One of the best ways to test the security of your system is to try to hack it yourself. By trying to break through your own defenses, you can get a first-hand perspective on exactly how an attacker is approaching circumventing your security measures. Check out our recent security testing guides and see how Windows security experts Brien Posey and Kevin Beaver think you can test the strength of your own system security.
|BIOS password hacking|
Regardless of how long you've been working with computers, you've likely had the need to reset a BIOS password. You know, those configuration and power-on passwords that often keep us from managing -- sometimes even using -- our computers to get our work done. I used to love working with this kind of stuff in college and when I first started my career. Although I'm still intrigued, I just don't have the time to spend days on end experimenting to find the perfect solution to lost passwords. I'm sure you don't either. That's why I've created a sort of all-in-one reference guide to hacking BIOS passwords.
|Hacking Windows server processes and services|
In a recent tip, I outlined the higher-level steps associated with domain controller penetration testing: 1) reconnaissance, 2) enumeration, 3) vulnerability discovery, and 4) vulnerability exploitation. Now that you know the methodology, I'll show you more in-depth into the vulnerability discovery and exploitation phases and how you can test specific Windows processes and services.
Hacking server processes and services
Step 1: Home in on your target
Step 2: Use good information and good tools to get rolling
Step 3: Drive your point home
|Step-by-step guide: Laptop hacking|
The headline "Laptop - Along with Hundreds of Thousands of Identities - Stolen" seems to be repeating itself -- over and over again -- these days. Whether it's an executive trusting the hotel cleaning staff or a name-brand auditor storing his laptop unsecured in his car (who, by the way, would ding his clients on an annual review for such carelessness) -- laptops and other physically insecure computers are getting lost and stolen by the truckload.
|Google hacking to test your security|
In a past article, I discussed the anatomy of a Google hack. In case you aren't familiar with the term Google hack, it refers to using the Google search engine in an effort to pull sensitive information, such as credit card numbers, out of a poorly constructed Web application. In response to feedback from my original Google hack article, I wanted to take the opportunity to show you some ways of Google hacking your own Website to see what exactly is being exposed to the outside world.
Google hacking to test your security
Step 1: Identify what could be Google hacked
Step 2: Understand your Web applications
Step 3: Queries to Google hack your site -- Simple stuff
Step 4: More complicated Google queries
Step 5: Harden your Web site against Google hacks
This was first published in October 2007