Monthly Archives: January 2016

Week 4 Takeaways

Assigned readings:

Metasploit extended usage includes various capabilities, such as Mimikatz, a user friendly metepreter script composed of various tasks that attackers will want to perform on the initial exploitation phase. There are also various capabilities such as PHP Meterpreter, backdooring exe files, karametasploit, and payloads through MSSQL. Another area that Metasploit unleashed allows is MSF community edition and Armitage. The MSF community edition and Armitage allow scanning, exploitation, and post exploitation.

In the news:
“New Smart Gun Technology Uses Fingerprint Recognition to Childproof Firearms”

The Identilock is a trigger lock device that uses fingerprint recognition to childproof a firearm that starts at $319. It is roughly the size of a man’s palm and fits over the trigger of pistols. It recognizes up to nine different fingerprints, from either different fingers or people, on a square window about twice the size of the biometric sensor on most smartphones. Smart gun technology has been around in some form or another since the late 1990s. Models use fingerprint recognition or a transmitter device within a watch, bracelet or ring to unlock the trigger mechanisms in a gun. The Identilock also comes with a key as a failsafe. And the battery on the lock lasts for 180 days on one charge.

Click here to read more about this article.

Week 4 Reading

The reading this week went through a number of additional modules and uses of metasploit. I thought it was fun to read some of the more random ones like the OSX camera exploit that takes a picture from the camera and the ability to see the mines in mine sweeper using mimkatz. The part about creating your own module was a lot for me to take in, slightly beyond my skill set at this time. The GUI section was a walkthrough of both the community version and the version found in Kali, Armitage.

http://www.zdnet.com/article/google-chrome-gets-ready-to-mark-all-http-sites-as-bad/

Google is preparing to show an icon on all non HTTPS websites in an effort to promote more webmasters to upgrade their websites to a more secure status. The big draw of an HTTPS website is that the connection is encrypted, making any data on the website more secure. I think this is a good initiative. It’s not harming a user’s ability to visit and use an HTTP website but it is responsibly communicating important information to website viewers so that they can make an informed decision about their browsing.

Week 4 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features an additional array of commercial grade exploits & an extensive exploit development environment for following additional cyber security activities: recon, MSF extended usage (Karmetasploit [for beginning wireless attacks], MSF vs OS X [Mac HW camera exploit & info gathering via photos]), and Metasploit GUI environment (Armitage GUI front-end to the Metasploit Framework [simplified GUI for MSF vs MSF terminal interface]), etc.

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: Regarding the additional Metasploit GUI vs MSF terminal interface, which user interface do you think would be more widely used?

*Answer: My answer… Maybe for Metasploit beginners, the MSF GUI would be much more used. How about your answer…?

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Companies look beyond firewalls in cyber battle with hackers (as reported by Reuters 1/26/2016)…

“With firewalls no longer seen as enough of a defense against security breaches, companies are looking at new tools to foil hackers trying to enter a computer network.  U.S. and Israeli startups are leading the way, with new approaches such as ‘honeytraps’ that lure a hacker to fake data or ‘polymorphic’ deception technology that constantly changes the structure of applications running on a computer”…

www.reuters.com/article/us-israel-tech-cyber-idUSKCN0V422D

*NOTE: In order to continue to avoid detection by advanced systems, MSFvenon with “Shikata Ga Nai” encoder (creates unique obfuscated payloads) from within Metasploit Framework could be employed too.

Week 3 Summary and in the News

Summary: Metasploit Framework (MSF) provides all the necessary tools to exploit a system.  The tool provides of over 900 different exploits for several operating systems.  Metasploit also checks for the susceptibility of the of the targeted system.  You can then configure the appropriate payload to be launched on the target system then choose the encoding technique which will evade intrusion  preventions systems.  Finally, you then execute the exploit to gain access to the target system.

In the News: http://www.databreachtoday.com/more-phishing-attacks-target-ukraine-energy-sector-a-8822

The Ukrainian energy sector continues to be targeted by spear-phishing emails, security experts warn. But it’s not clear if the latest phishing campaign ties to last month’s power blackout in parts of the Ukraine, which officials have blamed on a “hacker attack

 

Week 3 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features an additional array of commercial grade exploits & an extensive exploit development environment for following cyber security activities: recon, MSF post exploitation, Meterpreter scripting (additional scripts added to MSF for exploiting a target), maintaining access (“once you have gained access to one system, you can gain access to systems that share the same subnet… then pivoting from one system to another, one can gain information about users activities by monitoring their keystrokes, and impersonating users”), etc.

  1. Question to classmates (facilitates discussion) from assigned reading…

Question: After securing & maintaining access to victim’s PCs , what would be some preferred ways to continue gathering more info using Meterpreter?

*Answer: How about key-logging (keystroke logger script with Meterpreter)…, and what would others use here to gather more info?

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Will Cyber Security Companies shift their Headquarters out of US?

http://www.ehackingnews.com/2015/05/will-cyber-security-companies-shift.html

The U.S. Bureau of Industry & Security (BIS), involving national security & high technology commerce, is proposing to classify cyber security tools (Metasploit Pro, etc) as weapons of War in an attempt to control the distribution. If it becomes law, then other nation-states would take advantage of this cyber security restriction on security researchers and companies in the U.S.

*NOTE: Reported by eHackingNews back on 5/27/2015.

**NOTE: After I just checked the Federal Register web site on 1/21/2016 for latest info on “Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items”, it appears this proposal has not become law in USA so far…

https://federalregister.gov/a/2015-11642

Week 2-3 Reading Summary, Question for Class and In the News.

Metasploit-Unleashed Reading Summary:

The Metasploit Framework is a kaleidoscope of information security exploit kits, which encompasses numerous security exploits ready to be launchpad on a variety of architectures and environments.  Moreover, Metasploit is viewed as the one of the most useful open source auditing tools freely available to security professionals today. It has different commercial grade exploits and an extensive exploit development environment.  Not to mention that the passive reconnaissance network tools that can be used for information gathering and web vulnerability plugins, Also, Metasploit serves as a base for developing and automating new discovery techniques and attack methods, thus further compromising the CIA triad.

 

Question for Class:

With such powerful open source security tool kits available on the market today, how can one protect themselves from becoming the next cyber attack statistic?

 

In the News:

Linux kernel zero-day flaw puts ‘tens of millions’ of PCs, servers and Android devices at risk; main perception for this flaw appear to have stemmed a memory leak in the “Linux Keyring Facility”, which manages key security data encryption details and encryption keys.

For further information, please see news article though the below link:

http://www.v3.co.uk/v3-uk/news/2442582/linux-kernal-zero-day-flaw-puts-tens-of-millions-of-pcs-servers-and-android-devices-at-risk