Recent Articles

Using Cold Boot Attacks and Other Forensic Techniques in Penetration Tests

| December 14, 2013 | 2 Comments

Using Cold Boot Attacks and Other Forensic Techniques in Penetration Tests - Frozen RAMIt’s a Thursday evening, and happy hour begins in a few minutes.  You’re ready to get out of the office, as quickly as possible.  You’ve been working on a report, and you know you still have work to do in the morning.  So you lock your machine.  It’s safe enough, right?  You’ve got a strong password and full disk encryption.  Ophcrack or a bootable Linux distro like Kali won’t work.  You’d think you’d be fine, but you’d be wrong. More and more, attackers are using blended attacks to get the good stuff, and that includes utilizing the latest in forensic techniques.

There is a single section of your computer full of unencrypted sensitive information any attacker would love to get their hands on: your active memory.  The system stores all manner of valuable information in memory for easy reference.  Full disk encryption mechanisms must store encryption keys within memory somewhere.  The same is true for Wi-Fi encryption keys.  Windows keeps the registry hives in memory, and consequently the System and SAM hives.  Most clipboards are stored within memory.  Many applications keep passwords within memory.  The point is, memory houses much of the valuable information that the system needs at a moment’s notice.  Getting to it requires using some of the same forensics techniques employed by attackers.  This article helps add some of those techniques to your pentesting toolkit.

Continue Reading

Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers

| November 27, 2013 | 1 Comment

Course Review: SANS SEC 760 - SANS LogoPenetration testing is a multi-staged process by which an authorized consultant tests information systems and software for security vulnerabilities, and in turn demonstrates how they can be exploited. Penetration testing has become more and more challenging as vendors, developers and administrators become more aware of the threats and vulnerabilities to their information systems and software. As such, penetration testers have to stay abreast of the cutting-edge techniques used to compromise even the most modern information systems and associated mitigations. In this light, SANS Institute has developed their most technically intense course, SANS SEC 760 Advanced Exploit Development for Penetration Testers.

SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems.  The course description states that, “Few security professionals have the skillset to discover let alone even understand at a fundamental level why the vulnerability exists and how to write an exploit to compromise it.” Therefore, topics such as threat modeling, IDA Pro, Heap Overflows, Return Oriented Shellcode, and Binary Diffing are just a few of the topics that are covered extensively.  This article provides a day-to-day review of the live, in-person course which also happens to be taught by the courseware developer himself, Stephen Sims.

Continue Reading

Reverse Engineering 101 – Newbie Contest and Webcast with eLearnSecurity

| November 15, 2013 | 15 Comments

Reverse Engineering 101 - Newbie Contest and Webcast with eLearnSecurity - eLS ARES LogoDetails on the new training course from eLearnSecurity is out! There’s been some buzz about the new eLS course and what it could possibly be. As the above title indicates, one of the premier online training organizations is getting into RE. If you are interested in Software Reverse Engineering, either driven by curiosity or by the dream to become a professional in this subject, then the Advanced Reverse Engineering of Software (ARES) course is just what you need to get all the theoretical and practical knowledge to start your journey into the world of RE. And it starts right here with Reverse Engineering 101.

It’s been a while since we’ve had a webcast or a hacking contest, so why not combine them into one big EH-Net Special Event? And to get your Holiday Season rolling in proper EH-Net fashion, we’re also able to offer 5% Off with Coupon Code: EH-Net-5-eLS, even before the official launch date of Nov 26. So go reserve your seat now.

So here’s what we’ve cooked up for all of you EH-Netters out there. Just like you, eLS is also driven by passion, so they prepared a small challenge for their future students. Below is an executable just begging to be broken. You’ll have until Monday Dec 9 to break it. If you do, you’ll be entered into a pool of candidates where one of you will win the entire ARES course + Certification Exam for free! Then stay tuned for a future article with a full write-up as well as a video containing an Intro to RE, the solution to the challenge and the announcement of the winner. Good Luck.

Continue Reading

Book Review: The Basics of Web Hacking

| October 10, 2013 | 0 Comments


The Basics of Web Hacking: Tools and Techniques to Attack the Web
by Josh Pauli was recently released by Syngress Publishing in July of 2013. Dr. Pauli’s resume includes several academic journals, but this appears to be his first published book. But, do not be dissuaded. As you might expect, this first work shows the love of an eager first-time author who has an obvious passion about the subject matter. Dr. Pauli gives a nod to other topical works in the area of web application penetration testing and offers gracious thanks to his influences in the security community.

In the introduction Dr. Pauli is quick to explain the niche that his contribution to the topic fills within the available body of knowledge. He states that the intent of this book is to provide the fundamentals of web hacking for people who have no previous knowledge of web hacking, and that this book might act as an introduction that prepares people to consume some of the more thorough and advanced books on the subject. Keep reading after the break to see if he succeeded.

Continue Reading

Hack First, Policy Second – A Mobile Device Story

| August 30, 2013 | 1 Comment

Hack First, Policy Second - Apple Hack with a CleaverLike many of you I was extremely excited when my organization started allowing purchases of iPhones and Android devices.  With the entire buzz around “the consumerization of IT” and “Bring Your Own Device (BYOD),” it wasn’t long before these devices started becoming a necessity for business rather than simply the coolest new gadget.  Syncing my email and calendar was a great first start, although I have to admit the electronic leash has become quite long in the past few years.  When I was able to make travel reservations, submit expense reports, attend internal web conferences, review Statements of Work (SoW) and presentations all without opening my laptop, I became a huge fan. Policy never came to mind much less a hack first mentality.

