RSS/root

Course Review: eLearnSecurity Penetration Testing Student v2

| June 21, 2013 | 13 Comments

Course Review: eLearnSecurity Penetration Testing Student v2 LogoShrinking budgets and geographical diversity are pushing educational trends out of the classroom and into online learning opportunities. But, hands-on training and skills evaluation is a trickier problem to solve in that paradigm. Information Security training is no exception. Yet, many students seeking training in Information Security face barriers of entry involving their prior knowledge, and how to get it. Many offerings assume a level of proficiency above what a beginner may have, especially one who has not already worked in Information Security. To add to the beginner’s frustration, most training organizations don’t offer the background learning necessary to get to that level. Enter the eLearnSecurity (eLS) Penetration Testing Student course.

The eLearnSecurity Penetration Testing Student v2 course addresses the need for online, hands-on education for the beginner. The flexible and self-paced, browser-accessible online course teaches basic foundational concepts for students who wish to enter the field of penetration testing while allowing hands-on application through the Hera Student Lab and, optionally, the Coliseum Web Application Testing Framework. The course provides an ordered and appropriately broad basic introduction into foundational concepts for the beginner. While this course alone will not produce a qualified penetration tester, it provides a guided hands-on opportunity to become familiar with some of the basic concepts. It is effective for those who are exploring the possibility of penetration testing as a career path, or for those who simply want to know more about what penetration testers are capable of doing.

Continue Reading

Human Intel to Navigate the Security Data Deluge

| April 2, 2013

computer_evolution_th.jpgBy Robert J. Shaker II, CISSP, CCSK, CGEIT, CRISC

Since the dawn of man there has been intelligence. Hunter gatherers would venture out and learn from the world around them what each sound, smell, and taste meant. The growl of a large predator would alert them to prepare for a defensive effort or to change paths. The smell of smoke meant other humans were nearby, and the taste of bitter meant something wasn’t edible. As time marched forward, needing to learn more about the other packs of humans around them became more important. There was competition or cooperation for resources but this required getting to know the other pack. Sometimes the best way to do that was to spy on them, to gather human intel about the way they behaved, the way they interacted with each other and to determine how strong or weak they were.

Regardless of the point in history, this has always proven to be true. We can see it as we progress through our modern era. In fact, this became so important that commercial intelligence companies began forming. The Age of Exploration saw a boom in this industry as the colonial armies grew. Their need for intelligence required outside parties, whether to help with the sheer volume of work, geographic disbursement or to give plausible deniability.  Is it so different now?

Today, we are up against countless adversaries. They’re nameless, faceless and shrouded behind false information. The ships that are on the horizon, the spies in our midst and the fortress we protect are all in the digital domain. The virtual skies are foggy and visibility is low. Today’s environment is much more difficult to navigate. The one commonality between these two vastly different times is the importance of human intel, and I’d argue that today it’s even more important than ever. A couple scenarios below will illustrate just how important it is for our innately human talents to remain a vital part of cyber security.

Continue Reading

Network Forensics: The Tree in the Forest

| March 27, 2013

Network Forensics InvestigationBy Todd Kendall

Security professionals are often tasked with the unenviable position of wading through millions of bits of data, the review of thousands of systems, or the evaluation of hundreds of applications.  At the end of the day it is their job to provide the ten thousand foot view of an organization and the highest rated findings that put it at risk.  Information overload is a common theme in today’s society, and management requires the presentation of this material in a digestible manner of typically one page or less.  The ability to provide this service requires what is often referred to as “seeing the forest for the trees.”  In other words, don’t get distracted or bogged down by the minutiae of your discoveries at the risk of overlooking the big picture.

When it comes to computer forensics, however, the tables are flipped.  When an event turns into an incident and management must answer to a board or the company’s shareholders, the ten thousand foot level is no longer adequate.  At this point, every packet that ever crossed your company’s domain becomes suspect, and expectations are set whereby the answers to the questions such as, how did it happen, what damage did it do, where did it come from, when exactly did it occur, and who did it, requires the puzzle to be unraveled and presented in such excruciating detail it would make Melville  take up skim-reading.

Continue Reading

The Security Consulting Sugar High

| January 23, 2013

phillip.jpg By Todd Kendall

It seems pertinent during this time of year, as I finish off the last batch of left over Christmas cookies, some peppermint bark, and a large glass of eggnog, to talk about a phenomenon known as the sugar high.  I’m talking about the high one gets after consuming large amounts of sugar, also called a “sugar rush.” Sugar highs cause twitchiness, spasms, and hyper excitability. Sugar highs do not last very long and leave a person feeling drained afterwards.1

As an IT Security Consultant I have had the opportunity to work with a variety of organizations over the years, often on multiple occasions and on multiple projects that stem from Security Policy Development, Gap Analysis, Penetration Testing, and in some cases Incident Response and Forensics.  When you work with organizations in this capacity it is difficult not to develop personal relationships over time, and, as any good consultant will tell you, you want to gain a “trusted” relationship not only from an ethical point of view but also from a capitalist point of view.  Let’s face it, more trust, means more business.

Like any relationship, you may find yourself in a position at some point where you simply have to tell the other party that they simply aren’t listening. Despite all of the times you have had the same conversation, and they swear up and down to take your advice.

