«
Expand/Collapse
50 items tagged "penetration testers"
Related tags:
web [+],
mantra [+],
source [+],
Tools [+],
owasp [+],
beta [+],
security [+],
darknet [+],
tool [+],
testers [+],
johnny long [+],
information [+],
google [+],
xssscanner [+],
web server [+],
timing [+],
side [+],
shodan [+],
shellscript [+],
sebastian schinzel [+],
root compromise [+],
ransack [+],
post [+],
payloads [+],
payload [+],
networked environments [+],
michael schearer [+],
database [+],
chaos communication congress [+],
channel [+],
black hat [+],
wendel [+],
video [+],
usa [+],
trustwave [+],
steve ocepek [+],
sql [+],
social [+],
script [+],
ruby [+],
response headers [+],
response [+],
python script [+],
proxy [+],
pan track [+],
oracle [+],
network traffic analysis [+],
guide [+],
google hacking [+],
g. henrique [+],
europe [+],
engineering [+],
dnschef [+],
dns [+],
authentication [+],
audio [+],
arachni [+],
application network [+],
agent [+],
Pentesting [+],
xss [+],
web application security [+],
vulnerability evaluation [+],
vulnerability [+],
virtualization [+],
toolkit [+],
test [+],
target host [+],
sqlninja [+],
software user [+],
social engineer [+],
slides [+],
sim [+],
sheer folly [+],
shalom carmel tags [+],
set [+],
server [+],
security scanner [+],
security researchers [+],
security auditors [+],
sean coyne [+],
script kiddies [+],
scope [+],
ryan kazanciyan [+],
ron gula [+],
remote shell [+],
productivity tool [+],
productivity [+],
penetration test [+],
open ports [+],
network segmentation [+],
microsoft sql server [+],
metasploit [+],
mail accounts [+],
magictree [+],
injection [+],
ibm iseries [+],
ibm [+],
havij [+],
framework [+],
firewall logs [+],
engineer [+],
element set [+],
dynamic nature [+],
dril [+],
domain tool [+],
domain [+],
detecting [+],
detect [+],
david kennedy [+],
claudio criscione [+],
chris nickerson [+],
character transformations [+],
case [+],
browser [+],
boston [+],
bing api [+],
General [+],
ExploitsVulnerabilities [+],
penetration [+],
hacking [+],
read [+],
web application developers [+],
open source tools [+]
-
-
8:43
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.
-
8:43
»
Packet Storm Security Misc. Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.
-
-
16:09
»
Packet Storm Security Recent Files
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
16:09
»
Packet Storm Security Tools
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
16:09
»
Packet Storm Security Misc. Files
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
-
-
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
22:40
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
3:20
»
SecDocs
-
2:58
»
SecDocs
-
-
18:16
»
Packet Storm Security Recent Files
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
-
18:16
»
Packet Storm Security Misc. Files
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
-
-
6:22
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
6:22
»
Packet Storm Security Tools
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
6:22
»
Packet Storm Security Misc. Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
-
7:33
»
Packet Storm Security Recent Files
XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").
-
7:33
»
Packet Storm Security Tools
XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").
-
7:33
»
Packet Storm Security Misc. Files
XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").
-
-
5:11
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
5:11
»
Packet Storm Security Tools
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
5:11
»
Packet Storm Security Misc. Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
-
10:43
»
SecDocs
Authors:
Claudio Criscione Tags:
virtualization virtual machine Metasploit exploiting Event:
Black Hat USA 2010 Abstract: Virtualization systems are nowadays ubiquitus in enterprises of any size. Penetration testers and security auditors, however, often overlook virtualization infrastructures, simply looking at the virtual machines without any direct analysis of the underlying solution, not to mention those analyses simply marking virtual environments as "not-compliant". A different, new approach is required to assess such systems, defining new targets and new ways to get there. This talk will outline procedures and approaches, complete with tools and demos, to execute a penetration test or a design review on virtualization enviroments. Security experts eager to know more about these systems and sysops willing to protect their own fortress will find this talk interesting
-
-
6:02
»
Carnal0wnage
One of my favorite talks from this year's BlackHat DC was Ryan Kazanciyan's & Sean Coyne's "The Getaway" talk on data exfiltration.
whitepaper:
https://media.blackhat.com/bh-dc-11/Coyne/BlackHat_DC_2011_Coyne_Gateway-wp.pdfslides:
https://media.blackhat.com/bh-dc-11/Coyne/BlackHat_DC_2011_Coyne_Gateway-Slides.pdfEveryone should check out the slides and the whitepaper although the slides are better with the case studies and the diagrams. When you check out the slides I encourage you to think about your last pentest and:
1. could your pentest shop emulate an attacker of the level in the case studies.
2. did you or they try to scope the test in order to test things like this...aka do a Full Scope test.
3. if you aren't letting your pentesters go after your network like this how do you think YOUR network will hold up against someone that knows what they are doing?
If you ARE a pentester when was the last time you got the time and scope to do something on the order of these attacks and post exploitation activities from the case studies?
