Infrastructure
Our Enterprise Infrastructure Hacking Course
Here at Orange Cyberdefense, clients often ask us to test and help secure their infrastructure. We do this a lot. We test clients, we test ourselves, and we set up labs to test new ideas and tools. We’ve become quite good at this, if we say so ourselves, and would love to share some of the lessons we’ve learned along the way with anyone that would be interested. That’s what…
Where SensePost meets the real world
SensePost Training at Blackhat USA What is SensePost infrastructure training about and what does it give you as a novice pentester? What does it give you as a pentester looking to move into infrastructure hacking? Training at SensePost focuses on learning the Trade and not just the trick, thus our focus is on your testing methodology rather than simply showing you some cool tools. And what is this methodology you may ask,…
Something about sudo, Kingcope and re-inventing the wheel
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was trivial since they are all imaged. Anyhoo – long story short, we have a user which is allowed to make use of sudo for a few commands, such as reboot and service. I immediately thought it would be nice to turn this into a local root somehow. Service seemed promising…
EDoS is the new DDoS ?
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go along with them can actually pose a very nasty risk to those who use the cloud to provide service” Of course, this has kicked off the flurry of responses from “How is this different to soaking up…
Dont look now, but it seems they broke the Interwebs again..
Those pesky hackers! Alex Sotirov (of heap feng shui fame, famous for breaking everything from Vista, to web browsers, to facebook) and Jacob Applebaum (of cold-boot attack fame, and more importantly of “knuth is my homeboy” fame) will be talking in a few hours at the 25c3 conference in Germany and by all accounts its going to be an “Internet Breaker”. There is a fair bit of speculation on the…
Amazon SimpleDB – Outsource your database??
Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch.. Essentially amazon are giving the power of a database to people used to excel and simple queries, backed by their massively optimised infrastructure. It will make popping up a web shop even more trivial than it has been in the past, and i guess continues along the growing trend of allowing…
Page 1 of 1