Posts

Showing posts from July, 2011

[Book-Review] BackTrack 4: Assuring Security by Penetration Testing

Image
BackTrack 4: Assuring Security by Penetration Testing
By Shakeel Ali, Tedi Heriyanto






_______________________________________________


Although experienced Pentesters may think it's yet another Tool-based teaching book, it's a must-read book for users of BackTrack. All in all, the written style is clear and concise. The authors have several years of experience in Penetration Testing and thus they clearly enlighten readers as to the whole pentesting methodology in accordance with the BackTrack Tools layout from starting Recon phase to ending Report Deliverables phases.  In some areas, they demonstrate the use of the updated version of tools that might have been outdated in BackTrack 4/its PwnSauce SVN.

As it's based on BackTrack4, some tools will not be included in BackTrack 5 or later. So, you better have BackTrack4 by side in order to practise the tools you haven't mastered.


Nmap Script - customize port rules

Image
Nmap scripts are tuned to check only the specific services they intend.
For example, ssl scripts (ssl-cert.nse, ssl-enum-ciphers.nse, sslv2.nse) are designed to check only for ssl-related services.

Here, if you didn't specify -V service/version detection option and your target service is not in default port,  your intended scripts wouldn't run on that port.

In times when you want to send less traffic and save time because you already know about your target info, you can fine-tune ./nselib/shortport.lua to add your own port rules.


Advanced Persistent Threats (APTs)

SomeReal-word Incidents:
http://blogs.rsa.com/rivner/anatomy-of-an-attack/

http://www.scmagazineus.com/ghostnet-spy-network-phishes-international-victims/article/129677
http://www.finextra.com/community/fullblog.aspx?id=3720

Nowadays'Challenge to Cyber Attackers: Network Perimeters are pretty tightenedDefense-in-Depth approach in each layer of Network Real time network monitoring, intrusion detection systems
What didCyber Attackers find out? Host-based or Endpoint protection systems usually fail to detect customized or unknown malwares  ; in other words, these systems can be tricked into thinking a malware as innocent ware by repeated trial-n-error testings of binary modification or other means like direct attack to these systems Due to basic security awareness trainings and past common outbreak of virus via unknown emails,  people are ready to skip to mails from unknown senders. Anti-spam security solutions have done a good job in filtering spam/j…