Tuesday, 26 February 2013

Tools Update (26th Feb)

My slightly irregular update on new and updated Information Security tools that I have come across or use. The tools are mainly those for PenTesting although other tools are sometimes included. As a bit of background into how I find these tools, I keep a close watch on twitter and other websites to find updates or new releases, I also search for pen testing and security projects on Source Forge. Some of the best sites I have found for details of new tools and releases are http://www.toolswatch.org/ http://tools.hackerjournals.com


Burp Suite Professional v1.5.06

http://releases.portswigger.net/2013/02/v1506.html
This release adds a number of useful new features and bugfixes

  • New CSRF technique
  • New SSL options

Wireshark v1.9.0

http://www.wireshark.org/download.html#development_release
Development release

Pwn Pad

http://pwnieexpress.com/products/pwnpad
The Pwn Pad - a commercial grade penetration testing tablet which provides professionals an unprecedented ease of use in evaluating wired and wireless networks.  The sleek form factor of the Pwn Pad makes it an ideal product choice when on the road or conducting a company or agency walk-through.  This highspeed, lightweight device, featuring extended battery life and 7” of screen real estate offers pentesters an alternative never known before.

Monday, 18 February 2013

Tools update (18th Feb)

My slightly irregular update on new and updated Information Security tools that I have come across or use. The tools are mainly those for PenTesting although other tools are sometimes included. As a bit of background into how I find these tools, I keep a close watch on twitter and other websites to find updates or new releases, I also search for pen testing and security projects on Source Forge. Some of the best sites I have found for details of new tools and releases are http://www.toolswatch.org/ & http://tools.hackerjournals.com

WAppEx v2.0 : Web Application exploitation Tool

http://itsecteam.com/counter/?files=WAppEx/WAppEx2.0.exe
WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

Automated HTTP Enumeration Tool

http://www.thexero.co.uk/downloads/http-enum.py
A python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple.

Weevely 1.01 released

http://epinna.github.com/Weevely/
Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

BackBox Linux 3.01 updated to include Weevely

http://www.backbox.org/
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

Sunday, 10 February 2013

Keep It Simple Stupid

Reading about the Horse/Beef issue, made me think of  the KISS principle from the US Navy in 1960's, Keep It Simple, Stupid.

The supply chain for Findus reads like this "A Swedish brand - Findus - supplying British supermarkets employed a French company, Comigel, to make its ready meals. To get meat for its factory in Luxembourg, Comigel called on the services of another French firm Spanghero. It used an agent in Cyprus, who in turn used an agent in the Netherlands, who placed the order at an abattoir in Romania."

Additionally isn't the problem with the banks due to over complicated financial instruments that no one understands fully. All this shows it that if a process gets over complicated it is liable to break and have faults, a simply process is easier to fault find and rectify.

The principle of KISS applies to information security as well as software development, overcomplicated systems and software are going to lead to vulnerabilities that will lead to systems and organisations being overcomplicated. Capability Maturity Models (CMM) should be looking at ensuring at processes are not overcomplicated and are easily understand by all those involved in an organisation. When a process is fully understood it is going to be a more mature process.

Tools update (10th Feb)

My slightly irregular update on new and updated Information Security tools that I have come across or use. The tools are mainly those for PenTesting although other tools are sometimes included. As a bit of background into how I find these tools, I keep a close watch on twitter and other websites to find updates or new releases, I also search for pen testing and security projects on Source Forge. Some of the best sites I have found for details of new tools and releases are http://www.toolswatch.org/ & http://tools.hackerjournals.com

DotDotPwn v3.0.1

https://github.com/wireghoul/dotdotpwn
The latest version of DotDotPwn v3.0.1 released. DotDotPwn is a flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. It's written in perl programming language and can be run either under *NIX or Windows platforms. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

Sysinternals

http://blogs.technet.com/b/sysinternals/archive/2013/02/04/updates-pendmoves-v1-2-process-explorer-v15-3-sigcheck-v1-91-zoomit-v4-42.aspx?Redirected=true
Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories.
Process Explorer v15.3: This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.
Sigcheck v1.91: This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner.
Zoomit v4.42: Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases


NOWASP (Mutillidae)

http://sourceforge.net/projects/mutillidae/files/
NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver.

