWASP Risk Rating Methodology.
OpenVAS & Metasploit Integration – How to Use OpenVAS in Metasploit
Recently during an engagement, I was able to use OpenVAS in Metasploit to scan a host and conduct a test to see if the system was indeed exploitable. Here is how it was done below:
WordPress 4.9.7 Security and Maintenance Release
Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.
SummerCon 2018
Summercon is one of the oldest hacker conventions, and the longest-running such conference in America. It helped set a precedent for more modern “cons” such as H.O.P.E. and DEF CON, although it has remained smaller and more personal. SummerCon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, New York, Washington, D.C., Austin, Las Vegas, and Amsterdam.
