GPG Better than Zip Encryption

Is GPG/OpenPGP really Better than Zip ? I attended a local conference yesterday (2019-03-29) and during one of the talks a senior analyst from one of the world’s first CERT said that the preference was to use GPG for symmetric key encryption of files to transfer confidential information to their clients over zip. The reason presented was that zip did not provide the desired level of confidentiality and integrity. This comment got me thinking as I had thought that zip used AES for encryption, so now I am awake at 0100hrs in the morning and curious to understand the encryption used in zip.

Read More →

Metasploitable2 Walkthrough

For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. I employ the following penetration testing phases: reconnaisance, threat modelling and vulnerability identification, and exploitation. Since this is a mock exercise, I leave out the pre-engagement, post-exploitation and risk analysis, and reporting phases. Set-up This metasploitable walk-through is performed in a virtual lab environment. Two virtual machines (VMs) are used. The first is a Kali VM and the second is the Metasploitable2 VM.

Read More →