18194168
submission
ddonzal writes:
"Dissecting the Hack: The F0rb1dd3n Network, Revised Edition" by Jayson E. Street, Kent Nabors and Brian Baskin is not intended for the average reader of The Ethical Hacker Network, and this is what makes the book so intriguing. The forward specifically points out how hard it is to speak with management about security, and how lost they get. It even comes complete with an explanation of the "glazed over eyes." Talking with decision makers is a topic often overlooked, and something that needs to be explored and dissected. At the end of the day, no matter how great you think your idea is, if you don't get management buy-in, the idea dies and you are forced to re-bury your department's head back in the proverbial sand.
I would imagine that at this point most readers are affirmatively shaking their heads, because by and large most managers/executives know very little about information security. I personally have dealt with this on more than one occasion, painstakingly detailing the largest (most obvious) vulnerabilities and the most cost efficient way to mitigate these risks. After I finished (each time) I was met by the aforementioned blank stares and confused looks. I was thanked for my effort, no changes were made, and I eventually left frustrated and annoyed. My chances of getting through to these decision makers may have improved if "Dissecting the Hack" had been in my arsenal.
Use link below to see entire review:
18193886
submission
ddonzal writes:
What does the average security professional know about wireless technology, and wireless security in particular? Sure, it's easy to pwn WEP... but unfortunately, this is the extent of most people's knowledge. Many security testing firms even view wireless security as an "afterthought" or a separate practice entirely.
With the second edition of Hacking Exposed: Wireless, Johny Cache, Josh Wright, and Vinnie Liu aim to teach us all that there's a lot more to wireless security than WEP cracking. For those who follow the wireless world, the names of these three should be immediately familiar. Josh and Johny, in particular, have long been known as thought leaders in the wireless security space and have written or contributed to many of the tools and research used in the field. And with this fully revised and expanded edition of the book, these three great minds have come together, and the end product is an excellent book that covers some of the most cutting-edge technology while remaining very readable and down-to-earth. It's a book that deserves space on any hacker's bookshelf.
The book is arranged into three major sections. About two-thirds of the book is dedicated to 802.11 technology with sections dedicated to attacking both infrastructure and clients. The remaining third of the book is dedicated to three emerging wireless technologies, Bluetooth, ZigBee, and DECT.
Click link below to see entire review by Jon Janego
18191426
submission
ddonzal writes:
Happy Holidays, challenge fans! Ed Skoudis here, with this year's holiday hacking challenge. Have you ever seen the classic video "A Charlie Brown Christmas," and pondered why Charlie Brown is so "upset at the start of the video? Also, have you ever wondered why the rest of the Peanuts gang is so focused on the materialism of the Christmas season? Well, this year's hacking challenge answers these questions. In our tale, you'll discover that something happened before the start of the Charlie Brown Christmas video that put these characters into such a state. That something is what we like to call "The Nightmare Before Charlie Brown's Christmas." These challenges, which are an annual tradition here at EthicalHacker.net, are designed to help people develop their skills, show off their abilities, and have some fun. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. And who can forget last year's Miracle on Thirty-Hack Street. Read this challenge, answer the questions, and send your responses in by January 3, 2011. We'll choose three winners, each of whom will get an autographed copy of my Counter Hack Reloaded book. One prize will go to the best technical answer, another to the most creative answer that is technically correct, and the final prize is based on a random draw from every person who submits an answer. Even if you have no idea whatsoever for how to answer the questions, send in your best shot to be entered in the random draw. And now, without further adieu, the curtain rises on our story... http://www.ethicalhacker.net/content/view/344/2/
8073300
submission
ddonzal writes:
Hack Facebook, decrypt secret files, do recon on Santa's personal web site... all in an effort to keep Kris Kringle out of the insane asylum. That is just a taste of what awaits you in the latest edition of the Skillz H@ck1ng Challenge at The Ethical Hacker Network. Although numerous challenges are published throughout the year, it has become a tradition for noted security expert, Ed Skoudis, to pen an Annual Xmas Challenge. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. This year, Ed is joined by Kevin Johnson to present a challenge based on the classic 1947 movie. Autographed copies of Ed's book, Counter Hack Reloaded, will be awarded to three winners: the best technical answer, the best creative answer that is technically correct, and a random draw winner from anyone who happens to send in, well, pretty much anything in association with the challenge. Even if you can't answer all of the questions, send us what you've got to try for that random draw slot. All entries are due by January 11, 2010.
http://www.ethicalhacker.net/content/view/285/2/
4370911
submission
ddonzal writes:
Once again, my company had acquired some new networks for us to take over, and of course, the documentation was from 3 years ago. As part of our due diligence, I had to quickly and accurately figure out everything on the network. How did I accomplish this? With a network mapping utility; and the de facto standard in this area is Nmap! Nmap by Gordon Lyon AKA Fyodor not only saves you time, but, if you really know how to unleash it's power, it can be your friend for network audit's, discovering new devices, and even part of the network reconnaissance phase of a Pen Test. Another cool use I just learned from the Fyodor /. Interview was that the Chinese use it to scan for open proxies to bypass the Great Firewall of China. With that kind of flexibility, it is clearly the right tool for this job and many others. But what's the quickest way to get that power working in my favor?
The obvious choice would be an in-depth tome from the author himself, but, after over 10 years in use around the globe, such a book didn't exist. But after seeing Fyodor's talk at Defcon 16 in August of 2008 and seeing an actual pre-release copy of his forthcoming book, I couldn't wait to get my hands on it. Fast forward to January of 2009 when Fyodor sent me a review copy of what is one of the most well written reference books I have had the chance to use to date. Before you even get to chapter one, you get a comprehensive table of contents followed by a list of tables and examples. Every book should do this! It's also important to note that this book is filled with out-of-the-box command line examples that should be in any pen tester's toolkit.
