Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Miracle on Thirty-Hack Street (ethicalhacker.net)

Submitted by ddonzal
ddonzal writes: Hack Facebook, decrypt secret files, do recon on Santa's personal web site... all in an effort to keep Kris Kringle out of the insane asylum. That is just a taste of what awaits you in the latest edition of the Skillz H@ck1ng Challenge at The Ethical Hacker Network. Although numerous challenges are published throughout the year, it has become a tradition for noted security expert, Ed Skoudis, to pen an Annual Xmas Challenge. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. This year, Ed is joined by Kevin Johnson to present a challenge based on the classic 1947 movie. Autographed copies of Ed's book, Counter Hack Reloaded, will be awarded to three winners: the best technical answer, the best creative answer that is technically correct, and a random draw winner from anyone who happens to send in, well, pretty much anything in association with the challenge. Even if you can't answer all of the questions, send us what you've got to try for that random draw slot. All entries are due by January 11, 2010.
http://www.ethicalhacker.net/content/view/285/2/
Networking

Submission + - Ethical Hacker's Review of Nmap Network Scanning (ethicalhacker.net)

Submitted by ddonzal
ddonzal writes: Once again, my company had acquired some new networks for us to take over, and of course, the documentation was from 3 years ago. As part of our due diligence, I had to quickly and accurately figure out everything on the network. How did I accomplish this? With a network mapping utility; and the de facto standard in this area is Nmap! Nmap by Gordon Lyon AKA Fyodor not only saves you time, but, if you really know how to unleash it's power, it can be your friend for network audit's, discovering new devices, and even part of the network reconnaissance phase of a Pen Test. Another cool use I just learned from the Fyodor /. Interview was that the Chinese use it to scan for open proxies to bypass the Great Firewall of China. With that kind of flexibility, it is clearly the right tool for this job and many others. But what's the quickest way to get that power working in my favor? The obvious choice would be an in-depth tome from the author himself, but, after over 10 years in use around the globe, such a book didn't exist. But after seeing Fyodor's talk at Defcon 16 in August of 2008 and seeing an actual pre-release copy of his forthcoming book, I couldn't wait to get my hands on it. Fast forward to January of 2009 when Fyodor sent me a review copy of what is one of the most well written reference books I have had the chance to use to date. Before you even get to chapter one, you get a comprehensive table of contents followed by a list of tables and examples. Every book should do this! It's also important to note that this book is filled with out-of-the-box command line examples that should be in any pen tester's toolkit. Chapter 1 starts out with a quick intro to Nmap, as well as a history to help the reader understand why and how it has evolved to where it is today. Fyodor gives the reader some insight on the legal issues of using Nmap (don't scan the White House for example) and using Nmap responsibly. He shows us where they used Nmap in the Matrix (without his permission) and tells us where Nmap is going (ndiff, network topology mapping, etc.). Fyodor also does a good job at clearly defining his writing style, with bits of humor and robust organization, a trend which continues throughout the book. Chapter 2 goes on to explain all of the options for installing, compiling and removing Nmap, and some tricks to keep things current. Also provided are suggestions on how to get the latest version with the newest features that may not be in the "stable" release. Once you dive into Chapter 3, you start to learn about one of the primary functions of Nmap: Host Discovery. This was my main area of previous experience with Nmap. As Fyodor explains the more common options, he also gives good examples of when and why to use each option, something you won't find in the man pages. For example, doing a ping scan with Nmap is pretty simple: Nmap -sP -T4 www.yournetwork.com I use these ping scans, followed by a port scan whenever I have a new network assigned to me. Fyodor also explains to us in Chapter 3 how to do SYN and ACK pings (-PS -PA options) as well as ARP scans (-PR). He also explains when to use all the available options and their effect on your network. Chapter 4 continues your discovery process with port scanning. Fyodor's most important point in this chapter is how to use custom port lists to change the default behavior of Nmap during port scanning. As mentioned in his talk at Defcon 16, custom port lists can drastically increase the speed of your scans. For example, before I hit a new site I may want to know if they are running any web or smtp services. I would run the following command: Nmap -PN -p80 ,443,25 — -max-rtt-timeout 200 -initial-rtt-timeout 150 172.16.10.0/23 This will not only scan these ports but also reduce the timeout dramatically, so we only need to wait 3 minutes for our scan to complete. I would also replace the 176.16.10.0 with the target network range. I could also define a set of custom ports that I may want to scan. Very handy tips for the busy network administrator. Chapter 5 shows, and more importantly explains, all of the advanced scans available with Nmap. Most of these are based off sending raw IP packets, which requires not only root access but a detailed understanding of how they work to prevent any unintended effects on the target network. There is also a robust explanation of the algorithms behind these scans and what has and hasn't worked in the past. For example, if I wanted to figure out what machines may be in my target network with open ports that don't respond to pings, I might use a TCP SYN scan, using the -sS option, or a connect scan, using the -sT, or finally a UDP scan -sU. We also learn that you can create your own custom Scan types with — - scanflags parameter. You can even set everything: — -scanflags URGACKPSHRSTSYNFIN or a subset of all available scans. In Chapter 6, Fyodor gives some excellent strategies on how to enhance the performance of your port scan, which can save you precious time during scans of larger networks. We learn not to run multiple instances of Nmap at once, as well as some strategies for planning out large scans. He also goes over the -T (T0-T5, T5 being the most aggressive) options, called timing templates. This can be beneficial when scanning large ranges, because you can reduce the default timeout and other key timing settings like delay and rate. For full review: http://www.ethicalhacker.net/content/view/244/2/
Security

