I wrote a function that writes packets to the wire. It takes the source IP, destination IP, and destination port. The fucntion, writePackets(), uses the libnet headers. On ArchLinux these can be installed with pacman -Sy libnet. I was inspired to write this because I am in the process of reading Hacking: The art of exploitation by Jon Erickson. It covers a lot of the basics of reading assembly as well as some often over looked programing flaws that lead to buffer overflows.

To crack a zip file password there are many tools out there. Since I'm primarily using Linux I went with a quick Google search and came across fcrackzip. This is a free program that allows for both dictionary and brute force cracking of zip file passwords. It is not difficult to use and offers a wide range of options.

Everyday, life gets easier for script kiddies. These days everything is pretty much automated. I came across the db_autopwn feature of the Metasploit Framework a few semesters ago and I think it's definitely something that security professionals should know about and administrators should use as a quick way to find holes in their network. Try it now before someone else on the Internet does.

Here I show how to setup a secure SSH server that could be used for SFTP. It limits the users to what they can do and what commands they have access to. Could even be configured as a way to allow ssh tunneling for your friends/family who don't have the ability to do this themselves. The chroot jail stops the users from getting access to anywhere else on the system and keeps you from worrying about users messing around with key system components.

When setting up an Apache server on a Debian host, you should tweak a few things to prevent malicious users from breaking into your system. Here I discuss my takes on what steps to take to reach this goal.

I took a class on the NSA INFOSEC Assessment Methodology. In this class it goes over a methodology for testing a company's security posture from a broad perspective. We're talking about top level down from physical security to following standard operating procedures to ensuring a company has all the proper policies in place. There are 18 main classes and categories that are looked over and more can be added if need be. I found it difficult to really coordinate all that information between a team.

So your company's network has been breached. What are you going to do to prevent such an attack in the future? Here I go over specifics of what I would do to protect a network from future attacks and how I think a network should be laid out to begin with.

Caller ID is often thought of as the ultimate way to see who is calling you. People use it to screen calls all the time. When you're able to spoof that number to whatever you would like you can easily defeat human nature of screening out calls from people they don't want to talk to. Besides being able to get in touch with those ignoring your calls it can be an attackers best friend. He or she can simply spoof your bank's number and social engineer you into giving out valuable information. The way people rely on caller ID it is unlikely the victim will realize what has happened until it is far too late.

Using VBScript and netcat it is quite simple to create a basic backdoor into a users system with the priviledges of the user that ran the script. It's a very basic concept and all it does it download the netcat program (nc.exe) from a trusted website into the users c:\windows\system32 folder. What this does is allow you to run netcat from the command line without dealing with the full location of nc.exe. Once the file is in the system32 folder it can simple be run from any command prompt.