.

Q&A for Pen Testing Perfect Storm Webcast Series: Part I

<<

LinearNetworking

Newbie
Newbie

Posts: 2

Joined: Tue Aug 26, 2008 2:41 pm

Post Thu Oct 16, 2008 12:59 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

Awesome Present Guys! Cant wait for the next one.
My question is more toward the certification process of doing the trifecta of Network, Wireless and Application based Pen testing disciplines. I know that you guys have the SANS programs that you teach for. Is there any other certs that you would recommend for someone who is hard core dedicated to the EH and Pen Testing disciplines?

Also, Have any of you had good success using the techniques discribed yesterday using BeEF over a bluetooth access point that uses more of a PPPoE Model??? or is it more geared towards standard 802ABGX related????

Thanks again for the great presentation, Makes a pen test knowledge hungry person like me feel more in the loop.
<<

edskoudis

Newbie
Newbie

Posts: 10

Joined: Tue Dec 18, 2007 6:26 am

Post Thu Oct 16, 2008 4:12 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

This morning, a good friend of mine asked two questions based on our webcast yesterday.  They were such good questions, I figured I’d address them here.

First off, he asked about how a pen tester could verify that the hooked browser near the start of our sample scenario is within the scope of the project.  It’s a great question, and we plan on getting into details about how to do that in the second and third webcasts in the series.  We’ll talk about different architectural approaches using client-side and web-server-side code to determine where on the network the browser is located to make sure it is kosher to include it in the pen test.  So, stay tuned on that one.  We’ve got a bunch of slides summarizing a variety of approaches.

His second question revolved around how to get customers who procure pen tests to include such combined work in their tests.  I jokingly responded saying that you should do webcasts on the subject and hope your customers listen in and get the idea.  But, more seriously, I explained that we do try to discuss combined tests up front during the initial scoping meetings with our clients to gauge their interest.  Sometimes, they do sign up for a test that is a combination of the two or three vectors we discussed: network, web, and wireless.  But, rather often, they tell us that they only have budget for one of those vectors, such as wireless.  I told my friend that we then commence on the given test that the client has planned.  Then, when we make some progress and get some form of access, we ask our client, “Do you want us to see how far we can go here?”  They often do, thereby placing the more complex and powerful combined attack vectors in play.  Customers often get excited by this, because they can see that we’ve scratched the surface and, with the increase in scope, will likely be able to help them make their case for security improvements.  So, the short answer to my friend’s second question is to try to scope it in up front, and if that fails, consider running it by the client after a major discovery during a traditional non-combined pen test.
<<

bugmenot

Newbie
Newbie

Posts: 2

Joined: Thu Sep 06, 2007 12:30 pm

Post Thu Oct 16, 2008 8:11 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

Any chance this series will be hosted offline somewhere (recorded).
<<

LSOChris

Post Fri Oct 17, 2008 5:15 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

i got an email that it was recorded and hosted on the sans site (webcast archives)
<<

epyonx

Newbie
Newbie

Posts: 1

Joined: Thu Aug 21, 2008 10:30 pm

Post Fri Oct 17, 2008 8:08 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

This was a great webcast. Now I think about pentests in a different manner. Something that I found particularly helpful were slides 28-30. It had a list skills and knowledge needed for the different kinds of pentesting. It gave me a baseline for me to build on. I forgot all about beef; I am going to have to play with BEEF this weekend.

Ed => great seeing you at CSAW. I will get first place next time !
<<

nicsec

Newbie
Newbie

Posts: 4

Joined: Thu Oct 16, 2008 1:29 pm

Post Fri Oct 17, 2008 7:18 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

I missed it live but I watched the archive yesterday.  It was really good to see how different pen testers approach different customer scenarios.

I am looking forward to Part II and will spend some time with BeEF until then.
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Tue Oct 21, 2008 11:37 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

Thomas wrote:I missed it live but I watched the archive yesterday.  It was really good to see how different pen testers approach different customer scenarios.


Glad to hear you enjoyed it.  I always love hearing tips and tricks from the perspective of other people also.

Thomas wrote:I am looking forward to Part II and will spend some time with BeEF until then.


As you can tell from the webcast, BEeF is one of my favorite tools.  I recommend highly that you look into how to expand the system.

Kevin
<<

joswr1ght

Newbie
Newbie

Posts: 11

Joined: Wed Oct 15, 2008 12:55 pm

Post Tue Oct 21, 2008 1:20 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

LinearNetworking wrote:Also, Have any of you had good success using the techniques discribed yesterday using BeEF over a bluetooth access point that uses more of a PPPoE Model??? or is it more geared towards standard 802ABGX related????


I seldom find Bluetooth AP's using the RFCOMM, PPP or Bluetooth Network Encapsulation Protocol (BNEP).  Most of my experience with Bluetooth AP's has not been in manipulating clients using the device, but in leveraging it as a network access mechanism that escapes 802.11 rogue AP identification.

It's probably not common to find users leveraging a Bluetooth AP for wireless connectivity due to the greater cost associated with the hardware and the relative popularity of 802.11.  However, that doesn't mean there aren't other uses for Bluetooth AP's... ;)

Thanks,

-Josh
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Tue Oct 21, 2008 2:38 pm

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

I have a general question for all 3 guys. I'm sure its an infrequent occurrence that you find a network you cannot hack. However in that rare occasion, what are some of the things that present the biggest obstacles to your pen test?

I'm interested in learning about when companies get security right. And not necessarily even certain technologies like WIDS or RSA authentication, it could just be use of procedures like patching, centralized logging or investments in user security awareness training.

Cheers!
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Oct 22, 2008 7:34 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

Great webcast guys, finally got it it :). Now that I have listened to it, I have new tools to play around with.

Kevin - I was just browsing through the samurai CD and could not see BeEF on it. As there plans to put it there ?

Thanks

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Wed Oct 22, 2008 10:37 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

vijay2 wrote:Great webcast guys, finally got it it :). Now that I have listened to it, I have new tools to play around with.

Kevin - I was just browsing through the samurai CD and could not see BeEF on it. As there plans to put it there ?

Thanks

VJ


Glad to hear you are checking out Samurai.  As to BEeF, it is installed.  Since it is a web application, it is found in the bookmarks on Firefox.  The controller and the hook are in the "Samurai Tools" bookmark folder.

Kevin
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Wed Oct 22, 2008 10:42 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

In the next few posts, I am going to post some of the questions we received after the web cast was finished as well as answering them. :)

Kevin
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Wed Oct 22, 2008 10:43 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

We received many questions about the Tokoso! tool and where to look into it.

Yokoso! Is the tool I mentioned.  It is an infrastructure fingerprinting system delivered via XSS attacks.  More information regarding it is available at http://yokoso.inguardians.com
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Wed Oct 22, 2008 10:44 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

How do you rate BeEF in comparison to metasploit? Similar? Better? Just another tool?


BEeF and metasploit actually fit into two different niches. 

Metasploit is an framework for creating, building and delivering exploits. 

BEeF is a framework for delivering browser payloads, but does not provide any means for creating or building them.
Last edited by KevinInGuardians on Wed Oct 22, 2008 10:49 am, edited 1 time in total.
<<

KevinInGuardians

Newbie
Newbie

Posts: 15

Joined: Wed Oct 15, 2008 1:26 pm

Post Wed Oct 22, 2008 10:45 am

Re: Q&A for Pen Testing Perfect Storm Webcast Series: Part I

Does BeEf leave a signiture rthat can be searched?


The hook script does not.  Currently it is not detected by any antivirus tools that I have tested.  The controller application is detected by antivirus.
PreviousNext

Return to Special Events

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software