security

Easy Pentesting: Metasploit's db_autopwn

Everyday, life gets easier for script kiddies. These days everything is pretty much automated. I came across the db_autopwn feature of the Metasploit Framework a few semesters ago and I think it's definitely something that security professionals should know about and administrators should use as a quick way to find holes in their network. Try it now before someone else on the Internet does.

Tags: 

Using a Wiki for Security Analysis

I took a class on the NSA INFOSEC Assessment Methodology. In this class it goes over a methodology for testing a company's security posture from a broad perspective. We're talking about top level down from physical security to following standard operating procedures to ensuring a company has all the proper policies in place. There are 18 main classes and categories that are looked over and more can be added if need be. I found it difficult to really coordinate all that information between a team.

Tags: 

Subscribe to RSS - security