• 03 May 2010

    Commercial WEP and WPA key recovery tools

    Ever find yourself needing a wireless network analyzer that's easy to use and doesn't cost an arm and a leg? Well, CommView for WiFi is a great option...It's a product I've talked about for years in both Hacking For Dummies and Hacking Wireless Networks For Dummies. A neat thing about CommView for WiFi are its relatively new WEP and WPA key recovery add-ons. Referred to as WEPKR and WPAKR, they're ...

    Continue Reading...
  • 30 Mar 2010

    A couple of neat things about WebInspect

    If you're into finding the Web security flaws that matter HP's WebInspect should be on your short list of prospective Web vulnerability scanners. Over the past six months WebInspect has repeatedly found a couple of items that I know I otherwise wouldn't have uncovered or been able to exploit to the extent I did.The first is SQL injection. WebInspect does a very good job finding the actual flawed inputs but ...

    Continue Reading...
  • 26 Mar 2010

    Great tool to check for weak Web passwords

    I've always been a fan of Acunetix Web Vulnerability Scanner. It's a lesser-known tool that packs a big punch. One of its most redeeming qualities is its password checking. As I mentioned in this post, Acunetix Web Vulnerability Scanner took what was going to be a basic assessment of an Outlook Web Access system with very few findings up many notches into a true penetration of the system...all thanks to ...

    Continue Reading...
  • 14 Feb 2010

    Great tool for seeking out sensitive info on your network

    One of the greatest risks in business today is the issue of unstructured information scattered about the network waiting to be misused and abused by rogue insiders and other outsiders that have gained "internal" access.Reality has shown us that we absolutely cannot protect what we don't acknowledge. The best way to minimize this risk is to search your network far and wide for PII and other sensitive business information you ...

    Continue Reading...
  • 07 Jan 2010

    My latest security content, Linux-style

    Hope your first week of the last decade of the new millennium is going well!Here's some more new information security content - focusing on Linux security this time around. Enjoy!Finding password weaknesses in your Linux systemsHardening Linux with Bastille UNIXUsing BackTrack to check for Linux vulnerabilitiesMany thanks to Leah Rosin with SearchEnterpriseLinux.com for getting me on board with these.You know the drill - as always, be sure to check out ...

    Continue Reading...
  • 03 Dec 2009

    Another file/folder security option

    One of the biggest vulnerabilities I come across in my security assessments is sensitive information scattered about unprotected drives/shares. Solutions to this dilemma include locating/classifying different information types, locking down shares and file permissions, and encrypting information on mobile devices. If the latter option interests you there's a new company I stumbled across called New Softwares.net that sells very reasonably-priced software that can help. I haven't tried it out yet ...

    Continue Reading...
  • 03 Nov 2009

    Good dictionary to use for password cracking

    Here's a pretty comprehensive password dictionary I recently came across that you may want to use in your security testing...there may be "friendlier" download link but I haven't searched for it.If time is a factor, this dictionary may be too big for its own good given the time it'd take to run through everything but at least you know you're using a good dictionary. After all, your dictionary-based password cracking ...

    Continue Reading...
  • 21 Oct 2009

    Metasploit as we knew it going bye bye?

    The day I never thought I'd see has come. Once HD Moore announced "Metasploit is hiring" I knew something was going on. Metasploit has been acquired by Rapid7...huh!? Too bad Qualys - maker of my favorite OS/network vulnerability scanner - missed this opportunity!According to the Rapid7 acquisition FAQ Metasploit will remain open source but with a commercial twist. I hope it only gets better...fingers crossed.Hey at least Capitalism prevailed...it's dying ...

    Continue Reading...
  • 13 Oct 2009

    Latest version of LANguard worth considering

    Have you seen the new - OK, it's not that new any more - version of LANguard (formerly LANguard Network Security Scanner)? It's certainly a tool worth checking out if you do vulnerability scanning.I've been using LANguard for years for share finding and authenticated scanning and it does both very well. The biggest change in the latest version is the user interface. I've never been a big fan and I'm ...

    Continue Reading...
  • 12 Oct 2009

    Cool tool for cracking/resetting SQL Server passwords

    Elcomsoft has a neat - and relatively new - tool called Advanced SQL Password Recovery I thought you may be able to benefit from. It can be used to change any SQL Server databases protected by a password included SQL Server 2000, 2005 and 2008. All you need is access to the master.mdf file. SQL Server optional.I was going to show a screenshot but there's not that much to show...you ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.