Submission + - Podcast: Understanding Heap Overflow Exploits (ethicalhacker.net)

Submitted by ddonzal
ddonzal writes: Jack Koziol of Shellcoder's Handbook fame spoke on heap overflow exploitation and shares the slide deck and full MP3 file. As defined by Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area. Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination. A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed." So what does all that mean and how do you do it? Find out in Jack's talk on "the most common type of heap overflow exploits for Linux and Windows. He will briefly explain how dynamically allocated memory works, its interaction with the heap memory structure, and how a normal heap operates. Jack will then demonstrate how heap overflows occur, and how they can be exploited on Linux, Windows 2000 and Windows XP SP2 with Data Execution Prevention (DEP) enabled. Expect to laugh, cry, and be entertained!" http://www.ethicalhacker.net/content/view/243/2/
Security

Submission + - Video: Modern Social Engineering (ethicalhacker.net)

Submitted by ddonzal
ddonzal writes: World-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, prepare you for the future of pen testing in a live webcast. For those of you who couldn't attend the live event, here's the slide deck & streaming video of the webcast in its entirety. The webcast took place on March 10, 2009 and was described as, "The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war? To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense." http://www.ethicalhacker.net/content/view/242/2/
Security

Submission + - Podcast: The Renaissance of Human Exploitation (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "MP3 & Slide Deck of Mike Murray's provocative talk at ChicagoCon last fall on Social Engineering. It almost makes it seem like its not our fault we get duped & hacked. We're just made that way! "Information security has seen some major changes in the paradigms of attackers through the past 15 years. From the early days of social engineering, through the golden age of server hacking, and to the present times where the human is once again the target, we have seen significant changes in the way that attackers exploit targets. Mike Murray, Former Director of Neohapsis Labs and social engineering expert, will detail those changes and provide a detailed understanding of the types of skills that are being used to exploit human targets today, as well as examples of strategies that you can take to defend against skilled social engineers." http://www.ethicalhacker.net/content/view/239/24/"
Security

Submission + - Video: The 15-Minute Network Pen Test Part 2 (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "Ryan Linn, a regular Columnist for The Ethical Hacker Network and a SANS Mentor, continues to bring his expertise into the hands of beginners. This is the only video series that actually shows how professional pen testers AKA ethical hackers do their job. Part 1 covered Nmap, Nessus & Metasploit. Part 2 continues with Metasploit's Meterpreter, password cracking with Ophcrack and Windows command line tips for creating and manipulating user accounts. http://www.ethicalhacker.net/content/view/238/24/"
Security

Submission + - ChicagoCon in May Teaches Human Hacking to Corpora (prweb.com)

