REGISTER FOR OUR LIVE WEBINAR “LINUX ATTACK AND DEFENSE.EPISODE 9: SNEAKERS” AUG 29  12 PM PDT / 3 PM EDT

InGuardians Labs

Protecting the Mr Robot Vuln Hub Machine – Part 2 – Confining WordPress with AppArmor

Protecting the Mr Robot Vuln Hub Machine – Part 2 – Confining WordPress with AppArmor

This blog post, focusing on attack and defense using AppArmor, continues to walk you through an attack on a Linux-based capture-the-flag (CTF)-style system and then shows you how you could defend it without stripping out the vulnerabilities. We escalate privilege to capture more flags, then use AppArmor to break our attack. This is the sequel to Protecting the Mr Robot Vuln Hub Machine – Part 1 – Breaking a Password Spray with OSSEC Active Response.

read more
Protecting the Mr Robot Vuln Hub Machine – Part 1 – Breaking a Password Spray with OSSEC Active Response

Protecting the Mr Robot Vuln Hub Machine – Part 1 – Breaking a Password Spray with OSSEC Active Response

This blog post walks you through an attack on a Linux-based capture-the-flag (CTF)-style system and then shows you how you could defend it without stripping out the vulnerabilities. We use OSSEC to detect a password spray in progress and automatically break it. In the next in this series, we’ll use escalate privilege to capture more flags, then AppArmor to break our attack.

read more
Make your Tastic Fan-Tastic

Make your Tastic Fan-Tastic

Here at InGuardians, we are huge fans of the Tastic HiD card long-range reader. Designed and implemented by Bishop Fox, this long-range RFID reader allows us to silently and stealthily acquire sensitive data from things like employee badges, and has become a huge...

read more
Radio Communication Analysis using RfCat

Radio Communication Analysis using RfCat

Original Post Author: Don C. Weber [Twitter: @cutaway] Original Date Published: 15 Oct 2013 Many people think RfCat is a very cool concept. The thought of monitoring and interacting with sub-gigahertz radio is very sexy. Hell, it IS sexy. Then people get an IM-ME, a...

read more
The Ultimate Arduino GPS Clock (UAGC) – Part 1

The Ultimate Arduino GPS Clock (UAGC) – Part 1

Original Post Author: Tom Liston [Twitter: @tliston] Original Date Published: 11 June 2013 Doing a Google search for "arduino GPS clock" turns up more than a few other projects that use the time information found within the NMEA data provided by a GPS signal to...

read more
Somebody Is Securing Samsung Wireless Network Extenders

Somebody Is Securing Samsung Wireless Network Extenders

Original Post Author: Don C. Weber [Twitter: @cutaway] Original Date Published: 03 June 2013 Black Hat USA 2013 will include a presentation by Tom Ritter and Doug DePerry titled: "I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a...

read more

What Was The Name Of That Storm?

Original Post Author: Don C. Weber [Twitter: @cutaway] Original Date Published: 25 April 2013 Mike Poor (@Mike_Poor) noticed Stephen Northcutt's blog post about phone spear-phishing. This reminded him of an email that I sent to the Senior Security Analysts here at...

read more
Memory Acquisition from FBGA Components

Memory Acquisition from FBGA Components

Original Post Author: Don C. Weber [Twitter: @cutaway] Original Date Published: 08 April 2013 Accessing memory from embedded devices can be accomplished multiple ways. The easiest methods include using debugging ports or tapping the exposed pins of a Thin...

read more

Penetration Testing Considerations

Original Post Author: Don C. Weber [Twitter: @cutaway] Original Date Published: 28 March 2013 John Sawyer pointed me to a blog post Getting the most out of your pentesting by Wendy Nather of 451 Security. I would like to provide a little bit more context in the hopes...

read more
GRC Transmission Analysis: Getting To the Bytes

GRC Transmission Analysis: Getting To the Bytes

Post Author: Don C. Weber [Twitter: @cutaway] Date Published: 15 May 2014 I have not picked up my HackRF Jawbreaker in a while (Figure 0x0). Family and billable work trump side projects. Lucky for me Tom Liston and I started teaching the Assessing and Exploiting...

read more

@InGuardians

LIVE WEBINAR AUG 29 12 PM PDT / 3 PM EDT #Linux Attack And Defense Episode 9: Sneakers w/ @jaybeale Register: attendee.gotowebinar.com/regi… pic.twitter.com/5d4wI7mcZs

About 5 hours ago from InGuardians™'s Twitter via Twitter Web App

Categories