Category Archives: News
News
The Oh-My-God particle
How-To: FAMP Stack + Mod Security on FreeBSD 10.2
Thanks to user Arul, we can get a FAMP stack set up on FreeBSD 10.2, along with Mod Security. + FAMP Stack or FreeBSD with Apache, MariaDB and PHP is a group of opensource software to run application based on php to your browser. FAMP similiar with LAMP (Linux Apache MAriaDB/MySQL […]
The post How-To: FAMP Stack + Mod Security on FreeBSD 10.2 appeared first on FreeBSDNews.com.
How does a relational database work?
Mainframes connected to the Internet
Answers on how to get started in Security
I got hit up on twitter and email about how to get started in security by someone. The question was pretty generic and since I didn't even receive a thanks back from the guy I'm sharing it with everyone else/archiving it in case I'm asked again in the future.
The question:
I want to become proficient at pentesting on computers and phones. I have a running version of Kali Linux on my computer and am using the "Kali Linux Cookbook" as a reference. What book or online tutorials would you recommend for me to use in order to get better?
A few things I think you should do to get started.
1. Get rid of Kali. It is a shortcut to learning to have all these tools already there. You'll learn way more by figuring out what tool you need for a job/task (feel free to use the index of tools in Kali which is readily available) and installing the tool yourself. Ubuntu is the most supported hacker tool wise but there are other distros. Pick whatever suits you. Use a VM so you can undo stuff if you break your distro but that's pretty rare these days. Most things apt-get install or compile from source on ubuntu without issues.
2. You are in luck these days as there are tons and tons of resources available to learn infosec.
-Books I'd start with ( buy or torrent depending on ability)
- The latest Hacking Exposed book. The methodology it teaches is still relevant today and its a 10,000 ft view of different hacking areas
- Pick a basics of pentesting book (or a few) to start with I've stopped reading the basics books but any of them should wet your appetite.
Some examples (more netsec):
- Penetration Testing: A Hands-On Introduction to Hacking – by Georgia Weidman
- The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy –by Patrick Engebretson
- The Hacker Playbook - By Peter Kim (decent but more of an outline vs teaching)
- Metasploit: The Penetration Tester's Guide - by David Kennedy and Jim O'Gorman
Some examples (webappsec)
- Web Application Security, A Beginner's Guide - by Bryan Sullivan and Vincent Liu (read this, its decent)
- Hacking Exposed Web Applications (current version)
- Web Application Hackers Handbook (more advanced)
Some examples (social engineering)
- Social Engineering: The Art of Human Hacking
- Kevin Mitnicks books
- Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense -by Gavin Watson and Andrew Mason
Some examples (Physsec/redteam)
- Unauthorised Access: Physical Penetration Testing For IT Security Teams - by Wil Allsopp and Kevin Mitnick
- Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide - by Deviant Ollam
Lots more here, the list is a bit dated i'll try to update it this week but it IS sorted by category
http://astore.amazon.com/carnal0wnage-20
Exploit dev
- Tons and tons of books/resources. Unless you are really really interested in writing exploits I wouldn't start here. Understanding the above will give you more opportunities for jobs in the business, writing exploits and automating tasks will come naturally as you progress
3. Pick a scripting language to work on
- python is probably most supported/popular
- ruby is what metasploit is written in, so there is value in learning that
- javascipt/node.js will be useful going forward as well
4. Online CTFs
- Pretty good list here: http://captf.com/practice-ctf/
- Vulnhub for downloadable images to try https://www.vulnhub.com/
- Search for downloadable vulnerable images to hack against herot, metasploitable, owasp broken apps
5. Training
Lots out there, plenty is torrentable or pay for it if you feel like it/can (you should if you can afford it -- those people work hard on it). With the amount of resources you should be able to learn the basics without paying a dime and seek out mentors or ask questions over email/twitter for topics you are stuck on.
Second Question:
Also, what steps did you initially take to become proficient at computer security?
-I was a computer science major in college so I came out knowing some of the basics. My job in the military was communications and I ended up doing a lot of layer 2/layer 3 stuff along with MCSE type tasks. Its going to be important for you to learn, if you don't already know, A+ type material and Network+/basic CCNA type materials. Hacking is all about exploiting the mistakes someone made setting things up, abusing protocols, but a lot of finding/identifying/exploiting misconfigurations. This is a lot easier if you understand how to do these basic configurations.
Aside from that, start practicing, reading blogs/twitter, watching talks that interest you. I'd start with a basic ones but also stuff advanced/over your head. Getting your mind blown occasionally helps let you know there really is no limit to the stuff you can do, what you can learn, etc. http://www.securitytube.net/ has pretty much everything and more content than you will ever be able to consume plus lots of free courses.
That's what I have for starters as you asked a pretty generic question, so hope that helps
Chris
TrueCrypt Security Audit Completed
The security audit of the TrueCrypt code has been completed (see here for the first phase of the audit), and the results are good. Some issues were found, but nothing major.
From Matthew Green, who is leading the project:
The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.
That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.
Nothing that would make me not use the program, though.
