Applications are moving away from the desktop and onto the web.  With technologies like AJAX and Flash and the popularity of Mash-Ups and social networks, web application penetration testing is becoming increasingly important.  Pushes for penetration testing are being driven by compliance, regulation, and a desire to not end up on the evening news, so a quality web application penetration testing class has been long overdue.  SANS has stepped up to the plate and re-released SEC542 Web App Penetration Testing and Ethical Hacking as a 6-day course with stronger hands-on exercises and culminating with a final day where students perform a penetration test on the classroom network.  The original course was a 4-day version, but Kevin Johnson of InGuardians has updated and enhanced the content to contain many of the cutting-edge web application hacking techniques seen in the field today.

I recently had the opportunity to take the re-born SEC542 course in Orlando, Florida as part of the SANS 2009.  SANS 2009 was one of the larger yearly conferences that SANS offers with quality evening talks after classes which offered additional content for no additional cost. Some of SANS higher profile members presented fresh content ranging from Josh Wright's talk on the risks associated with using personal wireless devices such as the Nike +iPod titled "Privacy Loss in a Pervasive Wireless World" to Ed Skoudis' talk on cutting-edge tricks and techniques in "Secrets of America's Top Pen Testers."  The secondary benefit of the large conferences was the ability to network with instructors and peers.  There were frequent opportunities to hang out and talk with SANS instructors and other students after hours, with impromptu events such as full-contact mini-golf, dinner and karaoke.  It is commonly known that an event is what you want to make of it, and SANS 2009 came through in spades in providing an educationally rich environment. So if an attendee didn’t take advantage of networking with those in the industry, then it certainly wasn’t SANS fault.

del.icio.us

Discuss in Forums (13)

In Part I, Modern Social Engineering - A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.

So, please mark your calendars and join us for this continuing series on Social Engineering. You can also meet all of us and many more industry experts at ChicagoCon, the World's Only Ethical Hacking Conference. And at only $100 for 2 days on May 8 - 9 with talks, CtF, breakout sessions, food, swag and more, it's a steal!

Join world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Thursday April 30, 2009 at 12:00 Noon CDT continues your education in the world of "Modern Social Engineering."

del.icio.us

Discuss in Forums (7)

Review by Jason Haddix, Security Aegis

Nmap is indispensable.

OK, that was obvious. There is no doubt that Fyodor and contributors have made the de-facto standard of network scanners, but when it comes down to learning the ins and outs and the power of Nmap, where should you put your hard earned cash?

Let’s neglect the support documentation (man pages) for a second, and assume you don’t really use Nmap on a day-to-day basis. Why? Over at http://www.professormesser.com/, James “Professor” Messer has put together a 232-page eBook proving that one doesn’t have to be a networking guru to learn how to use Nmap effectively in your organization.

But what about the $197 video companion to this $47 book? How does it stack up against Fyodor’s own book on Nmap (See EH-Net Review by JP Bourget)? Stick around my friends as the answers you seek are only minutes away.

del.icio.us

Discuss in Forums (1)

Ryan Linn is back with another video for your learning pleasure. This time he gives a video tutorial of an existing toolset, the Pass-The-Hash Toolkit by Hernan Ochoa (Core Security Technologies). Core describes it as, "The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!)."

So what does all that mean? As with his other videos, Ryan tackles this topic in a very easy to follow process. So watch along as he integrates the PTH Toolkit in a makeshift penetration test, and shows how an attacker can utilize credentials without ever having to crack a single password. Oh by the way, he cracks them, too. This way he can impersonate a legitimate user without knowing their password, and then again while knowing their password. Ryan then goes one step further with his talk at ChicagoCon 2009s on May 9 with fellow EH-Net Columnists, Brian Wilson, when they team up for Cain BeEF Hash: Snagging Passwords without Popping Boxes. They not only show you some of their cutting-edge research results, but also perform it in a live demo! Click for Conference Details.

del.icio.us

Discuss in Forums (12)

By Chris Gates, CISSP, GCIH, C|EH, CPTS

Welcome Back! In Maltego Part I we performed Personal Reconnaissance with Maltego to see what we could find out on the net about our Editor-in-Chief, Don.  With the personal details tucked safely away in our notebook, lets see what we can gather in regards to his network infrastructure.

Any organization that has an Internet presence needs to have some form of infrastructure to support their presence. During Infrastructure Enumeration you attempt to discover how much of it exists, what type of infrastructure is used, where it is located, what technology is used and how it is structured. This type of information is interesting for:

    * Security assessments (as this is the first and most tedious phase of any external assessment).
    * Getting an idea of the organization’s Internet and geographical presence.
    * Gaining insight into the technology used by the organization.
    * Making connections between seemingly unconnected organizations (as they might be sharing common infrastructure).
    * Getting a list of brands or affiliations supported by the organization.

Be sure to catch Chris at ChicagoCon 2009s on May 9 as he presents Attacking Layer 8: Client Side Penetration Testing with Vince Marvelli (g0ne). Get Conference Details HERE!

del.icio.us

Discuss in Forums (1)

Register Here! | Q&A in Forums 

EH-Net is pleased to announce the complimentary webcast, “Network Reconstructive Surgery,” Part III of the Pen Testing Perfect Storm webcast trilogy – featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson. The third and final installment of this popular webcast trilogy will focus on assessing the outside-in attack process, leveraging a seemingly innocuous website bug for full-scale control over the target network infrastructure. You'll learn how to take advantage of powerful tools including Ratproxy, the soon-to-be-released Yokoso! project and a recent browser exploit, as well as how a pentester can manipulate the not-so-helpful features in enterprise wireless networking systems. Combining concepts from web app, network, wireless and social-engineering attack techniques, this webcast will present practical tips for succeeding in a penetration test in ways that exceed that of independent analysis steps. In this finale webcast, you'll also gain insight into predictions by the pentest luminary team on the future of combined penetration tests, including the concept of "no holes barred" pentesting and the effect it will have on the future of enterprise security.

The third and final webcast in this series will take place Tues March 24, 2009 @ 1:00 PM EST. Following the webcast, attendees are invited to keep the conversation going with Kevin, Josh and Ed from InGuardians during discussions hosted by The Ethical Hacker Network (EH-Net), a free online magazine for security professionals. For at least one week after each webcast, the crew will make themselves available to answer your questions directly and candidly in EH-Net’s Community Forums. All discussions will remain freely available on EH-Net for your continued reference.

del.icio.us

Discuss in Forums (7)

It's a fact, Jack. Nearly 100% of social engineering engagements will involve the use of language.

Yes, that was trite and obvious. But it's also true. Which means that if you want to engage an organization or individual as a target for a social engineering attack, your ability to use language will be a significant factor in the success or failure of your attack. Even more precisely, you have to know the different ways that language can be used, and the differences in the language patterns and formats for each of those uses. Only then will you be empowered to structure your language in such a way as to have maximum impact.

del.icio.us

Discuss in Forums (4)

Jack Koziol of Shellcoder's Handbook fame spoke at ChicagoCon last year on heap overflow exploitation, so we thought we'd share the entire audio recording and slide deck with you as an example of the type of talks you'll see at the next ChicagoCon in May 2009. 

As defined by Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area. Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination. A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed."

del.icio.us

Discuss in Forums (4)