Continue Reading

Tutorial: Fun with SMB on the Command Line

| January 16, 2013

share-folder-icon.jpg By Thomas Wilhelm

I had a question the other day from a student at the Hacking Dojo who was interested in accessing a Windows system remotely through SMB. My initial response was to tell the student that it was similar to FTP, and they should conduct the same type of enumeration against SMB as they do anything else open on the system. Unfortunately, this did not help the student, because their hands-on experience on Windows file sharing was all done using GUI. It then dawned on me that, since I came from a Solaris background, I had a different experience. I would simply map the drives at the command line as a system / network administrator. Because of this, I decided to put together a quick tutorial for my students. Since there might be some additional confusion in the general populace of the security community, I thought getting it published on The Ethical Hacker Network would be beneficial. In a world where security awareness is rapidly increasing and your grandmother even has a secure wireless access point, one might imagine that admins without command line experience and open, anonymous SMB shares are a thing of the past… think again!

During a penetration test (pentest), it is natural to investigate FTP services within a network that allow anonymous access. It is possible that sensitive data is unintentionally placed on an FTP server by non-IT employees (for the sake of convenience) without knowing who else can access the material. During a pentest, I find these anonymous FTP systems quite frequently, and in some cases they serve up useful information. Now, if we compare FTP with system shares, we find that employees are quicker to allow anonymous access to their own files – all it takes is someone wanting access to some document another employee has on their system. In fact, sharing a single file makes it easier to maintain revisions than copying a file back and forth between an FTP server. While that is certainly convenient for the employees, it is obviously quite devastating for the organization’s security posture. So let’s take a look at SMB shares and how we can take advantage of them.

Continue Reading

Interview: Daniel Martin of Dradisframework.org

| December 13, 2012

dradis_logo.jpgReview by Todd Kendall

A few years ago, I had completed a Report on Compliance (ROC) as a Qualified Security Assessor (QSA) based on the Payment Card Industry Data Security Standard (PCI-DSS) and was performing a final read out for a customer, when they showed me a framed copy of the cover letter of my report on the wall. The Chief Compliance Officer told me that this single piece of paper had cost the organization over a million dollars and thousands of man hours. Of course, the engagement was nowhere near the cost he quoted, but, after thinking about it a bit, I realized the preparation, project plans, hardware, software, implementation, testing, segmentation, scope definition, and everything else the customer had done to comply with the standard had led to that moment and that one document.

While I had always felt my documentation was up to par, it wasn’t until that moment that I truly realized the gravity of my reporting. It is necessary to capture not only the efforts I go through to assess the organization appropriately, but also illustrate a consistency and thoroughness that ensures I have captured the efforts the organization had gone through to prove their overall compliance. But, let’s face it, who truly enjoys documentation and how do we ensure consistent, efficient, and repeatable results that can withstand multiple and various types of reviews without the need to completely re-write the report?

I’ve seen many approaches over the years as an Information Security professional ranging from the copy-and-paste from old reports approach (probably still the most prevalent), word templates, and when I was lucky an in-house developed PHP or AJAX report deliverable generators. The problem with these approaches varied. Lack of sanitation when copying and pasting can lead to embarrassment or even lawsuits, word templates aren’t as efficient as we’d like, and code changes to the in-house application are either infrequent or it becomes obsolete over a short period of time because of numerous reporting requirements. Taking these factors into account I began to wonder if there was a solution out there that could address what I had seen over the years and remain flexible enough to keep up with the changing reporting requirements I had, from one engagement to the next? While still relatively young in its maturity, I have hope for the Dradis Framework and wanted to find out more. This interview is the result.

twitter-icon.png delicious.png

Discuss in Forums {mos_smf_discuss:/root}

Continue Reading

Course Review: Penetration Testing Professional v2 by eLearnSecurity

| April 30, 2012

Course Review: Penetration Testing Professional v2 by eLearnSecurity - eLS Logo

It’s rare for an organization to quickly rise to prominence through the release of a new training course, but that’s exactly what eLearnSecurity did with the first release of their Penetration Testing Professional course back in 2010. This upstart company is based in Pisa, Italy with a location in the USA in Colorado as well, but the beauty is that their training is entirely online, so clearly travel is not required.  This review covers the second release of Penetration Testing Professional (affectionately known as PTP2), which most notably contains expanded content and new lab environments.

The course is delivered through a web-based Flash interface. The presentation will be familiar to anyone who has experience with the first iteration of the course, but at the same time the overall feel is cleaner and more polished. A colleague was recently considering web app training, and he was torn between a book and this course. He stated something along the lines of, “My brain is telling me to be economical and just get a book, but my eyes are telling me to go with eLearnSecurity!” That statement sums up the visual experience perfectly.

Continue reading to see if they managed to carry that momentum into the rest of the new version of this course.

Continue Reading

Video: Keyloggers 101

| October 30, 2011

The Ethical Hacker Network TV LogoKeyloggers are usually one of the top picks for a hacker or a spy’s best friend. They basically serve as the eyes and ears of the attacker. They can be based on software or hardware and send detailed reports including the user’s passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity. Most laptops today come with a built-in webcam and microphone and don’t usually give any signal that they have been enabled. Any person who uses that computer will have all their activities monitored and recorded in an encrypted log which only the attacker can access.

In this video, I will present the basics of keyloggers and  also demonstrate a couple of my favorite keyloggers, their features, how hidden they are and how to prevent and detect keyloggers in general. At the end of this primer, the viewer should be able to fully understand where keyloggers fit into both sides of the equation.

Continue Reading