Recent Articles

Hack First, Policy Second – A Mobile Device Story

| August 30, 2013 | 1 Comment

Hack First, Policy Second - Apple Hack with a CleaverLike many of you I was extremely excited when my organization started allowing purchases of iPhones and Android devices.  With the entire buzz around “the consumerization of IT” and “Bring Your Own Device (BYOD),” it wasn’t long before these devices started becoming a necessity for business rather than simply the coolest new gadget.  Syncing my email and calendar was a great first start, although I have to admit the electronic leash has become quite long in the past few years.  When I was able to make travel reservations, submit expense reports, attend internal web conferences, review Statements of Work (SoW) and presentations all without opening my laptop, I became a huge fan. Policy never came to mind much less a hack first mentality.

If you’ve read any of my previous articles, then you will realize I come from a hacking background first and foremost.  Therefore, when I began to delve into mobile security, I didn’t start with learning best practices or how to develop secure mobile applications.  And a corporate policy was definitely the last thing on my mind. I simply wanted to start breaking things.  However, as it wouldn’t do to brick a corporate device, I explored the possibility of purchasing an iPhone/iPad/iPod without a data plan to use as a hardware testing platform.  This was not only a stroke of genius for learning mobile application security, but it led to this article.  So let’s look at a practical business decision, but, from the get-go, approach it as a hacking exercise.

Continue Reading

Course Review: eLearnSecurity Web Application Penetration Testing (WAPT)

| August 23, 2013 | 5 Comments

eLearnSecurity Web Application Penetration Testing Review - Course LogoAs security testers and ethical hackers, we are all looking for a better and more efficient way to infiltrate our clients’ target networks. For some time now, breaching an organization from the external-facing network has been much more difficult, as security has been more tightly controlled. Next Generation Firewalls (NGFW), Intrusion Detection/Prevention Systems (IDP/IPS), Demilitarized Zones (DMZ), and other implementations of layered security have become increasingly prevalent in security conscious organizations. As the defense has adapted, so has the offense. Both the good and the bad guys alike have turned more attention towards attacking weak web applications and are finding that these websites are the gateways into the network of the target organization. To keep up with this trend and to provide the required knowledge and skills to those responsible for testing web security, new courses have arisen with a focus on web applications. Enter eLearnSecurity Web Application Penetration Testing (WAPT), a new course by the provider of online security training.

EH-Net Exclusive 10% discount with code: WAPT-10P3M
Expires August 31st 11.59 PM PST

Most high profile attacks in the news these days happened because not only is web and cloud usage skyrocketing, but it has also become the low hanging fruit in many organizations. Web vulnerabilities may lead to information disclosure, session hijacking, stolen sensitive information, and even system compromise. Is your organization ready to handle these types of attacks? Do you have newer employees that need to get up to speed with their co-workers? Are you a seasoned professional looking to keep up with the latest attack trends? Stick with us after the break as we take an extensive look into the latest online course and certification for web application security.

Continue Reading

August 2013 Free Giveaway Sponsor – SANS CyberCon Fall 2013

| August 6, 2013 | 8 Comments

Win a SANS Live Online Training Course = up to $4845!

EH-Net August 2013 Free Giveaway Sponsor - SANS CyberCon Fall 2013 LogoIn a continuing effort to provide top quality training in a format that helps those with strapped travel budgets, SANS has developed a series of live online training platforms. SANS online students attend popular courses that are taught online by SANS’ top instructors. In short, SANS CyberCon, vLive and Simulcast are perfect options for professionals who wish to keep their skills current but cannot travel due to personal or professional commitments! One top EH-Net contributor will win their choice of the following online courses (exam not included) being offered at SANS CyberCon Fall 2013:

  • SEC401: Security Essentials Bootcamp Style
  • SEC504: Hacker Techniques, Exploits & Incident Handling
  • SEC575: Mobile Device Security and Ethical Hacking
  • FOR408: Computer Forensic Investigations – Windows In-Depth
  • LEG523: Law of Data Security and Investigations
  • Two NEW Audit courses running back-to-back – AUD444: Auditing Security and Controls of Active Directory and Windows, AUD445: Auditing Security and Controls of Oracle Databases

Can’t make the specific dates of SANS CyberCon Fall 2013? No problem. SANS has kindly offered up additional choices for your online training pleasure. So the winner this month gets to pick any of the courses listed above for CyberCon or any of the courses listed after the break for SANS vLive or SANS Simulcast. Of course the only way to win is to contribute mightily to the EH-Net Community. Become a member, participate, and this or a future prize could be yours. Ask around… people really do win on EH-Net. And if not this month, then you still can come out ahead by using Coupon Code EHN_05 for 5% Off any SANS course in any format. Hey… everybody wins!!

Continue Reading

Course Review: SANS SEC573 Python for Penetration Testers

| July 29, 2013 | 1 Comment

Course Review: SANS SEC573 Python for Penetration Testers - Python LogoPython has rapidly become a popular language for security professionals. It’s human readable with an easy syntax, has a comprehensive standard library and easily importable external libraries, is multi-platform, and is suitable for both larger programs and smaller scripts alike. Python is easy to learn for novice programmers yet robust enough for seasoned developers. What makes it such an effective tool for security professionals is the support of extensive libraries specifically designed for penetration testing. For that reason, it makes perfect sense for the SANS Institute to add SEC573 Python for Penetration Testers to their vast list of InfoSec courses.

SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more. You also learn how to use Python to create an encoded backdoor to evade IDS and antivirus controls. This article presents an extensive day-by-day review of the in-person course taught by Mark Baggett, the author of SANS Python for Penetration Testers course and the pyWars gaming environment.