If you’ve read any of my previous articles, then you will realize I come from a hacking background first and foremost.  Therefore, when I began to delve into mobile security, I didn’t start with learning best practices or how to develop secure mobile applications.  And a corporate policy was definitely the last thing on my mind. I simply wanted to start breaking things.  However, as it wouldn’t do to brick a corporate device, I explored the possibility of purchasing an iPhone/iPad/iPod without a data plan to use as a hardware testing platform.  This was not only a stroke of genius for learning mobile application security, but it led to this article.  So let’s look at a practical business decision, but, from the get-go, approach it as a hacking exercise.

Continue Reading

Course Review: eLearnSecurity Web Application Penetration Testing (WAPT)

| August 23, 2013 | 5 Comments

eLearnSecurity Web Application Penetration Testing Review - Course LogoAs security testers and ethical hackers, we are all looking for a better and more efficient way to infiltrate our clients’ target networks. For some time now, breaching an organization from the external-facing network has been much more difficult, as security has been more tightly controlled. Next Generation Firewalls (NGFW), Intrusion Detection/Prevention Systems (IDP/IPS), Demilitarized Zones (DMZ), and other implementations of layered security have become increasingly prevalent in security conscious organizations. As the defense has adapted, so has the offense. Both the good and the bad guys alike have turned more attention towards attacking weak web applications and are finding that these websites are the gateways into the network of the target organization. To keep up with this trend and to provide the required knowledge and skills to those responsible for testing web security, new courses have arisen with a focus on web applications. Enter eLearnSecurity Web Application Penetration Testing (WAPT), a new course by the provider of online security training.

EH-Net Exclusive 10% discount with code: WAPT-10P3M
Expires August 31st 11.59 PM PST

Most high profile attacks in the news these days happened because not only is web and cloud usage skyrocketing, but it has also become the low hanging fruit in many organizations. Web vulnerabilities may lead to information disclosure, session hijacking, stolen sensitive information, and even system compromise. Is your organization ready to handle these types of attacks? Do you have newer employees that need to get up to speed with their co-workers? Are you a seasoned professional looking to keep up with the latest attack trends? Stick with us after the break as we take an extensive look into the latest online course and certification for web application security.

Continue Reading

August 2013 Free Giveaway Sponsor – SANS CyberCon Fall 2013

| August 6, 2013 | 8 Comments

Win a SANS Live Online Training Course = up to $4845!

EH-Net August 2013 Free Giveaway Sponsor - SANS CyberCon Fall 2013 LogoIn a continuing effort to provide top quality training in a format that helps those with strapped travel budgets, SANS has developed a series of live online training platforms. SANS online students attend popular courses that are taught online by SANS’ top instructors. In short, SANS CyberCon, vLive and Simulcast are perfect options for professionals who wish to keep their skills current but cannot travel due to personal or professional commitments! One top EH-Net contributor will win their choice of the following online courses (exam not included) being offered at SANS CyberCon Fall 2013:

  • SEC401: Security Essentials Bootcamp Style
  • SEC504: Hacker Techniques, Exploits & Incident Handling
  • SEC575: Mobile Device Security and Ethical Hacking
  • FOR408: Computer Forensic Investigations – Windows In-Depth
  • LEG523: Law of Data Security and Investigations
  • Two NEW Audit courses running back-to-back – AUD444: Auditing Security and Controls of Active Directory and Windows, AUD445: Auditing Security and Controls of Oracle Databases

Can’t make the specific dates of SANS CyberCon Fall 2013? No problem. SANS has kindly offered up additional choices for your online training pleasure. So the winner this month gets to pick any of the courses listed above for CyberCon or any of the courses listed after the break for SANS vLive or SANS Simulcast. Of course the only way to win is to contribute mightily to the EH-Net Community. Become a member, participate, and this or a future prize could be yours. Ask around… people really do win on EH-Net. And if not this month, then you still can come out ahead by using Coupon Code EHN_05 for 5% Off any SANS course in any format. Hey… everybody wins!!

Continue Reading

Course Review: SANS SEC573 Python for Penetration Testers

| July 29, 2013 | 1 Comment

Course Review: SANS SEC573 Python for Penetration Testers - Python LogoPython has rapidly become a popular language for security professionals. It’s human readable with an easy syntax, has a comprehensive standard library and easily importable external libraries, is multi-platform, and is suitable for both larger programs and smaller scripts alike. Python is easy to learn for novice programmers yet robust enough for seasoned developers. What makes it such an effective tool for security professionals is the support of extensive libraries specifically designed for penetration testing. For that reason, it makes perfect sense for the SANS Institute to add SEC573 Python for Penetration Testers to their vast list of InfoSec courses.

SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more. You also learn how to use Python to create an encoded backdoor to evade IDS and antivirus controls. This article presents an extensive day-by-day review of the in-person course taught by Mark Baggett, the author of SANS Python for Penetration Testers course and the pyWars gaming environment.

Continue Reading