Cyber Security and Hacking Blog

FindMyHash is a python script that allows you to rapidly crack passwords by comparing the hash against known password hashes.

If Google detects that your website has been infected with malware or badware, visitors will be displayed a warning before they are allowed to access your site. Learn how to remove the offending code, or contact Night Lion Security to help with the removal process.

Night Lion Security is helping St. Louis businesses achieve PCI Compliance with their E-commerce and shopping cart based websites and web servers.

CIS, PCI, FISMA – Atomic Secured Linux (ASL) makes it easy to set compliance hardening requirements. The perfect tool for creating a secure server build.

A quick guide on using Metasploit to scan for Rapid7′s recently announced uPNP vulnerabilities, which currently effect approximately 80 million unique IPs, and 40-50 million devices worldwide.

This tutorial shows how incredibly simple it is to bypass UAC and escalate your user permissions on a Windows 7 (fully patched) machine using the Sysret exploit. This exploit works on 64bit Intel Chips, including Windows and Linux.

Compliance controls, mappings, guidance, and test procedures for NIST 800-53, 800-53A, ISO 27001, PCI, HIPAA, CSA, and more. Free ready to use database!

The NIST 800-53A Audit questions necessary for FISMA / FedRAMP properly chopped and exported to a useable Excel / CSV / Database format. Free download.

Key takeaways: 72% of the known hacker breaches in 2011 affected businesses with 100 employees or less. 50% of small businesses think they are too small to be a hacker target. 67% don’t use web-based security/service. Read more.

An XLS / CSV version of the NIST 800-53A (FISMA / FedRAMP) controls. Properly formatted and ready for database import. Free download. Enjoy!

South Carolina’s Department of Revenue systems were hacked, exposing 3.6 million Social Security Numbers. South Carolina Governor stats that the hacked files included state returns submitted since 1998 with unencrypted Social Security numbers. There also were about 387,000 credit and debit card numbers of which 16,000 were unencrypted.

This linux script will properly change and set your default EC2 hostname and FQDN as needed when launching an AMI EC2 instance on Amazon. The script can be set to auto-run on boot.

In a 2012 IT Security Report conducted by Kaspersky Labs and B2B, Half of the organizations surveyed place cyber threats as one of the three most critical risks to their business. U.S. small businesses should understand they cannot completely remain safe from cyber-threats if they do not take the necessary precautions.

Forbes magazine has published an incredibly intelligent and well written detection of exploited software bugs within company networks. A recent study by Symantec show that Zero-Day bugs are reported as late 300 days from first use. Unsurprisingly, the study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.

The Cloud Controls Matrix provides a mapping of industry security standards such as HIPAA, ISO 27001-2005, FedRAMP, FISMA, and PCI DSS. This is a great informational matrix, which can be extremely useful in simplifying organizational compliance efforts.

A good guide and refresher on how to create or delete partitions on Linux (Red Hat or Centos). This is especially handy for those new Cloud installations and EBS volumes.

The Cloud Controls framework are a set of controls for cloud providers. They cover risks associated with cloud security and help differentiate the lines between [...]

The beginning of a series of articles in which FISMA, FedRAMP, HIPAA, PCI, and ISO compliance controls are mapped. This post is the beginning of a road map which is intended to help you achieve multiple regulatory compliance efforts. I will provide resources to important authority documents and a free Access DB when complete.

“Q” is an exploit pack and repository which was created to house modules, scripts and resource files that would otherwise not be accepted into the Metasploit trunk. The repository is 100% free to use. Users can also submit modules, scripts or resource files that they created or just found.

Great video by Rob Fuller and Chris Gates at Derbycon 2. “Dirty Little Secrets, Part 2″. It’s defiantly worth the watch. They cover topics like additional ports that you should be looking for, and why. There are some great “Duh, why didn’t I think of that” moments.

TextShade allows you to create and send encrypted messages via a web interface. As long as your recipient knows the password, they can decrypt your message via the web interface. You can use the encryptor / decryptor on the website, or install the PHP files on your own server for maximum security.

A French citizen has unintentionally breached the security of the French central bank (Banque de France) over the phone, and was freed by French authorities after being accused of “hacking” the central bank and triggering a 48-hour shut down of the computer system which handles the consumer indebtedness files (people who are flagged as having very bad credit history).

Virgin Mobile customers beware: Your phone number is the key to your personal information. According to independent developer Kevin Burke, who warned Virgin Mobile USA customers about a glaring security hole in the phone company’s account login protocol. Virgin Mobile forces you to use your phone number as your username, and a 6-digit number as your password. This means that there are only one million possible passwords you can choose.

White House sources partly confirmed an alarming report that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers.

Script to process and clean multiple HTML or XML files (batch) using HTML TIDY for OSX, Linux or Windows. This script is incredibly fast and useful way to process an entire folder of files, rather than processing them individually.