Entries by SecurityOrb_Staff

Kevin Mitnick & Dave Kennedy – Adaptive Penetration Testing Derbycon 2011

Penetration Testing is something that has many different meaning depending on the context used by the person. The Penetration Testing Execution Standard (PTES) is aimed to change that. In this talk we’ll be covering adaptive penetration testing which essentially is the ability to conform and change based on the environment that your attacking. We’ll be covering several live examples used in real-world penetration tests, how we discovered some clever tricks to circumvent security controls, and eventually be creative and gain unauthorized access.

JS.Alescurf Trojan

Systems Affected:

Windows 98, Windows 95, Windows XP, Solaris, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Linux, Windows 2000

JS.Alescurf is a detection for malicious code that can be injected in to vulnerable Internet Web pages.

ROUTERPWN: A Mobile Router Exploitation Framework Demonstrated at ShmooCon 2012

Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection.

A List of Top WordPress Security Plugins by EUKHOST.com

The ratio of websites running on CMS’s can be assumed to be more than the custom designed sites built from scratch. Quite understandably, there are more number of users using WordPress than any other CMS, hence it becomes crucial to have enhanced security measures for your site. Due to a large volume of users using WordPress as a platform, an increasing number of hackers and fraudsters try to compromise the security of such sites. In majority of the instances sites running on WordPress are compromised due to outdated files and/or plug-ins. Such outdated versions of the associated scripts act as an easy meal for fraudsters.