Vulnerability Management

Why We Need Ethical Hacking

There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)

Scanning for Weak MS-SQL Passwords Using NMap and Medusa

Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists (more…)

Fun with Social Engineering

Social Engineering Reasonable Risk

I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners.  Social Engineering is a service offering of Halock Security Labs, and it’s probably one (more…)

Go to Top