Friday, 8 February 2013

CREST certification

Going to be going for CREST certification as a number of prospective clients are requesting  in the UK. This is going to be interesting as there is no authorised training course. Although I have done PenTest when going for a certification, if there is a course I like to complete it as often if it is classromm based your get a lot of 'extra' information from the instructor and other delegates. However there is not a open ended training budget, if there had been I would of liked to of taken the SANS SEC560: Network Penetration Testing and Ethical Hacking course which is recommend by CREST. However as part of the preparation for the CREST certification I am going to try and put together my own study guide to help prepare.

In terms of course I would like to of done some of the Security Tube and Offensive-Security courses before looking at the CREST certification as I feel these are good solid courses to of completed. However customers want CREST so that is what I am going for and from a PenTest certification it is good, covering not only techniques but preparing, managing, conducting and reporting on a PenTest which are important aspects. Certifications like CREST will help develop a minimal level for PenTest professionals and I wish I had the opportunities to do this when I was younger.

The main parts of the SANS course are


  • Network Penetration Testing: Planning, Scoping, and Recon
  • Network Penetration Testing: Scanning
  • Network Penetration Testing: Exploitation and Post Exploitation
  • Network Penetration Testing: Password Attacks
  • Network Penetration Testing: Wireless and Web Apps
  • Penetration Testing Workshop & Capture the Flag Event

These match nicely against the CREST technical Syllabus

  • Soft skills and Assessment Management
  • Core Technical skills
  • Background Information Gathering & Open Source
  • Network Equipment
  • Microsoft Windows Security Assessment
  • Unix Security Assessment
  • Web Technologies
  • Web Testing Techniques
  • Databases

In addition to SANS Training in the UK, 7Safe run a couple of well recognised PenTesting certifications

CSTA



  • Networking Refresher
  • Information Discovery
  • Target Scanning
  • Vulnerability Assessment
  • Attacking Windows
  • Privilege Escalation – Windows
  • Attacking Linux
  • Exploiting Linux
  • Retaining Access
  • Covering Tracks
CSTP
  • Principles
  • Injection
  • Cross-Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Security Misconfiguration
  • Failure to Restrict URL Access
  • Unvalidated Redirects and Forwards

Which you can see are good match for the content of the CREST technical syllabus

I will be blogging with details of my progess and the subjects I am studying.



Tuesday, 5 February 2013

Jan 2013 ADSL Router Analysis

I have now completed 12 months of collecting the log files from my ADSL router and moving into the second year of data collection. I will be looking at how 2013 data matches up against the 2012 data on a month per month basis.



Source IP addresses are the source address from the packet(s) detected, it is not necessarily the true source of the attack.

Year Countries Source IPs Attacks
2012 6 86 96
2013 6 44 115

The format that attacks from Turkey are effectively 1 attack from each IP address and the Chinese model of multiple attacks from an IP address is also consistent.

2012 2013
Country Source IPs Attacks Country Source IPs Attacks
Turkey 79 79 Turkey 39 39
South Africa 3 3 China 1 57
United States 1 10 Germany 6 6
Hong Kong 1 1 Switzerland 6 6
Thailand 1 1 United States 6 6
Switzerland 1 1 United Kingdom 1 6


Monday, 4 February 2013

Tools Update (4th Feb)

My slightly irregular update on new and updated Information Security tools that I have come across or use. The tools are mainly those for PenTesting although other tools are sometimes included. As a bit of background into how I find these tools, I keep a close watch on twitter and other websites to find updates or new releases, I also search for pen testing and security projects on Source Forge. Some of the best sites I have found for details of new tools and releases are http://www.toolswatch.org/ & http://tools.hackerjournals.com

Wireshark
http://www.wireshark.org/download.html
The current stable release of Wireshark is 1.8.5. It supersedes all previous releases, including all releases of Ethereal.

ScanNow for Universal Plug and Play (UPnP)
https://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp
The free scanner checks whether your network-enabled devices might be vulnerable to attack through the UPnP protocol.

The OWASP Zed Attack Proxy (ZAP
http://code.google.com/p/zaproxy/
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.