BackTrack Reborn – Kali Linux

It’s been 7 years since we released our first version of BackTrack Linux, and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version”. It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all these new goals without a massive restructure, so, we massively restructured and “Kali” was born. We’ve also posted a Kali Linux teaser on the BackTrack Linux site – and that’s all we’ll say for now…

Read More

Advanced Teensy Penetration Testing Payloads

In one of our recent engagements, we had the opportunity to test the physical security of an organization. This assessment presented an excellent scenario for a USB HID attack, where an attacker would stealthily sneak into a server room, and connect a malicious USB device to a server with logged on console, thus compromising it. From here, the “Peensy” (Penetration Testing Teensy?) was born.

Read More

Evocam Remote Buffer Overflow on OSX

This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.

Read More

BackTrack 4 Release 1 (R1 Dev)

The release of BackTrack 4 unleashed a whirlwind of over 1 million downloads. Information Security specialists and Penetration Testers from all over the world showing their support and love for the product that has become the #1 Penetration Testing Distribution.

Read More

How to choose your Information Security Training

In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information Security Training arena, where standards and qualifications are weakly defined. So how can you make sure you’re getting your money’s worth ?

Welcome to our “10 questions you should be asking your Information Security Training Provider“.

… Read more »

Read More