RSSLinn

Video Review: Cobalt Strike Penetration Testing Software

| June 29, 2012

cobalt_hacker.jpg

By Ryan Linn 

Cobalt Strike is the latest tool that Raphael Mudge (@Armitagehacker) has released at http://www.advancedpentest.com/ to help penetration testers optimize their workflow and pen testing tasks.  Cobalt Strike is a commercially supported version of Armitage, Cyber Attack Management for Metasploit, with a whole slew of new features added to aid in social engineering attacks, phishing, and targeted exploitation.  As described on their own site:

"Cobalt Strike is threat emulation software. Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs. Cobalt Strike exploits network vulnerabilities, launches spear phishing campaigns, hosts web drive-by attacks, and generates malware infected files from a powerful graphical user interface that encourages collaboration and reports all activity."

Stay with us after the break as we examine more details of this new software package, thoughts on how it might fit into your arsenal of tools and also an exclusive video by Ryan Linn offering a first look at Cobalt Strike to all EH-Netters.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Video: Pen Test Walkthrough with Metasploit Pro

| March 7, 2011

Metasploit Pro 3.6 was released today with a slew of new features aimed at facilitating pen testers throughout the entire penetration testing process.  One such new feature is asset tagging of groups of hosts, so that they can be grouped together easily.  Utilizing another new feature, global search, makes managing large engagements a breeze.  In addition to a free webinar on March 22 with James "egyp7" Lee on the Metasploit Framework, EH-Net regular columnist, Ryan Linn, explores Metasploit Pro.  He not only shows off some of those new features but also walks the viewer through the basic steps of performing a pen test with Metasploit Pro with the following 3 videos: rapid7_msf_logo_combined.jpg

- Getting Started With Metasploit Pro
- Post Exploitation
- Reporting and Cleaning Up

As we all know, a pen test is not over when the hacking is done.  Rapid7 realizes this as well, so the new reporting capabilities are a very welcome addition.  It is now easy to generate PCI compliance notes based on the findings throughout the penetration test.  These reports indicate exactly where the failures are and actually provides evidence to support those findings.  For those that need more detailed reports on all of the activity performed throughout a penetration test, the activity report shows all commands issued and all gathered evidence.  These two reports alone can save a lot of time for testers who need to present this type of information to their clients.

For those that haven’t learned to ‘stop worrying and love the GUI,’ Metasploit Pro now has a console mode where you can interact with Metasploit Pro just like the Community Edition.  For those that have embraced the GUI, the addition of tags allows for easy grouping of assets, and the tags can be used in many of the fields as shortcuts for specifying specific IP addresses.  This really speeds up every step in the process.

So let’s get a feel for Metasploit Pro as a whole as well as the new features of v3.6.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Course Review: Cracking the Perimeter by Offensive Security

| December 1, 2010

ctp-box.jpgCracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB – Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it.

Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. The end-of-course practical exam assures that the student has a true understanding of the course material presented, allowing employers and other security professionals to rely on the certification as a testament of capability, not only authority. 

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Final Course and Exam Review: Pen Testing with BackTrack

| March 1, 2010

pwb_box.jpgRyan Linn continues his insider’s look at Offensive Security’s online training course, ‘Pentesting with BackTrack.’ In Parts 1 – 4, he presented the reader with details of the training as he did it. Now in this final review (Part 5), he compiles his thoughts on the course in its entirety and then gives you an extended look at the process of preparing and taking the Offensive Security Certified Professional (OSCP) exam.  PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Visit Ryan Linn’s Column Page for Parts 1 – 4 as well as several other contributions to The Ethical Hacker Network and our community of security professionals.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Review: Penetration Testing with BackTrack by Offensive Security Part 4

| November 27, 2009

pwb_box.jpgRyan Linn continues his insiders look at Offensive Security’s online training in Part 4 of this continuing review of ‘Pentesting with BackTrack.’ As a reminder, PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Ryan brings it all together for you next month with a complete review of the course as well as the exam experience. Stay tuned.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Review: Penetration Testing with BackTrack by Offensive Security Part 3

| October 19, 2009

pwb_box.jpgRyan Linn continues his insiders look at Offensive Security’s online training in Part 3 of this continuing review of ‘Pentesting with BackTrack.’ As a reminder, PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Ryan will wrap things up in Part 4 of this new format of reviewing courses. EH-Net normally completes an entire course before publishing any content in a review article. So far, the Community seems to be enjoying it. Maybe this is yet another new trend that shall continue as we head full steam into 2010.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading

Video Tutorials: New BeEF Hotness with Metasploit and Samurai

| September 19, 2009

msf-beef-samurai.jpg

A new version of the Browser Exploitation Framework (BeEF) has been released. This new release incorporates both my code from my Security B-Sides update of the ChicagoCon Talk "Cain Beef Hash: Snagging Hashes without Popping Boxes" as well as RSnake and Jabra’s modules presented at Defcon. Enclosed in this update are some videos describing how to use the modules that I created which allow for realtime interaction with Metasploit. These modules directly communicate with Metasploit to setup the modules which will be used in further browser exploitation. These videos demonstrate how to use the Samurai WTF distribution’s initial setup of BeEF, and to upgrade it to the latest version. Once you are upgraded to the latest version, there are 2 more videos, one to utilize the integration to do "point and click" browser autopwn from a browser hooked via XSS. The other example demonstrates how to leverage a domain’s "Local Intranet" policy to capture NTLM/LM Challenge credentials with a static challenge, which can then be turned into usable credentials. The Metasploit code required for this to work is in the 3.3 dev trunk and was added in August after Defcon, so you may need to pull out of the dev trunk to have all of the pieces you need.

Wade Alcorn is the author and maintainer of BeEF and was a great help in getting these added. If you haven’t checked out BeEF before watching these videos, hopefully you will check it out now. If you have more great ideas for ways to extend and contribute to the framework please do so. I also appreciate H D Moore’s help in getting the Metasploit code to make all of this work seamlessly into the Metasploit trunk. You can find some additional videos of RSnake and Jabra’s content on Vimeo.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

 

Continue Reading

Review: Penetration Testing with BackTrack by Offensive Security Part 2

| September 14, 2009

pwb_box.jpgRyan Linn is back with Part 2 of his review of PWB. It’s shaping up to be a four-part series of weekly insights as he progresses through the course with a final compilation review to follow. This is a new format for us at EH-Net, so please let us know in the forums what you think as we experiment.

As a reminder, PWB is described by Offensive Security as, "‘Pentesting with BackTrack’ (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Linn}

Continue Reading