Chapter 1 starts out with a quick intro to Nmap, as well as a history to help the reader understand why and how it has evolved to where it is today. Fyodor gives the reader some insight on the legal issues of using Nmap (don't scan the White House for example) and using Nmap responsibly. He shows us where they used Nmap in the Matrix (without his permission) and tells us where Nmap is going (ndiff, network topology mapping, etc.). Fyodor also does a good job at clearly defining his writing style, with bits of humor and robust organization, a trend which continues throughout the book.
Chapter 2 goes on to explain all of the options for installing, compiling and removing Nmap, and some tricks to keep things current. Also provided are suggestions on how to get the latest version with the newest features that may not be in the "stable" release.
Once you dive into Chapter 3, you start to learn about one of the primary functions of Nmap: Host Discovery. This was my main area of previous experience with Nmap. As Fyodor explains the more common options, he also gives good examples of when and why to use each option, something you won't find in the man pages. For example, doing a ping scan with Nmap is pretty simple:
Nmap -sP -T4 www.yournetwork.com
I use these ping scans, followed by a port scan whenever I have a new network assigned to me. Fyodor also explains to us in Chapter 3 how to do SYN and ACK pings (-PS -PA options) as well as ARP scans (-PR). He also explains when to use all the available options and their effect on your network.
Chapter 4 continues your discovery process with port scanning. Fyodor's most important point in this chapter is how to use custom port lists to change the default behavior of Nmap during port scanning. As mentioned in his talk at Defcon 16, custom port lists can drastically increase the speed of your scans. For example, before I hit a new site I may want to know if they are running any web or smtp services. I would run the following command:
Nmap -PN -p80 ,443,25 — -max-rtt-timeout 200 -initial-rtt-timeout 150 172.16.10.0/23
This will not only scan these ports but also reduce the timeout dramatically, so we only need to wait 3 minutes for our scan to complete. I would also replace the 176.16.10.0 with the target network range. I could also define a set of custom ports that I may want to scan. Very handy tips for the busy network administrator. Chapter 5 shows, and more importantly explains, all of the advanced scans available with Nmap. Most of these are based off sending raw IP packets, which requires not only root access but a detailed understanding of how they work to prevent any unintended effects on the target network. There is also a robust explanation of the algorithms behind these scans and what has and hasn't worked in the past. For example, if I wanted to figure out what machines may be in my target network with open ports that don't respond to pings, I might use a TCP SYN scan, using the -sS option, or a connect scan, using the -sT, or finally a UDP scan -sU. We also learn that you can create your own custom Scan types with — - scanflags parameter. You can even set everything: — -scanflags URGACKPSHRSTSYNFIN or a subset of all available scans.
In Chapter 6, Fyodor gives some excellent strategies on how to enhance the performance of your port scan, which can save you precious time during scans of larger networks. We learn not to run multiple instances of Nmap at once, as well as some strategies for planning out large scans. He also goes over the -T (T0-T5, T5 being the most aggressive) options, called timing templates. This can be beneficial when scanning large ranges, because you can reduce the default timeout and other key timing settings like delay and rate.
For full review: http://www.ethicalhacker.net/content/view/244/2/
4370115
submission
ddonzal writes:
Jack Koziol of Shellcoder's Handbook fame spoke on heap overflow exploitation and shares the slide deck and full MP3 file. As defined by Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area. Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination. A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed." So what does all that mean and how do you do it? Find out in Jack's talk on "the most common type of heap overflow exploits for Linux and Windows. He will briefly explain how dynamically allocated memory works, its interaction with the heap memory structure, and how a normal heap operates. Jack will then demonstrate how heap overflows occur, and how they can be exploited on Linux, Windows 2000 and Windows XP SP2 with Data Execution Prevention (DEP) enabled. Expect to laugh, cry, and be entertained!"
http://www.ethicalhacker.net/content/view/243/2/
4370077
submission
ddonzal writes:
World-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, prepare you for the future of pen testing in a live webcast. For those of you who couldn't attend the live event, here's the slide deck & streaming video of the webcast in its entirety. The webcast took place on March 10, 2009 and was described as, "The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war? To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense."
http://www.ethicalhacker.net/content/view/242/2/
4079827
submission
ddonzal writes:
Gartner reported in 2004 that the greatest security risk over the next 10 years will be the increasingly sophisticated use of Social Engineering (SE) to bypass IT security defenses. Most have seen the proliferation of SE attacks especially when it comes to phishing and its many variants. And with many high profile cases like Paris Hilton's cell phone, Sarah Palin's email account, Madoff's ponzi scheme and the campaigns of both Obama and McCain being compromised, the predictions are proving to be correct. This leads security professionals into a new world of attacks against which many are not prepared to defend. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense. There currently is no training that tightly integrates computer security with SE... until now. So in addition to the highly technical content for which ChicagoCon is known, this bi-annual security event is introducing a completely original and relevant 5-Day course, the Social Engineering Master Class, developed and taught by world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray. Donald C. Donzal, Editor-in-Chief of The Ethical Hacker Network, said, "Social Engineering has been around for all of human existence and most everyone acknowledges its effectiveness. But no one has taken strides to teach the existing InfoSec community on the hows and whys of incorporating electronically-assisted social engineering attacks into auditing their own organizations much less bolstering their User Awareness Training. With the expertise of Nickerson and Murray at ChicagoCon, corporate security postures will be way ahead of the curve for a true business advantage."
http://www.prweb.com/releases/chicagocon/2009s/prweb2226704.htm