Continue Reading

Exclusive First Look: ImmuniWeb by High-Tech Bridge

| July 19, 2013 | 1 Comment

Exclusive First Look: Logo of Immuniweb by High-Tech BridgeEver since the Internet took off from its humble beginnings as a simple connection between the two networks of UCLA and Stanford for educational purposes, it has increasingly been used by the global population as a means of communication, commerce, charity and much more. The myriad ways of utilizing the Internet backbone all require software engineering of web-enabled applications (webapps). A new product from High-Tech Bridge SA called ImmuniWeb® performs webapp security assessments. If you’re like me, you’re probably thinking that this is just another webapp vulnerability scanner but hang on! It provides an innovative hybrid approach along with some really creative additional modules for assessing security beyond just the webapp. Why would we need such a hybrid approach?

Critical systems are being moved to the Internet by every industry, each of which now requires diligence to ensure their own existence. Education uses the Internet to evolve learning platforms and make enrollment more efficient. The media industry uses the Internet for everything from personal blogs to content delivery of every type. Commercial industry utilizes it from customer service to revenue collection. Banking from account management to funds transfer. Communication from voice and data. Government is using technology to… well let’s not turn this into a political argument. Let’s just take a detailed look at this unique new offering and how it can help the security posture of your entire organization regardless of the industry to which you belong.

Continue Reading

July 2013 Free Giveaway Sponsor – MIS Training Institute

| July 15, 2013 | 0 Comments

Win Ticket to Cloud Security Alliance Congress 2013 = $1295!

MIS Training Institute - Cloud Security Alliance LogoIn EH-Net’s continuing effort to get our readers involved in the many events on EH-Net’s Global Calendar, we have another free ticket to a conference. This time, it is not tied to one specific event. This month we have partnered with MIS Training Institute (MISTI), “the international leader in audit and information security training, with offices in the USA, UK, and Asia. MIS’ expertise draws on experience gained in training more than 200,000 delegates across five continents.” They’ve agreed allow the winner of this month’s prize to choose free admission to any conference they produce within the next twelve months such as Cloud Security Alliance Congress 2013 being held in Orlando, FL from December 4-5:

The CSA Congress is the industry’s premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congress will focus on emerging areas of growth and concern in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.

Other MISTI events include Audit World 2013, ITAC 2013, Mobile & Smart Device Security 2013 and InfoSec World Conference & Expo 2014. All of these conferences and more (seminars not included) will be on the list of events from which our winner can choose. All you have to do is become a member of EH-Net and contribute here on the site, our LinkedIn Group, Tweet about us… and you could be networking with other professionals and advancing your career at one of these respected industry events.

Only members are eligible!
Registration Is FREE!

Continue Reading

June 2013 Free Giveaway Winner of Black Hat USA Ticket

| July 15, 2013 | 9 Comments

We have a winner of Black Hat USA 2013 Briefings Pass = $2195!

Black Hat USA 2013 Logo

Hard to believe it’s that time of year again, but here we are. Time to start gearing up for the madness that is the annual trek to Vegas for Black Hat USA and DEFCON. As we do with most of our prizes, we kindly ask that if someone can’t utilize the prize, then kindly decline. We’d always prefer someone benefiting from a prize instead of it sitting unused. So after several tries, I found someone who fit the bill – participates on the site and can make it to Vegas. To make it even better, this will be his first BH! I love my job. Here’s a short description of what EH-Net member, caissyd, will get to enjoy:

Black Hat USA is the most intensely technical and relevant global information security event in the world, encouraging collaboration between academia, leaders in the public and private sectors, and world-class researchers. Nowhere else in the world will you experience the same caliber of conversations and continuing education, within a strictly vendor-neutral and friendly environment. Each year, the brightest minds in security come together in Las Vegas for six days of learning, networking and high-intensity skills building. Back for its 16th year, the Black Hat USA Briefings and Trainings will take place July 27-August 1, 2013.

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; spread the word of EH-Net to your social networks; help a newbie… quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Continue Reading

Hacking WordPress with XSS to Bypass WAF and Shell an Internal Box

| July 3, 2013 | 4 Comments

Hacking WordPress with XSS to Bypass WAF and Shell an Internal Box - WordPress LogoWordPress is by far the most popular Content Management System (CMS) in the world today.  According to W3 Techs, “WordPress is used by 58.2% of all the websites whose content management system we know. This is 18.6% of all websites.”  As with most modern, popular CMSs, the WordPress application itself is hardened and secure out of the box.  But to get all of the cool ‘stuff’ to make your site memorable and engaging, WordPress site owners often use 10 – 20 plugins for each installation.  As of July 2013, WordPress.org lists 25,700 plugins with more than 475 million downloads, and that doesn’t include those outside of the WordPress repository.  It’s these third party plugins that leave a tight framework vulnerable to exploitation and attempts at hacking WordPress common.  Many installed plugins remain unpatched or overlooked, and even those not activated through the WordPress Dashboard provide an excellent attack surface.  With shared hosting plans and consolidated corporate data centers, it is more often than not that your instance of WordPress is not the only web application residing on your server.

For the sake of brevity, I won’t “beat a dead horse” and talk about why Cross-Site Scripting (XSS) is dangerous.  There still is some confusion surrounding XSS and its role in network breaches, how it is used, and how it can be utilized over and over to do the same thing.  An attacker cannot leverage an XSS flaw to directly “hack” into a server.  Instead, by chaining vulnerabilities together and socially engineering personnel, an attacker can move from XSS to an internal compromise fairly quickly. This tutorial shows how hacking WordPress with a simple XSS flaw can be crafted into a vehicle to intrude on internal networks.

Continue Reading