Friday, July 29, 2011

[Book-Review] BackTrack 4: Assuring Security by Penetration Testing

BackTrack 4: Assuring Security by Penetration Testing

BackTrack 4: Assuring Security by Penetration Testing
By Shakeel Ali, Tedi Heriyanto


Although experienced Pentesters may think it's yet another Tool-based teaching book, it's a must-read book for users of BackTrack. All in all, the written style is clear and concise. The authors have several years of experience in Penetration Testing and thus they clearly enlighten readers as to the whole pentesting methodology in accordance with the BackTrack Tools layout from starting Recon phase to ending Report Deliverables phases.  In some areas, they demonstrate the use of the updated version of tools that might have been outdated in BackTrack 4/its PwnSauce SVN.

As it's based on BackTrack4, some tools will not be included in BackTrack 5 or later. So, you better have BackTrack4 by side in order to practise the tools you haven't mastered.

Thursday, July 14, 2011

Nmap Script - customize port rules

Nmap scripts are tuned to check only the specific services they intend.
For example, ssl scripts (ssl-cert.nse, ssl-enum-ciphers.nse, sslv2.nse) are designed to check only for ssl-related services.

Here, if you didn't specify -V service/version detection option and your target service is not in default port,  your intended scripts wouldn't run on that port.

In times when you want to send less traffic and save time because you already know about your target info, you can fine-tune ./nselib/shortport.lua to add your own port rules.

Friday, July 8, 2011

Advanced Persistent Threats (APTs)

SomeReal-word Incidents:

Nowadays'Challenge to Cyber Attackers:
  • Network Perimeters are pretty tightened
  • Defense-in-Depth approach in each layer of Network
  • Real time network monitoring, intrusion detection systems

What didCyber Attackers find out?
  • Host-based or Endpoint protection systems usually fail to detect customized or unknown malwares  ; in other words, these systems can be tricked into thinking a malware as innocent ware by repeated trial-n-error testings of binary modification or other means like direct attack to these systems
  • Due to basic security awareness trainings and past common outbreak of virus via unknown emails,  people are ready to skip to mails from unknown senders. Anti-spam security solutions have done a good job in filtering spam/junk mails. 
  • Whatsoever, it is hard to train people to have security-sense awareness for always.

What dowe learn about APTs?
  • Most APTs targets human as the main victim. From it, deeper attack paths are carried out.
  • APTs attacks include spear phishing attack vector as the main successful penetration entry
  • APTs attacks exploit known and unknown vulnerabilities in commonly-used softwares in target Host system.  These softwares  are related to entertainment, office, communications, web  such as media players, office suite, messenger, mail clients, web browsers and their related plugins. (Google Chrome sandbox was broken by iVizSecurity a few months ago)
  • Host-based firewall systems fail to protect due to the reason that the attack is not launched from outside or adjacent hosts
  • Antivirus systems fail to proactively protect APT attack from occurring. We have noticed new ways of bypassing AVs have been popping up after another; some of them are due to flaws in AV software core engine; some are unable to detect specially packed or modified malware agents.

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...