Slashdot thread.
Cool, but obscure unix tools
Get Prepared: 122 Of The Best Prepper Websites On The Internet
Getting prepared for the chaos that is coming to America in the years ahead is not that complicated. Help is out there – if you know where to look. And it doesn’t have to be expensive either. In this article, I have put together a list of 122 of the best prepper websites on the Internet that will teach you how to prep for free. The great thing about the prepper community is that there are always highly skilled people that are willing to freely share their knowledge and experience with the general public. As the publisher of The Economic Collapse Blog, I am constantly being asked about what people need to do in order to get prepared for the hard times that are coming to this country. And when I am asked, I do my best to encourage people to build up their emergency funds, to store food and supplies, to put together bug out bags and to do everything that they can to become more independent of the system. But sometimes people need a lot more than that. Sometimes people need to have someone give them some real hands on practical advice about things like canning food or setting up home defense systems. So in this article my goal is to connect you with some of the top experts from all over the nation for free. I think that this list is going to be a great resource for people that they can reference again and again, so don’t forget to bookmark it.
And sadly, the truth of the matter is that most Americans are not prepared for much of anything at this point. The following statistics come from a survey conducted by the Adelphi Center for Health Innovation. As you can see, a substantial portion of the population is not even prepared for a basic emergency that would last for just a few days…
- 44 percent don’t have first-aid kits
- 48 percent lack emergency supplies
- 53 percent do not have a minimum three-day supply of nonperishable food and water at home
- 55 percent believe local authorities will come to their rescue if disaster strikes
- 52 percent have not designated a family meeting place if they are separated during an emergency
- 42 percent do not know the phone numbers of all of their immediate family members
- 21 percent don’t know if their workplace has an emergency preparedness plan
- 37 percent do not have a list of the drugs they are taking
- 52 percent do not have copies of health insurance documents
So needless to say, there is a great need to educate the general population about preparedness.
Before we get to the list, I want to explain a few things about it.
First of all, this is a list of sites that offer practical advice about prepping. So I kept most websites that focus on the news off of it. Perhaps in the future I will do a list of my favorite alternative news websites. Some of my favorites include Infowars, Zero Hedge, WND, SteveQuayle.com, TruNews, and Raiders News Update.
I have also not included my websites The Economic Collapse Blog, End Of The American Dream and The Most Important News.
In addition, I have only included websites that offer information for free. There are a lot of great companies out there that sell some really cool survival supplies, but the goal of this list is to help people find useful information that they can access without cost.
Finally, I want to make it clear that these websites are listed in no particular order. Some of the best known prepper websites are toward the front of the list, and some of the newer ones are toward the end, but I do not want anyone to get offended if they are not as “high on the list” as they think they should be. In this list, I have not attempted to assign a value to each site. All of these sites have excellent information, and in fact some of the ones toward the end have some of the best hands on practical advice.
With that being said, the following are 122 of the best prepper websites on the Internet…
3. SHTFPlan.com
6. Natural News
18. Prepper Website
19. AllOutdoor.com
20. Doom And Bloom
22. SHTFblog.com
25. Home Ready Home
26. Survival Cache
29. Rural Revolution
33. Prep-Blog.com
34. Mom Prepares
37. TEOTWAWKI Blog
39. Ask A Prepper
44. Prepography
45. Survival Life
47. SHTF School
50. Expert Prepper
51. Maximum Survival
52. Survivor Jane
54. LastOneAlive
55. SGTReport
57. SHTF Wiki
59. Prepper Forums
61. Ready Nutrition
65. Ed That Matters
68. Mom With A Prep
69. Survival At Home
70. Patriot Rising
73. Survival Sherpa
74. Prepper Recon
81. The Daily Prep
85. Mama Kautz
86. Happy Preppers
87. Tin Hat Ranch
88. Living Prepared
90. Resilience
93. Survive Hive
95. Omega Tactical And Survival
96. Freedom Preppers
99. Survivopedia
101. Practical Tactical
102. SHTF Dad
103. Prepper Ideas
104. Geek Prepper
105. The Poor Man’s Survival Blog
106. Prepper Chimp
107. FloridaHillbilly.com
108. Survival Prepper Joe
111. Code Green Prep
112. Preppers Survive
113. Stealth Survival
114. Totally Ready
115. Preparedness Pro
116. The 7 P’s Blog
117. Preparing With Dave
118. Disaster Mom
119. Destiny Survival
120. Underground Medic
122. Vigil Prudence
So what do you think?
Are there any other great prepper websites or blogs that were left off of this list?
Are there some sites on the list that you feel should not have made it?
Please feel free to share your thoughts by posting a comment below…
Top Spymaster Explains How Russian Intelligence Sees the US
If the catastrophe in Ukraine had not happened some other grounds would have been found to step up the policy of “containment” of our country. Washington forestalled the emergence in Western Europe of an autonomous grouping of states that could have competed with the United States. It should be recalled that the territory of the United States itself, which essentially established unilateral military control over the allies, is not included in NATO’s zone of responsibility.