CISCO Dropped the ball as Default SSH Key Found in Many Cisco Security Appliances

Well, Cisco certainly dropped the ball on this one, several Cisco security appliances contain a default SSH Key that is authorized allowing an attacker to connect to an appliance and execute arbitrary commands. Cisco reports that the Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the… Read More »

Penetration Testing USB KeyGhost Keylogger UNDETECTABLE Hardware – Alternative to KeyGrabber

is this legal? You have to make it legal, using the Penetration Testing contracts provided just need to add a clause that allows you to use social engineering tactics that include keylogging devices, USB sticks and other peripheral devices as part of the test. Almost always I am permitted to do so because it proves… Read More »

Anatomy of Exploit Kits – Preliminary Analysis of Exploit Kits as Software Artefacts – By Vadim Kotov and Fabio Massacci

Anatomy of Exploit Kits Preliminary Analysis of Exploit Kits as Software Artefacts Vadim Kotov and Fabio Massacci DISI – University of Trento, Italy surname@disi.unitn.it Abstract. In this paper we report a preliminary analysis of the source code of over 30 different exploit kits which are the main tool behind driveby-download attacks. The analysis shows that… Read More »