what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, September 28, 2009

Malicious documents and their attempts to attacks

Recently been doing ongoing research on using malware when pentesting. A lot of Banks and networks are still vulnerable to these attacks and they still dont know it. Its very important for any pentester who is already in an engagement with such a client, to find such holes before the unethical do it.

So, most of the documents downloaded or attached in an email e.g PDFs, DOCs, PPTs, etc that is infected will have a shellcode, that will do the following: Will have a trojan downloaded from a rogue webserver somewhere in the internet. Then it will write the executable in your system32 folder, and execute the file.

This attack will only work if the user is a local administrator, or has administration privileges to write to system32, and this where you will find none of the windows workstation will work without the admin user.

There are several ways to secure this, that i may have to specify in the next blog entry. Keep tuned.


Tuesday, September 22, 2009

MetaSploit Unleashed


For those who haven't heard, the Metasploit course has been released and for you to get the full course, u need to visit offensive security site for more details. The public course material can be found here, http://www.offensive-security.com/metasploit-unleashed


Wednesday, September 09, 2009

SecureICT day two

Second day at secureICT.

SecureICT day one

Hi guys, This is how day one was at SecureICT