Submitted by ddonzal
ddonzal writes: Gartner reported in 2004 that the greatest security risk over the next 10 years will be the increasingly sophisticated use of Social Engineering (SE) to bypass IT security defenses. Most have seen the proliferation of SE attacks especially when it comes to phishing and its many variants. And with many high profile cases like Paris Hilton's cell phone, Sarah Palin's email account, Madoff's ponzi scheme and the campaigns of both Obama and McCain being compromised, the predictions are proving to be correct. This leads security professionals into a new world of attacks against which many are not prepared to defend. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense. There currently is no training that tightly integrates computer security with SE... until now. So in addition to the highly technical content for which ChicagoCon is known, this bi-annual security event is introducing a completely original and relevant 5-Day course, the Social Engineering Master Class, developed and taught by world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray. Donald C. Donzal, Editor-in-Chief of The Ethical Hacker Network, said, "Social Engineering has been around for all of human existence and most everyone acknowledges its effectiveness. But no one has taken strides to teach the existing InfoSec community on the hows and whys of incorporating electronically-assisted social engineering attacks into auditing their own organizations much less bolstering their User Awareness Training. With the expertise of Nickerson and Murray at ChicagoCon, corporate security postures will be way ahead of the curve for a true business advantage." http://www.prweb.com/releases/chicagocon/2009s/prweb2226704.htm
Security

Submission + - DIY Career in Ethical Hacking: The R-Rated Version (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "New version of the popular infosec career talk by Ethical Hacker Network's Editor-in-Chief is slightly longer, has new stories & the free resources section is much longer. The ChicagoCon 2008f audience was different allowing him to let loose. As stated in the talk, it's in the script to drop the 'F' Bomb. Full MP3 & slide deck freely available! http://www.ethicalhacker.net/content/view/236/24/"
Security

Submission + - Video: The 15-Minute Network Pen Test Part 2 (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "This is the only video series that actually shows how professional pen testers AKA ethical hackers do their job. Part 1 covered Nmap, Nessus & Metasploit. Part 2 continues with Metasploit's Meterpreter, password cracking with Ophcrack and Windows command line tips for creating and manipulating user accounts. http://www.ethicalhacker.net/content/view/238/24/"
Security

Submission + - Live Webcast: Modern Social Engineering (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "Join world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. The live webcast will be Tuesday March 10, 2009 at 11:00 CST is your primer to the world of "Modern Social Engineering." This will also be made available free to the public soon after the live event. http://www.ethicalhacker.net/content/view/235/2/"
Security

Submission + - Video:Client-Sides, Social Eng & Metasploit, O (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "It's obvious that the bad guys are moving away from network level attacks and moving toward social engineering coupled with tools like Metasploit. So, here's a little client-side exploitation for your viewing pleasure from Chris Gates, EH-Net Columnist. Chris will also be at ChicagoCon 2009s May 8 — 9 presenting an extended version of this article and video. http://www.ethicalhacker.net/content/view/219/24/"
Books

Submission + - Daemon - A Contest Revealed (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "Daemon, A Novel has been universally praised by the hacker community and recently hit the NY Times Bestseller List for Hardcover Fiction. With the official blessing of author, Daniel Suarez, The Ethical Hacker Network hosted a crypto and programming contest that is fun and educational while at the same time spreading the word of this truly unique book. In addition to announcing the winners, we posted complete tutorials using all free tools and sample code. Enjoy & Learn! http://www.ethicalhacker.net/content/view/225/8/"
Security

Submission + - Plug-N-Play Network Hacking (ethicalhacker.net)

Submitted by
ddonzal
ddonzal writes: "Universal Plug-N-Play (UPnP) is a protocol that allows network devices to auto-configure themselves. Allowing legitimate programs to alter your router settings as they need makes Joe User's life much easier — unfortunately, it also makes Joe Hacker's life easier, too. In order for UPnP to be truly "plug-n-play", there is no authentication built into the protocol; any program can use UPnP to alter a router's (or other UPnP device's) settings. This article by will address some of the security issues related to UPnP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPnP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPnP as well, and they may be vulnerable to similar attacks. http://www.ethicalhacker.net/content/view/220/24/"

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close