Social Engineering
Is everyone familiar with social engineering testing? It’s a test of the natural tendency of a person to trust another person’s word, rather than exploiting actual computer security holes. (more…)
Why We Need Ethical Hacking
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)
Scanning for Weak MS-SQL Passwords Using NMap and Medusa
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists (more…)
Vulnerability Scan vs. Penetration Test
If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)
Fun with Social Engineering
I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners. Social Engineering is a service offering of Halock Security Labs, and it’s probably one (more…)
Cyber Security Awareness Training – It’s the smart thing to do!
Cyber Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder. (more…)