Recent Articles

June 2013 Free Giveaway Winner of Black Hat USA Ticket

| July 15, 2013 | 9 Comments

We have a winner of Black Hat USA 2013 Briefings Pass = $2195!

Black Hat USA 2013 Logo

Hard to believe it’s that time of year again, but here we are. Time to start gearing up for the madness that is the annual trek to Vegas for Black Hat USA and DEFCON. As we do with most of our prizes, we kindly ask that if someone can’t utilize the prize, then kindly decline. We’d always prefer someone benefiting from a prize instead of it sitting unused. So after several tries, I found someone who fit the bill – participates on the site and can make it to Vegas. To make it even better, this will be his first BH! I love my job. Here’s a short description of what EH-Net member, caissyd, will get to enjoy:

Black Hat USA is the most intensely technical and relevant global information security event in the world, encouraging collaboration between academia, leaders in the public and private sectors, and world-class researchers. Nowhere else in the world will you experience the same caliber of conversations and continuing education, within a strictly vendor-neutral and friendly environment. Each year, the brightest minds in security come together in Las Vegas for six days of learning, networking and high-intensity skills building. Back for its 16th year, the Black Hat USA Briefings and Trainings will take place July 27-August 1, 2013.

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; spread the word of EH-Net to your social networks; help a newbie… quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Continue Reading

Hacking WordPress with XSS to Bypass WAF and Shell an Internal Box

| July 3, 2013 | 4 Comments

Hacking WordPress with XSS to Bypass WAF and Shell an Internal Box - WordPress LogoWordPress is by far the most popular Content Management System (CMS) in the world today.  According to W3 Techs, “WordPress is used by 58.2% of all the websites whose content management system we know. This is 18.6% of all websites.”  As with most modern, popular CMSs, the WordPress application itself is hardened and secure out of the box.  But to get all of the cool ‘stuff’ to make your site memorable and engaging, WordPress site owners often use 10 – 20 plugins for each installation.  As of July 2013, WordPress.org lists 25,700 plugins with more than 475 million downloads, and that doesn’t include those outside of the WordPress repository.  It’s these third party plugins that leave a tight framework vulnerable to exploitation and attempts at hacking WordPress common.  Many installed plugins remain unpatched or overlooked, and even those not activated through the WordPress Dashboard provide an excellent attack surface.  With shared hosting plans and consolidated corporate data centers, it is more often than not that your instance of WordPress is not the only web application residing on your server.

For the sake of brevity, I won’t “beat a dead horse” and talk about why Cross-Site Scripting (XSS) is dangerous.  There still is some confusion surrounding XSS and its role in network breaches, how it is used, and how it can be utilized over and over to do the same thing.  An attacker cannot leverage an XSS flaw to directly “hack” into a server.  Instead, by chaining vulnerabilities together and socially engineering personnel, an attacker can move from XSS to an internal compromise fairly quickly. This tutorial shows how hacking WordPress with a simple XSS flaw can be crafted into a vehicle to intrude on internal networks.

Continue Reading

Course Review: eLearnSecurity Penetration Testing Student v2

| June 21, 2013 | 13 Comments

Course Review: eLearnSecurity Penetration Testing Student v2 LogoShrinking budgets and geographical diversity are pushing educational trends out of the classroom and into online learning opportunities. But, hands-on training and skills evaluation is a trickier problem to solve in that paradigm. Information Security training is no exception. Yet, many students seeking training in Information Security face barriers of entry involving their prior knowledge, and how to get it. Many offerings assume a level of proficiency above what a beginner may have, especially one who has not already worked in Information Security. To add to the beginner’s frustration, most training organizations don’t offer the background learning necessary to get to that level. Enter the eLearnSecurity (eLS) Penetration Testing Student course.

