Author: Georgia Weidman

Back in August, my colleague Tim Donaworth posted about security threats in Android. Smartphone malware and smartphone botnets are buzz phases right now, but when speaking about my research in the field I am often asked, “Will this sort of attack actually happen outside of a lab?” The answer is not only will it, it already has, and is going on as we speak. Earlier this week Symantec blogged about a malicious Android application found carrying out the exact sort of attack Tim warned about in his post. In short, there was a legitimate application called Steamy Windows that fogged up your screen and asked for reasonable permissions when installed. There was also a malicious version of Steamy Windows that[…]

Back in 2007 a group of American hackers went to Germany and toured this esoteric place known as a hacker space. They liked what they saw and quickly founded the first hacker spaces in the United States. The goal was to set up collective spaces where curious types could come in and work on personal and group projects, often involving equipment that isn’t feasible to have in your living room. Cut to the end of 2010 and hacker spaces are established all over the globe, with the United States completely obscured by red balloons on the hacker spaces map. Since the beginning, hacker spaces has grown into a phenomenon in its own right. There are panels on hacker spaces at[…]

Recently I found myself playing red cell at Computer Sciences Corporation’s Cyber Defense Competition. By the time I heard about it, the competition was well underway, students were crying and vomiting all over the competition room (I exaggerate) and Meterpreter shells on every student network. I quickly ran into Tim Rosenberg from White Wolf Security and found some space at the red cell table for me and my Backtrack netbook. I spent the rest of the day harassing my former team from James Madison University, as well as 3 other school teams from the Virginia/D.C./Maryland area. Rarely as a pentester will you find a gig where the scope includes defacing websites with lolcats, chatting with employees through Nuclear RAT, and[…]

When did password cracking get so hard? Remember LM hash? Obsolete since Windows NT, until Windows Vista it was on by default for backward compatibility. Even back in the day an external hard drive easily had enough room for a full set of rainbow tables and generating them only took a few days at most, depending on your computer speed. That is to say, brute forcing was actually possible. Even your moderately security conscious types who actually paid attention to complexity rules could fall victim to a password attack if their account was on any machine with LM hashes turned on. Now it’s all NTLM hashes in the Windows world, and frankly brute forcing NTLM just isn’t feasible for your[…]

This past week at Defcon the social engineering capture the flag competition was hotter and more controversial than ever. Contestants were given their target company two weeks in advance for research purposes. During the actual competition contestants called employees at the target companies to gain sensitive information. The overall result: A big fat fail for the human element. As more companies begin to take security seriously budgeting for pen tests, equipment, etc. often the human element of security falls through the cracks. As shown at the Defcon competition, all the locks, both physical and network based, can’t stop an attacker if an employee ushers her through the door. The Social Engineering Competition was put on by Social-Engineer.org which is an[…]

Web application hacking is big business. Even the traditionalist network penetration testers are crossing over to the new security rock and roll scene. The average individual doesn’t know what DNS does, and if I said, “I knocked over the internet by attacking BGP,” at a cocktail party, guests would probably suspect I just said something vulgar. On the other hand, “You are a hacker? Can you get credit card numbers off websites?” is a common reaction from even the computer unsavvy. My answer, “Yes, most websites suck.” So how do you make your websites not suck? My colleague recently posted about OWASP’s ESAPI. Additionally, OWASP developed Webgoat, arguably the go-to training tool for web application hacking n00bs to cut their[…]