Advanced Penetration Testing

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5212.001_1/25/2016
Date: Monday, January 25, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/0df765bd1c444fedab34ef089214a6381d

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5212.001_1/11/2016
Date: Monday, January 11, 2016
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/385b018e34b7455bad920383da44245a1d

Description:

Advanced Penetration Testing -Week-2-3

Summary: Metasploit Framework (MSF) provides all the necessary tools to exploit a system.  The tool provides of over 900 different exploits for several operating systems.  Metasploit also checks for the susceptibility of the of the targeted system.  You can then configure the appropriate payload to be launched on the target system then choose the encoding technique which will evade intrusion  preventions systems.  Finally, you then execute the exploit to gain access to the target system.

In the News: http://www.databreachtoday.com/more-phishing-attacks-target-ukraine-energy-sector-a-8822

The Ukrainian energy sector continues to be targeted by spear-phishing emails, security experts warn. But it’s not clear if the latest phishing campaign ties to last month’s power blackout in parts of the Ukraine, which officials have blamed on a “hacker attack

http://www.infosecurity-magazine.com/opinions/why-security-professional-nosql/

“A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases.”

Readings Summary: 

After reading materials about Metasploit Fundamentals, Information Gathering, Vulnerability Scanning, Exploit Development, Web App Exploit Development, Client Side Attacks and Auxiliary Module Reference, MSF Post Exploitation, Meterpreter Scripting, and Maintaining Access, I concluded how powerful Metasploit Framework is given its customization capabilities and number of exploits in database. Moreover, I found that there is VM version of Metasploitable-2 machine that is designed to be Intentionally Vulnerable Metasploitable Lab Environment. In addition, NeXpose can be embedded into MSFConsole itself and ran from within MSF to perform advanced scans. Also, it is important to note that both attacking machine (Kali Linux) and a victim machine (metasploitable 2) must be setup in secured isolated VM environment to avoid exposure to internal network. While Metaspolit has its own prebuilt scripts, it is possible to write your own scripts with Meterpreter.

Questions to the Class:

1. When comparing NeXpose, Nessus and Metasploit, which tool is better in terms of Security Audit Reporting and scan capabilities?

2.  When installing NeXpose on KALI 2.0, received the installation failure reason below. Has anyone received the same error?

“[Fail] – An unsupported kernel version 4.0.0-kali1-amd64 was detected.”

In the News:

Azerbaijani Hackers have hacked NATO-Armenia and embassy websites in 40 countries giving a powerful reply to the Armenian hackers.

Read more here: https://www.hackread.com/azerbaijani-hackers-defac-nato-armenia-embassy-sites/

Hello Everyone,

I would like to share with you some useful information so that you guys will not need to deal with setup difficulties and diving into google search trying to find answers.

Basically, I experienced some issues when installing Alpha Wireless Card (AWUS036ACH) on KALI LINUX since it would not install automatically once plugged into USB port. Further, I discovered that certain drivers would need to be downloaded and installed manually using certain commands in Terminal. While you may have a different Alpha Card Model, you may still want to apply setup process below in case if you have any setup issues.

After complete research, testing and verification, I wrote a Step-By-Step setup instructions below to make life easier for all of us.

Setup procedure for installing drivers for Alfa Wireless Adapter:

Note: Adapter must be plugged into USB port only after installaing the drivers as outlined below.

Setup Steps:

1. Download driver here:

https://github.com/abperiasamy/rtl8812AU_8821AU_linux.

2. In KALI Linux, navigate to /etc/apt folder and edit sources.list with the following sources:

deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

3. Open Terminal and run commands below:

apt-get update
apt-get upgrade
apt-get install -y linux-headers-$(uname -r)

4. back into Terminal, extact the drivers and navigate to extraced driver’s folder

5. Run command below

make

6. After that completes type:

make install

7. Plug in the Alfa adapter to USB port and restart Kali

8. Open terminal and run IFCONFIG, where you should see WLAN0 adapter.
If no IP Address exists, navigate to System Settings Wireless Connection and connect Alfa Adapter to desired SSID……..now, IFCONFIG should show IP Address for WLAN0 adapter
— THE END —-