Archive for the ‘Hacking’ Category

Invasion of the Mobile Phone Snatchers

Today I delivered the first of a trilogy of webcasts promoting my new course with the SANS Institute “Mobile Device Security and Ethical Hacking” (Security 575). In the presentation we look at the threat of lost or stolen mobile devices, examining how an attacker can use backup tools to extract data from mobile devices, bypass [...]

June 1, 2012   Posted in: Android, Apple, BlackBerry, Hacking, iPhone, Mobile, Penetration Testing, Windows Phone  No Comments

ISACA Review: Hacking Exposed Wireless 2nd Edition

A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website. If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting [...]

December 9, 2010   Posted in: 802.11, Bluetooth, Exploit, Hacking, Linux, OSX, Penetration Testing, Security, ZigBee  One Comment

Evading IPS/IDS with TCP Checksum Forgery

Judy Novak, one of my early mentors and good friends, has posted an excellent article at on manipulating IPS/IDS with TCP checksum forgeries. She also details the effect of this crafty manipulation to Snort with great examples you can use on your own IPS/IDS. Check out her article, and also check out the Scapy [...]

August 1, 2010   Posted in: Defending, Hacking  Comments Closed

Updated FreeRADIUS-WPE

Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it. Code is posted on the FreeRADIUS-WPE page. If [...]

May 18, 2010   Posted in: 802.11, Hacking  Comments Closed

Wireless Ethical Hacking Training at Home – Discount!

As the author and lead instructor for the SANS Ethical Hacking Wireless course, I teach at several conferences a year and at customer’s sites. Between September 2nd and November 18th, I’ll also be teaching the Ethical Hacking Wireless course through the SANS vLive program. Instead of 6 8-hour days of hardcore wireless security training, we [...]

July 11, 2009   Posted in: Hacking, Training  No Comments

SANS Introduces “Fuzzing for Bug Discovery”

A few minutes ago I submitted what is hopefully the last set of edits for a new day of training material I wrote titled “Fuzzing for Bug Discovery”. This hands-on day of material joins Steve Sims’ Developing Exploits for Penetration Testers and Security Researchers course. If you haven’t already checked out Steve’s course, I highly [...]

May 10, 2009   Posted in: Exploit, Fuzzing, Hacking, Training  No Comments

Pen Test Perfect Storm Trilogy Slides

Over the last several months I had the pleasure of working with Ed Skoudis and Kevin Johnson in presenting a trilogy of webcasts titled the Pen Test Perfect Storm where we talk about techniques to combine network, web app and wireless pen testing. By combining these components of classic pen-tests, we are able to more [...]

May 3, 2009   Posted in: 802.11, Exploit, Hacking, Penetration Testing, Security, Vista  No Comments

Why Zoher Anis Rocks My Inbox

If you haven’t met Zoher Anis at a SANS conference or other popular venue, please make an effort to do so as soon as possible. Zoher is one of the most awesome guys I know, and humbles me with his new presentation “Why Joshua Wright loves Windows Vista ? And why you should be glad [...]

April 11, 2009   Posted in: 802.11, Hacking, Penetration Testing, Security, Vista, Wireless  No Comments