Posts

Showing posts from March, 2016

Security Testing for entities hosted in cloud

For the applications that are getting migrated to cloud / planned to be hosted in the cloud will need additional security considerations. Failure to ensure proper security protection when using cloud services may potentially result in higher costs and loss to business. Organizations must consider security controls for different services viz. Infrastructures as a service(Iaas), Software as a service (SaaS) or Platform as a service. Which applications should be moved to cloud?     ·         Low to Medium Risk What are the key security risks while hosting in cloud?     ·         Isolation Failure – Multi tenancy is a key thing in cloud. Failure in controls that separate the storage, memory, identity and access control and routing between tenants is a huge risk.     ·         Authentication and Authorization     ·...
Post a Comment
Read more

How to grab Wi-Fi password from a system that is connected to the Wi-fi

Sometimes its just easier to use social engineering skills :) Scenario: You are on a  laptop that is connected to a Wifi network - But you don't know the key (Password). WINDOWS: Start > Run >cmd 1] wmic > enter 2] quit 3] netsh wlan show profiles - You will see the available Wifi 4] netsh wlan show profiles name-wifi - Replace name-wifi with the name of the wifi network 5] netsh wlan show profiles  name-wifi key=clear The wifi password will be available in clear text !!!! Have fun MAC OS 1] Open Terminal 2] security find-generic-password -wa  name-wifi 3] Enter the system credentials ( Yes this is not easy as windows) 4] Wifi password will be on screen in clear text Linux 1] sudo cat /etc/NetworkManager/system-connections/ name-wifi  | grep psk=
Post a Comment
Read more