Nabble - Penetration Testing

RE: Different ways to portscan IPS

2009-12-04T10:48:18Z

From a microsoft OS command line, you could try something like this:
FOR /L %i IN (1,1,254) DO nc.exe 192.168.1.%i >> result.txt

If you need another octet, you can nest for loops something like:
FOR /L %n IN (1,1,254) DO FOR /L %i IN (1,1,254) DO nc.exe
192.168.%n.%i >> result.txt

Check the help file (FOR /?) for details.

(There is also a "for" command on *nix systems with different syntax.
Check the man pages.)

Jon Ward, CEPT, CISA
Vulnerability Testing Technical Lead
Syntel, Inc.
Jon_Ward@...

-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of AK
Sent: Tuesday, December 01, 2009 1:38 PM
To: Yiannis Koukouras
Cc: Vimal(tm); pen-test@...
Subject: Re: Different ways to portscan IPS

Can you please paste the code?
Cheers!

Yiannis Koukouras wrote:

> the use of the individual or entity to whom it is addressed and
> others authorized to receive it. It may contain confidential or
> legally privileged information. If you are not the intended
> recipient you are hereby notified that any disclosure, copying,
> distribution or taking any action in reliance on the contents of
> this information is strictly prohibited and may be unlawful.
>
> If you have received this communication in error, please notify the
> sender immediately by responding to this email and then delete it
> from your system.
>
>
>
> On Fri, Nov 20, 2009 at 1:02 PM, Vimal(tm) <avvimalkumar@...>

wrote:
>
>> What are the different ways of port scanning the target when an IPS
in placed.

>>
>> Some of the methods I used are:
>>
>> 1. Delay the scan prob (nmap --scan-delay)
>>
>> 2. Integrating the scanner with TOR
>>
>> Regards
>> Vimal
>>
>> web : http://www.maestro-sec.com
>>
>> ---------------------------------------------------------------------
>> --- This list is sponsored by: Information Assurance Certification
>> Review Board
>>
>> Prove to peers and potential employers without a doubt that you can

actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

>>
>> http://www.iacertification.org
>> ---------------------------------------------------------------------
>> ---
>>
>>
>>
>
> ----------------------------------------------------------------------
> -- This list is sponsored by: Information Assurance Certification
> Review Board
>
> Prove to peers and potential employers without a doubt that you can

actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ----------------------------------------------------------------------
> --
>
>
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

The Official Training Guide for New Superheroes

2009-12-02T07:23:44Z

Hi,

ISECOM was asked to give a seminar at CERN in Switzerland this
September showing how to measure the Attack Surface of any target and
what to do with that information. At the time, I was working on new
material for Hacker Highschool which used comic book superheroes to
explain security testing. So I used a superhero theme with this
presentation and focused on how you can use ISECOM research and the
OSSTMM 3 to be better than the average human at security.

The actual slides are more pictorial however may be difficult to
understand without narration (problem the Möbius Defense slides had).
These are the hand-out slides and are available now here:

http://www.isecom.org/events/The_Official_Training_Guide_for_New_Superheroes_CERN_2009.pdf

This presentation has since been refined a few more times and has been
very successful at explaining new security methods to non-security
people in management. So if it also helps you out, please let me know
as we're considering publishing a handbook version of this with more
detail.

Sincerely,
-pete.

--
Pete Herzog - Managing Director - pete@...
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Different ways to portscan IPS

2009-12-01T13:16:06Z

If your using nmap for your scanning, then you may be interested in this.

Fyodor did an excellent presentation on this at schmoocon 2006
http://insecure.org/presentations/Shmoo06

In the talk he touches on the logic and behavior behind IDS systems.

here are my after thoughts and notes after watching the video. Beware
unorganized mind thinking aloud here.

If you think about an IDS conceptually, it's really just a set of
rules, syntax and definitions in rules files, that it tries to match
against each incoming packet. If you
know what the rule syntax looks like, you can adjust your scan
parameters to avoid triggering the specific IDS rule.

This is (was?) particularly true for snort, but applies to many of the
more common IDS systems out
there, as many of the default timing checks and values are the same.

1. Limiting the packet rate to avoid triggering an IDS packet per second
threshold.
The default threshold is typically 15 packets per second. While this
is configurable with most IDS's most people leave these types of
defaults in place, and just don't change them.

You can use the --max-rate 14 parameter to specify the maximum packet rate.

2. Most IDS systems utilize a sliding window. The idea of sliding
windows is to keep track of the acknowledgments for each ID. However,
a scheme in which a sender send a single message (e.g. to multiple
receivers in a group) and then waits for all ACKs is to slow: a sender
should be able to send a number of messages and a separate thread
should receive ACKs, and resend messages with ACKs missing.