The eLearnSecurity Penetration Testing Student v2 course addresses the need for online, hands-on education for the beginner. The flexible and self-paced, browser-accessible online course teaches basic foundational concepts for students who wish to enter the field of penetration testing while allowing hands-on application through the Hera Student Lab and, optionally, the Coliseum Web Application Testing Framework. The course provides an ordered and appropriately broad basic introduction into foundational concepts for the beginner. While this course alone will not produce a qualified penetration tester, it provides a guided hands-on opportunity to become familiar with some of the basic concepts. It is effective for those who are exploring the possibility of penetration testing as a career path, or for those who simply want to know more about what penetration testers are capable of doing.

Continue Reading

June 2013 Free Giveaway Sponsor – Black Hat USA

| June 5, 2013 | 1 Comment

Win Black Hat USA 2013 Briefings Pass Worth $2195!

Black Hat USA 2013 Logo

Hard to believe it’s that time of year again, but here we are. Time to start gearing up for the madness that is the annual trek to Vegas for Black Hat USA and DEFCON. We have a number of readers that come to EH-Net looking to be educated in the ways of professional hacking. Not everyone is a seasoned pro. I hate to assume that everyone knows of these security events. So, for you newbies, here’s the official description:

Black Hat USA is the most intensely technical and relevant global information security event in the world, encouraging collaboration between academia, leaders in the public and private sectors, and world-class researchers. Nowhere else in the world will you experience the same caliber of conversations and continuing education, within a strictly vendor-neutral and friendly environment. Each year, the brightest minds in security come together in Las Vegas for six days of learning, networking and high-intensity skills building. Back for its 16th year, the Black Hat USA Briefings and Trainings will take place July 27-August 1, 2013.

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; spread the word of EH-Net to your social networks; help a newbie… quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Continue Reading

April 2013 Free Giveaway Sponsor – eLearnSecurity

| April 5, 2013

Win 3 Prizes Worth $1700!

eLearnSecurity LogoShhhh… Don’t tell anyone, but there’s a new course coming from eLearnSecurity on webapp pentesting. And before it even goes live, all you EH-Netters have a shot at winning a free seat. If their past courses and projects like Coliseum and Hack.Me are any indication of the quality, this should be a very well received online class and practical exam. Of course we’ll be the judge of that as EH-Net Columnist, Jason Haddix, is working on the review as we speak. If you’d like to get info immediately when it’s made available, please fill out the webform for the New eLearnSecurity Training and Certification Path on Web Application Security, and you will also get a whopping 30% OFF at launch! But don’t say anything!

In addition to the behind-the-scenes work on the new webapp course, eLearnSecurity has also been busy lately updating Penetration Testing - Student. We’ll share our thoughts on this course as well in an upcoming review by appropriately enough a new writer for EH-Net, Heather Pilkington. So with that, I’m sure all you hackers out there have figured out that members can win 1 of 3 prizes listed below:

- 1 seat in the soon-to-be-released eLearnSecurity WebApp Professional Course worth $900
- 2 seats in the Penetration Testing – Student v2 Course worth $400 each

You know the drill. You win by participating in the EH-Net Community. So get at it!

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; spread the word of EH-Net to your social networks; help a newbie… quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Continue Reading

Human Intel to Navigate the Security Data Deluge

| April 2, 2013

computer_evolution_th.jpgBy Robert J. Shaker II, CISSP, CCSK, CGEIT, CRISC

Since the dawn of man there has been intelligence. Hunter gatherers would venture out and learn from the world around them what each sound, smell, and taste meant. The growl of a large predator would alert them to prepare for a defensive effort or to change paths. The smell of smoke meant other humans were nearby, and the taste of bitter meant something wasn’t edible. As time marched forward, needing to learn more about the other packs of humans around them became more important. There was competition or cooperation for resources but this required getting to know the other pack. Sometimes the best way to do that was to spy on them, to gather human intel about the way they behaved, the way they interacted with each other and to determine how strong or weak they were.

