I came across an interesting variation on spear-phishing known as longlining. Longlining, which is named after the industrial fishing practice of deploying miles-long fishing lines with thousands of individual hooks, combines successful spear phishing tactics with mass customization. Using these techniques, attackers can deploy thousands of unique, malware laden messages that are largely undetectable to traditional … Continue reading
Dave Kennedy from TrustedSec has released a new version of the Social Engineering Toolkit (SET) which is now at version 5.1. I have listed the changelog here: ~~~~~~~~~~~~~~~~ version 5.1 ~~~~~~~~~~~~~~~~ * when specifying a custom wordlist in SET – added the ability for ports to be specified ipaddr:portnum for example 192.168.5.5:2052 just in case … Continue reading
A Polish security researcher has found a flaw in the latest version of WordPress, version 3.5.1. He reported it to WordPress, but with no response after 7 days he went public The flaw probably won’t affect too many users. It requires a password-protected page within a self-hosted WordPress site; and almost by definition, bloggers and … Continue reading
Add my twitter @spencerjscott to keep up to date with my WordPress posts. d-_-b
I have been working recently with the Centre for the Protection of National Infrastructure’s (CPNI) 20 Critical Security Controls for Cyber Defence. The following text is taken from the CPNI website here: http://www.cpni.gov.uk/advice/cyber/Critical-controls/ The 20 controls (and sub-controls) focus on various technical measures and activities, with the primary goal of helping organisations prioritise their efforts … Continue reading
The following video and text is courtesy of Irongeek. Social Engineering has increasingly been in the headlines lately, with several breaches over the last couple of years being attributed to this concept. Security companies have been quick to jump on this and claim they have the latest and greatest counter to social engineering. This presentation … Continue reading
Since my last updates, Backtrack has now been superseded by Kali Linux. I have this running now as my primary OS for pen testing. More information and documentation on kali linux can be found here: http://www.kali.org/ http://docs.kali.org/
It has been a long time since I have been online and have recently returned to the blogging world. Lots has happened since then and I will be continuing using this blog for latest security news, tools and other interesting information security topics.