Danny Tech Security

What is Nagios? Imagine you have a company with 20+ workstations or servers and you need to monitor them. Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better. Overview Nagios is Open Source Software licensed under the GNU GPL V2. Monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH) Monitoring of host resources (processor load, disk usage, system logs) on a majority of network operating systems, including Microsoft Windows with the NSClient++ plugin or Check_MK. Monitoring of anything else like probes (temperature, alarms...) which have the ability to send collected data via a network to specifically written plugins Monitoring via remotely-run scripts via Nagios Remote Plugin Executor Remote monitoring supported through SSH or SSL encrypted tunnels. Simple plugin design that allows users to easily develo...

[ New DTS PDF Cover Page ] For past few weeks I been reviewing, learning coding, and trying out the new android tablet. I decided that instead of using the same logo cover page image I'm going to change it every season. Below is a cut up of the DTS cover page picture. The new PDF tutorials will begin May 3, 2011. Up coming tutorial for tomorrow .... How to install and configure Nagios.

This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I did not want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, RaginRob, stasik, and Solar Designer. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum. The PDF cover both getting the SAM from inside windows and from the BackTrack CD, DVD, or USB flash drive. The SAM is the Security Accounts Manager database where local usernames and passwords are stored. For legal ...

OWASP attempts to make videos of presentations made by there members and at there conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas. In episode 2 it illustrates SQL Injection, discusses other injection attacks, covers basic fixes, and then recommends resources for further learning.  Here are a couple of links on how to secure your SQL server SQL Injection Prevention Cheat Sheet XSS (Cross Site Scripting) Prevention Cheat Sheet

In the Linux Distribution BackTrack 4 it has the Social Engineering Toolkit otherwise known as SET. The homepage for SET is http://www.secmaniac.com/ and there is more useful information there. I am particularly impressed by the new java applet function is SET which allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. To see this operation in action Click Here . If you want to install it on your own machine then there will be a tutorial on how to set this up on Saturday.

Let's say you have limited access at a work place and manager wants if a user has access for something that they requested and you don't have the proper access to check. Today I will show you how to check access on limited access. The way that this example is setup is by virtual environment from Windows 2003 Server to Windows XP. Tools Virtualbox (free edition) running in local environment rdesktop (free) vmware (trial) Windows Server 2003 Enterprise Edition (Student Version 180 days trial) running in a remote location The picture above is typical Windows Server login. It just shows that I am running server OS. Ok let's move on. We are going to check on a user on " DTSAdmin " At the command prompt type " net user DTSAdmin /domain " it will gather from the server a lot of good information as shown in the picture above. If you don't type the " /domain " syntax the computer is going to think that user name is at t...

The Problem   As you notice when upgrading to Ubuntu 10.04, Ubuntu 10.10, or using the latest BackTrack4. There is an issue with the latest kernel build of 2.6.35-35 which does not allow setting a specific channel and also it will not allow to perform packet injection in the Aircrack-ng suite.  For a solution please read the PDF. Title: Fixed Channel -1 File Name: Fixed Channel -1.pdf File Type: PDF File Size: 1.6 MB Download Now