Advanced Penetration Testing

The reading for this week was a pretty comprehensive tutorial/manual for metasploit. I thought it was very good and organized rather well. I thought it was nice and simple, didn’t get too into the weeds. It was very good for people at our level of experience with the software. I’ve been pleasantly surprised so far by how straight forward metasploit is. A tool like this can seem intimidating but when it comes time to use it, it seems rather simple.

My question for the class: since some of us tried metasploit last semester for fun, were there any resources that you found beneficial?

Article: http://www.zdnet.com/article/teslacrypt-vulnerability-exposes-ransomed-files-to-free-cracking/

I thought this article was funny because it shows that sometimes the bad guys don’t execute very well and it leaves an embarrassing failure like this one behind. This ransomware can be decrypted without anyone needing to “pay up” for the stolen data.

Assigned readings:

Metasploit Unleashed allows various functions, such as the abilities to conduct MSF Post Exploitation,
Meterpreter Scripting, and Maintaining Access. MSF Post Exploitation allows the user to run privilege escalation, event log management, packet sniffing, pivoting, screen capture, searching for content, etc. For instance, Metasploit uses a script that allows the usage of different techniques to gain access of the System level privileges on the remote system. Meyerpreter Scripting allows the user to look for existing scripts as well as write custom scripts. Lastly, Maintaining Access is composed of keylogging, meterpreter backdoor, and persistent backdoor. Being able to maintain access is key to further examine the target network. Once access is gained into the system, allows you to pivot from one system to another, gain information about the users’ activities by monitoring keystrokes, impersonating users with captured tokens, etc.

Question for the class:

Have you ran any scripts as described in the above techniques before and if so, how successful were you gaining useful information?

In the news:

“Ukraine Mounts Investigation of Kiev Airport Cyberattack”
The cyberattack was related to the BlackEnergy malware attacks that recently targeted Ukranian infrastructure facilities which impacted more than 80,000 customers. This new attack involved a spearphishing email, decoy document, or both, and it was conducted by the Sandworm Team (a team that has been targeting various worldwide entities, such as NATO, EU, etc). Attacking the Kiev Airport was determined by the C2 servers which originated in Russia and disrupting air traffic control system.
For additional information regarding this article, please click here.

Reading: Metasploit-Unleashed: The Ultimate guide to the Metasploit Framework, Offensive Security

The Metasploit Framework is a stable platform for executing information security exploits providing a base for developing and automating new discovery techniques and attack methods for compromising the confidentiality, integrity, and availability of IT infrastructure. Coded in Ruby, Metasploit’s capabilities can be further extended with new components written in Ruby, assembly language and C.  IT network security professionals and researchers use Metasploit to conduct a wide variety of penetration tests and exploits. System administrators use it to very patch installations, and product vendors use it to perform regression testing.  The Metasploit Framework is a modular system that will enable us to learn how to combine exploits with payloads within the following workflow:

• Identify and understand the configuration and vulnerabilities of the target system including its operating system version and available network services
• Choosing an exploit to use in taking advantage of the target system through a bug/vulnerability in one of its components
• Choosing and configuring a delivery mechanism and payload code to execute on the target system
• Choosing the encoding technique to get by the IDS/IPS without detection
• Executing the exploit, accomplishing objectives and covering tracks

Question for Class:

While intended by founder H.D. Moore and corporate provider Rapid7 to be used by white hackers to support offensive information security workers, what are the ethical implications of making Metasploit’s capabilities equality available to criminals for nefarious purposes?

In The News: “Endpoint Exploitation Trends 2015, Bromium Labs Research Brief” January 14, 2016, Bromium.com.

In 2015: exploitation for hire came under public scrutiny with breach and exposure of techniques used by Hacking Team, malvertising – spread of malware through online advertising networks found in 27% of the top 1,000 internet advertising websites, and while overall vulnerabilities increased by 60% – those specifically targeting Adobe Flash increased by 333%. The number of exploit kits available with capabilities to bypass standard malware detection techniques also rose in 2015, as did the use of IPS evading malware containing Word documents in phishing emails, and the crypto-ransomware business.  http://www.bromium.com/sites/default/files/rpt-bromium-threat-report-2015-us-en.pdf

Assigned readings:

The Metasploit Unleashed (MSFU) is an open source penetration tool. This ethical training course also has the objective to provide security awareness for the underprivileged children in East Africa. The Metasploit framework is a very useful auditing tool with an array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. Examples of various tests that can be conducted once Metasploit has been properly installed include port scanning, hunting for MSSQL, service identification, password sniffing and SNMP sweeping. It also allows you to write your own scanner and windows patch enumeration.

Question for the class:

Have you used the Metasploit tool before? If so, what was experience and how successful were the outcomes each time you ran your scan?

In the news:
“Time Warner Cable says up to 320,000 customer’s data may have been stolen.”

The Federal Bureau of Investigation notified Time Warner Cable Inc. that up to 320,000 of its customers email password have been compromised. This was accomplished through a malware download during a phishing attack or through data breaches of other companies that stored Time Warner Cable’s customer information (i.e.: email addresses). The company encourages its customers to change the email password immediately to risk any similar future breaches.

For more information regarding this article, please click here.

Welcome.  Here is the first presentation.

Advanced Penetration Testing -Week-1

Welcome to Temple Fox MIS. This is your first post. Edit or delete it, then start blogging!