We are getting great at
catching our penetration testers (
video) but still horrible at catching bad guys. Rather than draining your corporate bank account to have some shop come in and help you clean up your mess and you've discovered someone stealing everything you own... 1. pick a Full Scope shop that can emulate advanced attackers and not just
script kiddies with a checkbook and 2. train like you fight, open the scope for your test, give your testers time to conduct a REAL test, and let your pentesters go after it like a real bad guy would.
Instead of making your testers "test' that same 500 hosts out of 10,000 hosts with no client-sides or user interaction allowed...ask, make, force, them to conduct an end-to-end test of the expensive black boxes you have sitting in the rack, your user education, your network segmentation, and your NOC/SOC's ability to test and respond to attacks. Better to find out you suck during your test instead of when someone is stealing everything that makes you money.
Train like you fight.
-
-
6:03
»
Carnal0wnage
Ben Tomhave has a good post over on his blog
http://www.secureconsulting.net/2010/10/there_is_no_win.htmlgo read it. its short...wont take long, I promise.
In part I agree, you are never going to "win" by keeping an attacker out. Like he puts in the post:
Traditionally we've held the mindset that we "win" if we stop the attackers. This mindset is sheer folly. To "win" in this scenario we need to successfully defend against 100% of attacks, whereas the attacker need only succeed once (probabilistically this works out to being far less than 100%).
Instead, we need to acknowledge the nature of our asymmetric threat and realize that there is no way to achieve "perfect" security and resist 100% of attacks. To think otherwise is willfully ignorant. Instead, we must accept a new status quo based on survivability. That is, despite successful attacks, we can consider ourselves victorious in conflict merely by surviving.
Protecting YOUR important data on the network is ultimately the goal of most network security. Keeping the attackers out is a silly goal. You are one adobe/flash/java/whatever 0day away from failing to keep attackers out and thus "losing".
Surviving a network attack is not the same as surviving a mortar attack on a
FOB where if I'm still breathing and have use of my limbs at the end of it i can call that a "win". In turn, its not a successful penetration test or attack if merely "get in" and pop a bunch of shells (see Chris Nickerson's
Top 5 Ways To Destroy A Company talk). Its a "win" when I steal what makes that company money, extract it without them knowing, then show it to them later for the "poop in the pants" moment. A report with a bunch of screenies of shells doesn't convey the same sense of "oh shit" that the first 100 entries of their key database does. In this case while the business may have thought they "survived" they in fact "lost".
We're getting really good at teaching our clients how to
catch penetration testers and their methodologies and conditioning them that this a "win" when in fact most times defenders fail to see and catch people with a modified methodology, non public tools, or "non-standard" goals.
-
-
21:01
»
Packet Storm Security Tools
UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.
-
21:01
»
Packet Storm Security Recent Files
UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.
-
-
6:05
»
SecDocs
Authors:
Wendel Guglielmetti Henrique Steve Ocepek Tags:
Oracle Event:
Black Hat EU 2010 Abstract: In a world of free, ever-present encryption libraries, many penetration testers still find a lot of great stuff on the wire. Database traffic is a common favorite, and with good reason: when the data includes PAN, Track, and CVV, it makes you stop and wonder why this stuff isn’t encrypted by default. However, despite this weakness, we still need someone to issue queries before we see the data. Or maybe not… after all, it’s just plaintext. Wendel G. Henrique and Steve Ocepek of Trustwave’s SpiderLabs division offer a closer look at the world’s most popular relational database: Oracle. Through a combination of downgrade attacks and session take-over exploits, this talk introduces a unique approach to database account hijacking. Using a new tool, thicknet, released at Black Hat Europe, the team will demonstrate how deadly injection attacks can be to database security.
-
6:05
»
SecDocs
Authors:
Wendel Guglielmetti Henrique Steve Ocepek Tags:
Oracle Event:
Black Hat EU 2010 Abstract: In a world of free, ever-present encryption libraries, many penetration testers still find a lot of great stuff on the wire. Database traffic is a common favorite, and with good reason: when the data includes PAN, Track, and CVV, it makes you stop and wonder why this stuff isn’t encrypted by default. However, despite this weakness, we still need someone to issue queries before we see the data. Or maybe not… after all, it’s just plaintext. Wendel G. Henrique and Steve Ocepek of Trustwave’s SpiderLabs division offer a closer look at the world’s most popular relational database: Oracle. Through a combination of downgrade attacks and session take-over exploits, this talk introduces a unique approach to database account hijacking. Using a new tool, thicknet, released at Black Hat Europe, the team will demonstrate how deadly injection attacks can be to database security.
-
-
3:41
»
SecDocs
Authors:
Ron Gula Tags:
network IDS Event:
Source Conference Boston 2010 Abstract: n this talk we will examine the problem of detecting authorized penetration testers from a variety of technical and political aspects. One on hand, we need to monitor and protect from many threats, but politically, we also don't want to have the pen test team make your security monitoring, your SIM or your NIDS look like a joke. Attendees will quickly realize that the tips and insights for making better use of firewall logs, netflow, systems logs and so on can and should be applied to monitoring for real bad guys as well.
-
-
16:00
»
Packet Storm Security Tools
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution