Advanced Penetration Testing

http://www.securityweek.com/top-reasons-pay-attention-dark-web

Top Reason To Pay Attention To The Dark Web

Tim Layton offers a great perspective regarding content in the Deep Web or as he refers to it “Dark Web”

His inside information breaks down what a new user can expect once Tor is open and simple searches are done throughout the special Firefox browser.

There are good reasons for taking advantage of Dark Web intelligence but we should also explore the challenges of collecting it says Layton but also he offers the other side of the story due to kegal and unknown reasons why not to surf in the dark web.

It looks like I may be confused about what’s expected this week…

Reading: Metasploit Unleashed – MSF Extended Usage and Metasploit GUIs. This weeks’ reading introduced us to a broad range of tools and techniques for working with and extending the Metaploit Framework to conduct and improve penetration testing during pre-exploitation, exploitation, and post-exploitation activities.  I am particularly intrigued by the exploit presented where msfvenom is used to create an EXE file, which when inadvertently run by a user, compromises their Apple computer’s OS X and takes over the camera for unexpected picture taking of the user.

Question for the Class: Which language is Mimikatz using to communicate with the user in the screen and on the command line?

In The News:  “Export Treaty to Get Rewrite in Win for Security Industry”, by Phil Muncaster, Feb. 4, 2016. Good news for white hats this week after US Department of Commerce stepped back from a rule agreed to in the Wassenaar Arrangement among 41 countries to prevent export of dual-use technologies to criminal organizations and repressive regimes.  The Government will now seek public comment on a revised draft rule pertaining to a controversial clause in a weapons export pact which threatens to severely limit the use of legitimate security testing tools for finding software flaws.

http://www.infosecurity-magazine.com/news/export-treaty-get-rewrite-win/

Advanced Penetration Testing -Week-4

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5212.001_2/1/2016
Date: Monday, February 1, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/4b3bfa0cea6740deb3b8621777fa42841d

          Description:

http://www.technewsworld.com/story/83023.html

I found this article very interesting because new technology cellphones will be able to contain unbreakable encryption or will include the ability to be unlocked by their manufactures or OS provided according to Jim Cooper, California State Assemblyman.

The bill would help to fight human traffickers, who use smartphones as tools and for other security and technical reasons.

Thank you,

Roberto Nogueda.

Reading Summary:

The MSF Console is the most popular interface to the Metasploit Framework (MSF). The console provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF.  The console allows one to look thru plenty of payload options, exploits, and auxiliary scanners. Scanners can act as port scanners, vulnerability scanners, and more. The Metasploit Framework must a rapidly evolve as new exploits arise with all the new technologies evolving.  Metasploit extended usage includes various capabilities, such as PHP metepreter, Autopwn, Karmetasploit, backdooring exe files, and targeting Mac OS X that provide tools for pen testerts.

In the News:

DDoS Attack Slams HSBC
http://www.databreachtoday.com/ddos-attack-slams-hsbc-a-8835?rf=2016-02-01-edbt&mkt_tok=3RkMMJWWfF9wsRonuarNcO%2FhmjTEU5z16e8pXa%2B%2FlMI%2F0ER3fOvrPUfGjI4ATsJrN6%2BTFAwTG5toziV8R7DALc16wtwQWRLl

Reading: MSF Post Exploitation, Meterpreter Scripting, Maintaining Access  This week’s reading covered a broad array of penetration testing techniques, tools, and capabilities available within the Metasploit Framework that can be directly used and extended to support identifying opportunities and implementing advanced persistent threats within individual computers and IT networks. The readings covered post exploitation techniques for escalating user privileges, maintaining access, and hiding a breach and exploitation related activities.

Question for Class: Can you explain what more is going on beyond the “screengrab” command in Metasploit Unleashed’s section on “Screen Capture in Metasploit”?

In The News: “Oil and Gas Industry Increasingly Hit by Cyber-Security Attacks: Report”, The Tripwire 2016 Energy Survey: Oil and Gas study compiled questionnaire responses from 150 IT professionals in the energy, utilities, and oil and gas industries.  69% of respondents were not confident in their organizations cyber-attack detection abilities. 82% of oil and gas industry respondents identified “an increase in successful cyber-attacks over the past 12 months. 53% indicated that cyber-attack rates have increased 50-100% over the past month (the study was conducted in November 2015.) 72% of respondents indicated that a single executive was responsible for securing both the IT and SCADA/ICS environments of their organizations.

http://www.tripwire.com/company/research/tripwire-2016-energy-survey-oil-and-gas/

http://www.securityweek.com/oil-and-gas-industry-increasingly-hit-cyber-attacks-report

Reading Summary:

The reading focused on the functionality of the msf console. The console allows one to look thru plenty of payload options, exploits, and auxiliary scanners. Scanners can act as port scanners, vulnerability scanners, and more. Programs like mimikatz or the updated kiwi can dump passwords in clear text on Windows machines. The hashdump or run hashdump command can dump LM:NT hashes from memory from Windows machines. One can perform pass the hash attacks through a variety of exploits available. Programs such as karametapsloit is Karma within the metasploit framework which allows attackers to create fake access points, capture passwords, collect data, and perform browser attacks. Also within msf console, one can pivot to other machines that the first compromised machine has access to. Activating the database allows Metasploit to record all information that is collected about target machines in the recon phase of the pen test.

In the News:

Cloud, cyber policy documents trickle out of DoD
http://www.armytimes.com/story/military-tech/cyber/2016/01/29/cloud-cyber-policy-documents-trickle-out-dod/79518898/

Readings: MSF Extended Usage and Metasploit GUIs

In addition to general features of Metasploitable environment, MSF extended allows to go beyond of standard and include powerful tools such as Karmetasploit, Mimikatz and others that can be customized as well. Moreover, GUI versions such as Armitage or Community edition of Metasploitable allow to simply execute codes by clicking mouse buttons.

Questions to the Class: 

Since MAC OS X is based on Unix core, how deep can it be exploited with Metasploitable tools?

In the News:

Danske bank fixes several vulnerabilities that could allow hackers to get into bank accounts – See more at: http://www.ehackingnews.com/2015/10/danske-bank-fixes-several.html#sthash.eGxqbDJG.dpuf

Assigned readings:

Metasploit extended usage includes various capabilities, such as Mimikatz, a user friendly metepreter script composed of various tasks that attackers will want to perform on the initial exploitation phase. There are also various capabilities such as PHP Meterpreter, backdooring exe files, karametasploit, and payloads through MSSQL. Another area that Metasploit unleashed allows is MSF community edition and Armitage. The MSF community edition and Armitage allow scanning, exploitation, and post exploitation.

In the news:
“New Smart Gun Technology Uses Fingerprint Recognition to Childproof Firearms”

The Identilock is a trigger lock device that uses fingerprint recognition to childproof a firearm that starts at $319. It is roughly the size of a man’s palm and fits over the trigger of pistols. It recognizes up to nine different fingerprints, from either different fingers or people, on a square window about twice the size of the biometric sensor on most smartphones. Smart gun technology has been around in some form or another since the late 1990s. Models use fingerprint recognition or a transmitter device within a watch, bracelet or ring to unlock the trigger mechanisms in a gun. The Identilock also comes with a key as a failsafe. And the battery on the lock lasts for 180 days on one charge.

Click here to read more about this article.

The reading this week went through a number of additional modules and uses of metasploit. I thought it was fun to read some of the more random ones like the OSX camera exploit that takes a picture from the camera and the ability to see the mines in mine sweeper using mimkatz. The part about creating your own module was a lot for me to take in, slightly beyond my skill set at this time. The GUI section was a walkthrough of both the community version and the version found in Kali, Armitage.

http://www.zdnet.com/article/google-chrome-gets-ready-to-mark-all-http-sites-as-bad/

Google is preparing to show an icon on all non HTTPS websites in an effort to promote more webmasters to upgrade their websites to a more secure status. The big draw of an HTTPS website is that the connection is encrypted, making any data on the website more secure. I think this is a good initiative. It’s not harming a user’s ability to visit and use an HTTP website but it is responsibly communicating important information to website viewers so that they can make an informed decision about their browsing.