LokiSec.com

Google Hacking

by on Apr.15, 2012, under Security Tools, Website Defense

Google Dorks are advanced search parameters that you can use with Google’s search engine to narrow down a search.  Google Hacking is the art of using Google Dorks to find specific information on Google’s databases.  For example finding a known vulnerable version of a web application.  (continue reading…)

Leave a Comment :, , , , , , , , , , , , , more...

Backtrack 5 r2 has been released!

by on Mar.01, 2012, under Security, Security Tools

Just in case you missed it Backtrack 5 r2 has been released with a ton of new tools including Reaver, Pyrit, and Pipal.  The distribution also includes huge improvements to existing tools including Metasploit, Armitage, BeEF, and SET.  The new distribution can be found on the Backtrack website.

Leave a Comment :, , , , , , , more...

Going Phishing with the Social Engineering Toolkit

by on Jan.17, 2012, under Security Tools

Social Engineering Toolkit (SET) is a social engineering pen testing framework created by Dave (ReL1K) Kennedy.  SET contains numerous tools to help pen testers test the human element during a security engagement. (continue reading…)

2 Comments :, , , , , , , , , more...

What to do after your *nix web server has been compromised

by on Dec.17, 2011, under Website Defense

I thought it would be nice to write about what you should do when your *nix server is compromised.  The idea came from a conversation that was sparked on the Full Disclosure List. (continue reading…)

Leave a Comment :, , , , , , , , , , , , , , more...

Using Rel1K’s Artillery To Protect Your Server

by on Oct.26, 2011, under Website Defense

If you are looking for a way to secure your linux server from some of the most common attacks being carried out today against linux servers then look no further then Rel1K’s Artillery program. Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. (continue reading…)

Leave a Comment :, , , , , , , , , , , , more...

How to perform a SQL Injection Attack

by on Sep.26, 2011, under Security, Website Defense

SQL Injection (SQLi) is an attack vector that is extremely easy to carry out.  Most of the breaches you see today are perpetrated this way yielding huge payloads of data.  Understanding this attack will help you defend against this type of attack. (continue reading…)

Leave a Comment :, , , , , , , , , , , more...

Cracking the wireless network using aircrack-ng

by on Aug.12, 2011, under Security Tools

Aircrack-ng is a suite of programs that allow for auditing of IEEE 802.11 networks.  Below I will go over using the Aircrack-ng suit in Backtrack 5 to capture and crack WEP and WPA. (continue reading…)

Leave a Comment :, , , , , , , , , , more...

Deter unwanted scanners/crawlers using Weblabyrinth

by on Jun.30, 2011, under Website Defense

Weblabyrinth is a dynamic maze of web pages written in PHP.  The main goal of Weblabyrinth is to delay and occupy malicious web scanners to give incident handlers time to investigate and respond to threats.  Weblabyrinth is designed to show a 404 error to legitimate web crawlers based on the crawlers user-agent.  Here is how you install and configure Weblabyrinth.  (continue reading…)

Leave a Comment :, , , , , , , more...

Audit your site using w3af

by on Jun.17, 2011, under Security Tools

Maintaining a website can be a large task.  On the security side of the day to day tasks for the site you usually patch the web server and check the logs for potential issues.  There are many automated tools that are out there scanning the internet for vulnerable web servers to compromise.  Typically a compromised web server is turned into a spam serving server.  What about your web application that you use to serve your content?  Can you trust that it does not allow the attacker access to your web server?  This is where w3af comes in.  w3af attempts to find vulnerabilities in your web application using known attack methods. (continue reading…)

Leave a Comment :, , , , , , , , , , , more...

Using Armitage, An attack management tool for Metasploit

by on May.16, 2011, under Security Tools

Armitage is a great attack management tool for Metasploit.  Armitage shows a graphical representation of your attack as you are putting it in motion.  Armitage also allows for Red Teaming by allowing your team a way to collaborate an attack in the same Metasploit session. (continue reading…)

Leave a Comment :, , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...