Regardless of the point in history, this has always proven to be true. We can see it as we progress through our modern era. In fact, this became so important that commercial intelligence companies began forming. The Age of Exploration saw a boom in this industry as the colonial armies grew. Their need for intelligence required outside parties, whether to help with the sheer volume of work, geographic disbursement or to give plausible deniability.  Is it so different now?

Today, we are up against countless adversaries. They’re nameless, faceless and shrouded behind false information. The ships that are on the horizon, the spies in our midst and the fortress we protect are all in the digital domain. The virtual skies are foggy and visibility is low. Today’s environment is much more difficult to navigate. The one commonality between these two vastly different times is the importance of human intel, and I’d argue that today it’s even more important than ever. A couple scenarios below will illustrate just how important it is for our innately human talents to remain a vital part of cyber security.

Continue Reading

February 2013 Free Giveaway Winner of SANS CyberCon Training

| March 30, 2013

We Have a Winner!

SANS CyberCon 2013 ImageIn a slight twist but not completely out of the ordinary, I have an announcement. As most of you know, I pick the winners not only based on participation but also on the ability to utilize the prize. I have also in the past taken special requests and rearranged winners to meet the needs of those who contribute the most. This usually takes place behind the scenes and is often the reason it looks as though someone who didn’t participate the most wins. Because many others couldn’t utilize the prize, and I thus had to keep going down the list. That being said, I want to continue to be fair. Last month’s winner was absolutely deserving but couldn’t use the prize. So I’m making an executive decision and announcing that UNIX will receive the seat at SANS CyberCon beginning April 22 with his choice of the following:

- SEC401: Security Essentials Bootcamp Style ($4,645)
- SEC504: Hacker Techniques, Exploits & Incident Handling ($4,845)
- SEC575: Mobile Device Security and Ethical Hacking ($4,845)
- FOR408: Computer Forensic Investigations – Windows In-Depth ($4,845)
- MGT414: SANS +S Training Program for the CISSP Certification Exam ($3,995)

SANS is also offer two NEW Audit courses at SANS CyberCon, running back-to-back.
- AUD444: Auditing Security and Controls of Active Directory and Windows ($2400)
- AUD445: Auditing Security and Controls of Oracle Databases ($2400)

So yes, this means that there’s still a chance to win last month’s prize of a full version of Metasploit Pro with 1 year of support. I will be contacting deserving EH-Netters very soon to give this prize away. I’ll make the announcement in the forum thread for the Holiday Giveaway. Congrats and good luck to all of you as the prizes continue throughout 2013.

PS – If you didn’t win, you still get a prize of 5% Off w/ Coupon Code: EHN_05

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie… quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Continue Reading

Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties

| March 29, 2013

Bugcrowd LogoBy Jason Haddix

Love it or hate it, crowdsourcing is here to stay. While it’s been mostly confined to development and design, eventually it was going to come to security.  Two such gentlemen trying to pioneer the space are Casey Ellis and Sergei Belokamen. Being long-time hackers and having seen how the security space works, they decided to start Bugcrowd. Here’s a description directly from the source:

“Bugcrowd is by far the most comprehensive and cost-effective way to secure websites and mobile apps. We’ll do a brief consultation and help you set the budget, the duration, and which websites or apps you’d like our curated crowd of researchers to test. The Bugcrowd researchers get to work finding security flaws in your applications. All testing can be routed through Bugcrowd’s crowd-control system, providing control and accountability. Any bugs are submitted to our Secure Operations Centre as soon as they are found. We validate the flaws and, at the end of the bounty, reward the first researcher to find each unique flaw. We provide you with an easy to understand report for you to hand to your developers… We can even recommend partners to help you fix what we find!”

Join me as I interview them both about their new venture and uncover some interesting information about security testing on a massive scale, as well as how to start. For example, if you are a tester looking to participate, it couldn’t be easier. Fill out the “Ninja” form and create an online profile (public or private) in which you provide Bugcrowd with your PayPal email address. Then you wait until you receive an email message announcing a new bounty… and it looks a little something like this…

Continue Reading