Why We Need Ethical Hacking
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)
Scanning for Weak MS-SQL Passwords Using NMap and Medusa
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists (more…)
Vulnerability Scan vs. Penetration Test
If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)
Fun with Social Engineering
I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners. Social Engineering is a service offering of Halock Security Labs, and it’s probably one of (more…)
PCI DSS 11.2 and 11.3
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about their (more…)
