Book Review and Sample Chapter - "Real Digital Forensics: Computer Security and Incident Response" By Keith Jones, Richard Bejtlich, Curtis W. Rose

http://www.ethicalhacker.net/content/view/19/2/

Member Feedback.

Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.

The zero-day exploit, posted by a U.K.-based group called "Computer Terrorism," could allow a remote hacker to take complete control of a Windows system if the victim simply browses to a malicious Web site.

Ziff Davis Internet News have verified that the exploit works on fully patched Windows XP systems with default IE installations.

For full story:
http://www.eweek.com/article2/0,1759,1891749,00.asp?kc=EWRSS03119TX1K0000594

Don

Article Title - "Incident Response Checklist"

http://www.ethicalhacker.net/content/view/18/2/

Member Feedback

Some of you may find this interesting. The OSSTMM describes itself as:

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated.

http://www.isecom.org/osstmm/

Let me know what you think,
Don

The makers of Winfingerprint, the tool recommended by SANS and on the Insecure.org Top 75 Security Tools list, has launched a new site (Mambo BTW) and will soon have a new shareware version. While you're there, also check out Wininterrogate.

From http://www.winfingerprint.com
Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports.

Pretty cool way to keep tabs on your Windows network.

Don

Foundstone has a number of free resources including some great free tools. Here's a list:

Assessment Utilities
  Fpipe™ v2.1
Forensic Tools  
  Remote Forensics System v1.0
  Pasco v1.0
  Galleta v1.0
  Rifiuti v1.0
  NTLast™ v3.0
  Forensic Toolkit™ v2.0
  ShoWin™ v2.0
  BinText™ v3.0
  PatchIt™ v2.0
  Vision™ v1.0
Foundstone S3i™ Tools
  Hacme Books™  v1.0
  Hacme Bank™  v1.0
  .NET Security Toolkit    NEW!!! v1.0
  .NETMon™  v1.0
  Validator.NET™  v1.0
  SecureUML Template  v1.0
  WSDigger™    NEW!!! v1.0
  CookieDigger™    NEW!!! v1.0
  SSLDigger™  v1.02
  SiteDigger™ v2.0
Intrusion Detection Tools
  IPv4Trace v1.0
  Carbonite™ v1.0
  FileWatch™ v1.0
  Attacker™ v3.0
  Fport™ v2.0
Scanning Tools 
  SuperScan™ v4.0
  MS05-051 Scan    NEW!!! v1.0
  MS05-039 Scan v1.0
  NetSchedScan v1.0
  DSScan v1.0
  MydoomScanner v1.0
  MessengerScan v1.05
  SQLScan v1.0
  BOPing™ v2.0
  ScanLine™ v1.01
  Trout™ v2.0
  DDosPing™ v2.0
  SNScan™ v1.05
  CIScan v1.0
  RPCScan v2.03
Stress Testing Tools
  FSMax™ v2.0
  Blast™ v2.0
  UDPFlood™ v2.0

http://www.foundstone.com/resources/freetools.htm

Never heard of them, used them once, permanent addition of your toolbox... Share your thoughts.

Don

Since we have a post with a link to a tutorial for password cracking:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,35/topic,23.0

It's only right for us to to tell you where to get Cain & Abel:

http://www.oxid.it

Have fun!
Don

Some say that Nmap is an old tool, and this is true. It nonetheless is still useful, because the authors tend to keep up with the times.

http://www.insecure.org/nmap/

Insecure.org also has a list of the Top 75 Security Tools. No telling how old the list is, but it is a good starting point.

http://www.insecure.org/tools.html

Don

As we wait for Justin Peltier's article on SensePost's BiDiBLAH, here are a couple more free tools by SensePost:

Wikto: Web Server Assessment Tool
http://www.sensepost.com/research/wikto/

Crowbar: Generic Web Brute Force Tool
http://www.sensepost.com/research/crowbar/

Don

Since Tenable Network Security announced that the next version of the popular Nessus Scanner would not be released under the GNU Public License, a fork has emerged. Originally named GNessUs, it is now named OpenVAS.

From http://www.openvas.org:
Update: OpenVAS has had it’s proposal to become an officially recognised Software in the Public Interest project accepted and an official motion was passed at the board meeting held today. We’ve also announced our intention to move from Attribution-NonCommercial-ShareAlike 2.0 to the Creative Commons; Attribution-ShareAlike 2.5 license for all non-code content (specifically these web pages), and have notified all contributors to ask permission to relicense. Finally, we recently announced a logo competition for use on our new web site. — Tim Brown 2005/11/15 22:52

Add your thoughts,
Don

Article Title - "Enterprise Security - The Battle for the Final Frontier"

http://www.ethicalhacker.net/content/view/17/2/

Member Feedback

What is SensePost BiDiBLAH: Automated Assessment Tool?

To find out what BiDiBLAH really is, read this document (PDF) [302KB]
http://www.sensepost.com/research/bidiblah/what_is_bidiblah.pdf

How does it work?

Check out the videos:
http://www.sensepost.com/research/bidiblah/

Want to learn more?
Keep an eye out for the first column by Justin Peltier next week.

Enjoy,
Don

Interesting news from the US Air Force... they not only choose to support Mile2's CPTS and CPTE, but they in turn denounce CEH. Read the following, and feel free to add your comments.

Don

---

Oct 14 2005 - Today Mile2 was awarded a contract to deliver CPTS & CPTE as dedicated classes for I.T. Staff at a major US Air Force Base. The statement of work included the following quote:

"These courses cannot be substituted with a Certified Ethical Hacker (CEH) curriculum."

From US Air Force Statement of Work 05T0273 Published 09/14/2005 inviting public bids for Penetration Testing Training. Awarded to Mile2 10/14/2005.

One prospective respondent to the solicitation asked the following question on Sept 28 2005:

Q: " Why doesn't Wright-Patterson AFB want a CEH-certified curriculum?"

USAF's response was as follows:

A: "CEH-certified courses tend to focus on teaching the student how to use a
handful of tools that are available on the internet. While this knowledge is
somewhat useful during a penetration test, our goal is to expand on this and
learn how to turn our results into a professional report. Most of our students
know how to use these tools, but need to learn the methodology behind a full
penetration test. This methodology could include identifing protection
opportunities, justifing testing activities and optimizing security controls to
reduce business risk."

Copied from Mile2 News Page at:
http://www.mile2.com/news_promotions.html

Under industry pressure, Sony BMG offers an exchange program for CDs with the 'content protection' software. Sony has also asked vendors to remove any unpurchased CDs with the software from store shelves.

See their press release:
http://blog.sonymusic.com/sonybmg/archives/111505.html

Don

Kind of makes our Free Monthly Giveaways look insignificant. But hey, I'm always for free training!

Be sure to not only check out the $1,000,000 Giveaway, but also what Mile2 has to offer for pen testing and forensics.

Don