About Mati Aharoni

Visit the Security through Hacking Web site at http://www.secureit.co.il for additional information.
How I Got Root A Penetration Testers Diary

This is a possible solution to hacking competition #6, held on SecureIT (15.1.04).

Penetration Test : My Meanest Hack
· 1

I was requested to perform a proof of concept hack into a large organization a few weeks ago. The aim was to get an interactive session, preferably GUI, on one of the internal machines which was guarded by 2 (External and DMZ) firewalls, and an Intrusion detection system. I was allowed to use any means necessary to achieve this goal. This is extremely unusual for a penetrations test, where the rules, guidelines and penetration methods are very strict and defined. I was supposed to impersonate a hacker that would stop at nothing to gain interactive access to the internal network.

A White Hat’s Penetration Test

This tutorial is more of a “case study”, in which I describe a recent penetration test I performed. Due to the success of the penetration test (in a relatively very short time) I decided to share this experience with you.

NetCat Security

Netcat is a utility that is able to write and read data across TCP and UDP network connections. If you are responsible for network or system security it essential that you understand the capabilities of Netcat. Netcat can be used as port scanner, a backdoor, a port redirector, a port listener and lots of other cool things too. It’s not always the best tool for the job, but if I was stranded on an island, I’d take Netcat with me. During this tutorial I’ll demonstrate a complete hack, using Netcat only, just to point out how versatile it is.

SNMP Enumeration and Hacking
· 1

SNMP (Simple Network Management Protocol) is a protocol that never seems to get the attention it deserves. As a “security expert” I am quite ashamed to say, that I was not fully aware of all the intricate possibilities that lie within SNMP, until quite recently.

Windows DCOM RPC Exploit

This is not a usual tutorial, but more of a “description of events” of the past few days. It began when Microsoft issued this bulletin.

EtterCap – ARP Spoofing and Beyond

When it comes to Network Security, my philosophy is – “You can’t afford to know less than the Hacker.” This means that in order to protect ourselves effectively, we need to understand and experience the same tools and techniques that are used against us.