-
26 Jan 2009A primer on WEP/WPA hacks & why it doesn’t matter
If you can't justify spending $18.99 on the book I co-authored Hacking Wireless Networks For Dummies, then there's an alternative resource for you to at least be able learn about how WEP and WPA can be exploited. In this recent SearchNetworking.com tip, Lisa Phifer has taken the volumes and volumes of technical jabber about the known attacks against WEP and WPA and distilled them into a simple 5 minute read. ...
Continue Reading... -
26 Jan 2009
Looking for some software to exploit?
If you're learning the ins and outs of Metasploit (one of the most underrated and underused tools in our field) but don't have the software to exploit in a test environment, check out www.securinfos.info/old-softwares-vulnerable.php. Also don't forget about any old copies of Windows, etc. CDs you have lying around....Just load them up on a test machine, VMWare image, or similar and off you go. I can't imagine a more cost-effective ...
Continue Reading... -
17 Dec 2008
What, employees exploiting the new Windows flaw???
I've been talking about (and exploiting in my internal security assessments) this very thing for a long time and it's finally reaching the "mainstream media". Never ever underestimate the intentions of rogue insiders to exploit a Windows flaw like this.It's not just this Windows exploit....It's a whole slew of them. And Metasploit's cheap and very easy to use....
Continue Reading... -
12 Nov 2008
Excellent resource for hacking goodies
Check out Adrian Crenshaw's site: www.irongeek.com. It's chock full of good insight on some hard-to-find hacking tricks. Good video demos as well.I had the pleasure of meeting Adrian when I keynoted the Louisville ISSA conference last month. Very nice and knowledgeable guy....
Continue Reading... -
28 Oct 2008
My latest security content
Here are two articles I wrote for SearchEnterpriseDesktop.com:Enhancing patch management with NAPUnauthenticated vs. authenticated security testing Here's an article I wrote for SearchSQLServer.com:New security features in SQL Server 2008 leave some work for you...and finally a podcast I just recorded for SearchEnterpriseDesktop.com:Security Policies for Windows SystemsBe sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, screencasts and more....
Continue Reading... -
21 Oct 2008
Google’s now in the security assessment business
It's focused, and targeted, and limited but maybe Google's new service is just what we need to find out where we're weak on the Web??Ha! If it were only that easy....
Continue Reading... -
20 Oct 2008
My latest security content
Here's an article I wrote for SearchEnterpriseDesktop.com:How to exploit two common Windows vulnerabilitiesHere's an article I wrote for SearchSoftwareQuality.com:Does certification really matter?Be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, screencasts and more....
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading... -
28 Aug 2008
Want to try some ‘sploits but don’t have anything to ‘sploit?
If you've ever wanted to play around with Metasploit - the free pen test/exploitation toolkit - but you didn't know where to start....well, here's an interesting site I came across that hosts free trial versions of software known to be vulnerable to attack using Metasploit, etc..Oh, if you need a quick primer, check out the following articles I've written on Metasploit as well:Metasploit 3.1 updates improve Windows penetration testingMetasploit 3.0 ...
Continue Reading... -
20 Aug 2008
Can’t wait to try this tool out…
...it's been out for a few weeks and wow, it looks really neat. Great way to demonstrate the vulnerabilities associated with Wi-Fi in the enterprise. I've actually been wondering when someone would come up with a tool like this.http://metasploit.com/dev/trac/wiki/KarmetasploitKarmetasploit acts as a wireless access point serving up legitimate-looking services such as SMTP, DNS, etc. It can be used to capture email passwords, retrieve info from Web form fields, exploit Web ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
