The past few years were a sort of lull for me. While I’ve continued to read and review books, watch and listen to webcasts and podcasts and do my best to stay ‘fresh’ on the pentesting front, I’ve not had a good opportunity to squeeze in any more ‘structured’ training courses. Ever since completing the OSCE course by Offensive Security (OffSec), I’d been feeling good about much of my repertoire but had been itching to get some solid web courses under my belt. I had contemplated OffSec’s OSWE, but as it’s only offered at BlackHat, has no self-study options and because my work and personal life haven’t offered me time to go down that road, I’d been itching for other options. Enter the eLearnSecurity WAPTX online course.
Rewind the clock to a couple of months ago. I’ve long been familiar with eLearnSecurity, having previously reviewed the eCPPT certification training here at The Ethical Hacker Network (EH-Net) and discussing their various offerings with CEO and Founder, Armando Romeo. Each time I’ve looked at their materials in the past, I’ve been pleased with both the materials presented and the overall ‘bang for the buck’ that they’ve provided. Most recently, I’d been looking at the web application courses they offer, specifically Web Application Penetration Testing – WAPT and Web Application Penetration Testing Extreme – WAPTX. On the one hand I knew that eLearnSecurity was soon to be releasing an updated version of the WAPT course. But the subject matter and descriptions of the WAPTX were really intriguing to me, so I decided to go to the extreme (pun intended). Suffice it to say, I have been very happy with that decision. This course has been outstanding, and I’ve learned a TON from the material in these past two months! Let’s take an in-depth look.
As a life-long learner, and someone who is passionate about both bettering myself and helping others to reach higher and achieve their goals, I’m constantly on the lookout for fresh educational materials particularly in the areas of IT Administration and Security. I’m always amazed at the breadth of knowledge that is available, albeit, often at a substantial cost. I’m even more amazed at the amount of free content available but can’t help but be anxious about the quality, validity and dubious characters claiming to be experts just because they have a YouTube Channel. I’ve recently had the opportunity to get an up-close look at Cybrary, a relatively new online training provider with some known instructors. Oh… And before I forget, I should mention – they’re FREE! Could this be the best of both worlds?
Cybrary’s goal is spelled out very clearly when they describe “Our Revolution” throughout their site. They state, “We believe IT and Cyber Security training should be free, for everyone, forever. We believe that everyone, everywhere, deserves the OPPORTUNITY to learn. What they do with the opportunity is up to them, but the opportunity should be available. Join us in demanding liberation, help us in forcing change.” That’s all well and good. But how’s the actual training?
Dark Side Ops: Custom Penetration Testing enables participants to “break through” to the next level by removing their dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development designed specifically for the target environment.
Dark Side Ops (DSO) is a course on targeted attacks, evasion, and advanced post exploitation… with a twist. The thesis of DSO is this: if you want to credibly simulate a real world attacker, you need advanced capability. You can’t do this with unmodified open source tools. This course teaches students how to build and modify advanced capabilities. Let’s take a closer look.
If you’re doing any wireless penetration testing these days, odds are you have a WiFi Pineapple Mark IV from Hak5 in your toolkit. If you’re not a professional penetration tester or are just starting out with wireless hacking, the Pineapple is a device that will save you a considerable amount of headaches and is easily the best “all-in-one” tool for the job. This first article in a series of three tutorials is all about walking you through those first baby steps of configuration to get your new toy up and running. Part 1 starts with the Mark IV since many shops have this device already. Part 2 of this series covers the new Mark V, and Part 3 will show the device in action on a real pen test.
The first step to being successful in any endeavor is preparation, and the pineapple is no different. This tool packs a considerable amount of options into a small frame, and getting your new device up and running prior to “game time” is critical. We’ll show you how to set up your host computer’s network interfaces, the communication options to talk to the device, installing and configuring modules (known as Infusions), and more. So let’s get to it.
In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. While PWK and CTP have reputations for being intense, grueling courses that require months of sacrifice and dedication, the word “Advanced” is conspicuously absent from their titles. This fact alone should emphasize where Offensive Security AWE falls in relation to these other courses.
After registering for the course, the student must complete a reversing challenge to ensure he or she has a basic understanding of the foundation concepts that are required to digest the course content. The material in the course is far more advanced than the challenge, and successfully completing the challenge is no guarantee that the student is fully prepared for the course. However, if the student is unable to complete this challenge, or has extreme difficulty with it, there is a significant gap in requisite knowledge, and it is recommended to pursue the course at a later date after additional preparation. Did I mention “Advanced?”
It’s a Thursday evening, and happy hour begins in a few minutes. You’re ready to get out of the office, as quickly as possible. You’ve been working on a report, and you know you still have work to do in the morning. So you lock your machine. It’s safe enough, right? You’ve got a strong password and full disk encryption. Ophcrack or a bootable Linux distro like Kali won’t work. You’d think you’d be fine, but you’d be wrong. More and more, attackers are using blended attacks to get the good stuff, and that includes utilizing the latest in forensic techniques.
There is a single section of your computer full of unencrypted sensitive information any attacker would love to get their hands on: your active memory. The system stores all manner of valuable information in memory for easy reference. Full disk encryption mechanisms must store encryption keys within memory somewhere. The same is true for Wi-Fi encryption keys. Windows keeps the registry hives in memory, and consequently the System and SAM hives. Most clipboards are stored within memory. Many applications keep passwords within memory. The point is, memory houses much of the valuable information that the system needs at a moment’s notice. Getting to it requires using some of the same forensics techniques employed by attackers. This article helps add some of those techniques to your pentesting toolkit.
Penetration testing is a multi-staged process by which an authorized consultant tests information systems and software for security vulnerabilities, and in turn demonstrates how they can be exploited. Penetration testing has become more and more challenging as vendors, developers and administrators become more aware of the threats and vulnerabilities to their information systems and software. As such, penetration testers have to stay abreast of the cutting-edge techniques used to compromise even the most modern information systems and associated mitigations. In this light, SANS Institute has developed their most technically intense course, SANS SEC 760 Advanced Exploit Development for Penetration Testers.
SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. The course description states that, “Few security professionals have the skillset to discover let alone even understand at a fundamental level why the vulnerability exists and how to write an exploit to compromise it.” Therefore, topics such as threat modeling, IDA Pro, Heap Overflows, Return Oriented Shellcode, and Binary Diffing are just a few of the topics that are covered extensively. This article provides a day-to-day review of the live, in-person course which also happens to be taught by the courseware developer himself, Stephen Sims.
Like many of you I was extremely excited when my organization started allowing purchases of iPhones and Android devices. With the entire buzz around “the consumerization of IT” and “Bring Your Own Device (BYOD),” it wasn’t long before these devices started becoming a necessity for business rather than simply the coolest new gadget. Syncing my email and calendar was a great first start, although I have to admit the electronic leash has become quite long in the past few years. When I was able to make travel reservations, submit expense reports, attend internal web conferences, review Statements of Work (SoW) and presentations all without opening my laptop, I became a huge fan. Policy never came to mind much less a hack first mentality.
If you’ve read any of my previous articles, then you will realize I come from a hacking background first and foremost. Therefore, when I began to delve into mobile security, I didn’t start with learning best practices or how to develop secure mobile applications. And a corporate policy was definitely the last thing on my mind. I simply wanted to start breaking things. However, as it wouldn’t do to brick a corporate device, I explored the possibility of purchasing an iPhone/iPad/iPod without a data plan to use as a hardware testing platform. This was not only a stroke of genius for learning mobile application security, but it led to this article. So let’s look at a practical business decision, but, from the get-go, approach it as a hacking exercise.