As a password cracker, I not only know the importance of having a large .pot file, I have quite a large .pot file which has been accumulated over quite some time cracking passwords. Recently I noticed my password cracker taking forever to load up. This article will describe the process I used to not only speed up start up but also the way I’m currently managing my .pot file.
HackTalk Security has partnered with PenTestMag.com to bring you this contest which will get 3 lucky HackTalkers a copy of The Best Of Pentest ( http://pentestmag.com/the-best-of-pentest-012012/ ), over 200 pages of juicy hacking goodness. To enter this contest head on over to the forum: http://hacktalk.net/news-5/%28contest%29win-a-copy-of-the-best-of-pentest-magazine/
I get a lot of questions pertaining to my job as a security consultant as well as the common things I experience as a security consultant. More often than not I’ll talk about (read: complain) the different trials and tribulations attached with being a security consultant before even hitting the client’s site. This guide is [...]
Alex over at Question-Defense posted an article in March about stopping WordPress User Enumeration. It turns out that in reality, he not only wanted a more formal patch for this vulnerability but I also knew of another user enumeration vulnerability in WordPress. After hanging out for a bit at Blackhat he and I decided to plop down and come up with a formal patch to address these vulnerabilities. If you want to read the full article on this post check out: Block WordPress User Enumeration, Secure WordPress Against Hacking Grab the patch after the fold:
Responsible disclosure is something I firmly believe in and I think it’s something all security researchers should practice. Recently I contacted T-Mobile about multiple vulnerabilities in their website and I’d like to talk about my experience with them to show that not only does responsible disclosure work, it is highly effective.
This is the Official podcast for HackTalk.net. In Episode 0×01 we will be discussing why the podcast was formed along with some Do’s and Don’ts of con, why security awareness programs suck, how to protect yourself against getting your DB posted to pastebin and ensuring your user’s credentials are safe even if they do get posted online, a really cool technique for persistence using WMIs and talk about some tips on secure password storage.