Subscribe to the MasterMind Blog RSS Feed


MAC Spoofing

Ethernet cards have a special number, called a MAC address, that is used whenever it talks on the network. This MAC address is how the interface identifies packets intended for itself. Each packet transmitted on the network has a source MAC address and a destination MAC address. MAC, for inquiring minds, stands for 'Media Access Control'.

Whenever the network interface receives a packet, it checks the destination MAC address specified in the packet against its own address to ...

Web Hacker Boot Camp
by Gerald Quakenbush
ISBN: 097684071X, 236 pages, $39.95

Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.

This book is a self-paced training guide that will help security professionals and ...

StealthVNC is a slightly modified version of the popular VNC tool. It is far from a bona-fide root kit, and it really does need some work, but it is a handy tool for pentesters. But beware I used an older version of the source and at least one of the mods introduces some vulnerabilities; so use it with caution.

Here are the essential changes made:

  • Installation was made easier - you don't need to push registry ...

I originally wrote MasterBugs as a proof-of-concept program. For a few years, it was buried deep on my hard drive until one day I needed a program whereby I could demonstrate various application-layer security flaws. After some updating to add flaws to MasterBugs, it served the purpose. I continue to add flaws to the program.

This software is composed of legacy ASP scripts (VBscript), client-side javascripts and a Microsoft SQL Server database - and it is riddled with security flaws.

...

Hacker's often penetrate poorly protected systems and turn them into zombies. These zombie computers can then be utilized as relay or proxy systems to aid the hacker in obfuscating his or her tracks. Or they might be used in distributed denial of service attacks.

ZombieVM is a Virtual Machine for VMWare. It works with the recently released VMPlayer, VMWare Server Beta and should work fine with VMWare Workstation. This VM has Gentoo Linux, Apache and Perl installed. Additionally, it has ...