Many IDS systems also utilize a time out before the sliding window is
reset. Typically the default is 20 seconds.

I believe the trick here is to avoid too many ACKS too quickly.

We can use the following nmap parameter to avoid triggering an IDS
systems sliding window threshold.

--scan-delay 22

Don't forget about decoy's. These can be very useful during initial
test scans. Let's get someone else system filtered for the scan, not
our scan box. :)

Hope this helps.

whitehat237

On Tue, Dec 1, 2009 at 10:21 AM, Benjamin Brown <optikali@...> wrote:

> You might want to look into using a networked printer that has not
> been properly secured (which is often).
>
>
>
>>
>> On Mon, Nov 30, 2009 at 2:16 PM, Yiannis Koukouras <ikoukouras@...> wrote:
>>>
>>> Hi,
>>>
>>> Scripting netcat to do a connect only scan worked for my team.
>>>
>>> You can use time delays in your script as well ;)
>>>
>>> Ioannis (Yiannis) Koukouras
>>> CISSP, CISA, CISM
>>> MSc in Computer Systems Security
>>> BEng in Electronic Engineering
>>> http://www.linkedin.com/in/ikoukouras
>>> ---
>>> The information contained in this communication is intended solely
>>> for the use of the individual or entity to whom it is addressed
>>> and others authorized to receive it. It may contain confidential
>>> or legally privileged information. If you are not the intended
>>> recipient you are hereby notified that any disclosure, copying,
>>> distribution or taking any action in reliance on the contents of
>>> this information is strictly prohibited and may be unlawful.
>>>
>>> If you have received this communication in error, please notify the
>>> sender immediately by responding to this email and then delete
>>> it from your system.
>>>
>>>
>>>
>>> On Fri, Nov 20, 2009 at 1:02 PM, Vimal™ <avvimalkumar@...> wrote:
>>> > What are the different ways of port scanning the target when an IPS in placed.
>>> >
>>> > Some of the methods I used are:
>>> >
>>> > 1. Delay the scan prob (nmap --scan-delay)
>>> >
>>> > 2. Integrating the scanner with TOR
>>> >
>>> > Regards
>>> > Vimal
>>> >
>>> > web : http://www.maestro-sec.com
>>> >
>>> > ------------------------------------------------------------------------
>>> > This list is sponsored by: Information Assurance Certification Review Board
>>> >
>>> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>> >
>>> > http://www.iacertification.org
>>> > ------------------------------------------------------------------------
>>> >
>>> >
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Information Assurance Certification Review Board
>>>
>>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>>
>>> http://www.iacertification.org
>>> ------------------------------------------------------------------------
>>>
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Different ways to portscan IPS

2009-12-01T11:37:47Z

Can you please paste the code?
Cheers!

Yiannis Koukouras wrote:

> Hi,
>
> Scripting netcat to do a connect only scan worked for my team.
>
> You can use time delays in your script as well ;)
>
> Ioannis (Yiannis) Koukouras
> CISSP, CISA, CISM
> MSc in Computer Systems Security
> BEng in Electronic Engineering
> http://www.linkedin.com/in/ikoukouras
> ---
> The information contained in this communication is intended solely
> for the use of the individual or entity to whom it is addressed
> and others authorized to receive it. It may contain confidential
> or legally privileged information. If you are not the intended
> recipient you are hereby notified that any disclosure, copying,
> distribution or taking any action in reliance on the contents of
> this information is strictly prohibited and may be unlawful.
>
> If you have received this communication in error, please notify the
> sender immediately by responding to this email and then delete
> it from your system.
>
>
>
> On Fri, Nov 20, 2009 at 1:02 PM, Vimal™ <avvimalkumar@...> wrote:
>
>> What are the different ways of port scanning the target when an IPS in placed.
>>
>> Some of the methods I used are:
>>
>> 1. Delay the scan prob (nmap --scan-delay)
>>
>> 2. Integrating the scanner with TOR
>>
>> Regards
>> Vimal
>>
>> web : http://www.maestro-sec.com
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>>
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
>

Re: out of box scanner

2009-12-01T11:24:45Z

John Bennett wrote:

> I'm currently evaluating some commercial scanners and wanted to get a
> feel for others experiences with appscan/cenzic/webinspect. Any
> gotcha's with any of these products and can anybody recommend one over
> the other?
>
> thanks,
> John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require
> a full practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>

John,

You might want to take a look at the WASC list here:

http://projects.webappsec.org/Web-Application-Security-Scanner-List

The thread is still under discussion on the webappsec mailing list.

_nathan

--
_______________________________________________________________________
Nathan Grandbois, CISSP ngrandbois@...
Security Analyst (614) 351-1237 x 212
PGP Key Available by Request
MicroSolved is security expertise you can trust!

HoneyPoint Security Server
Attackers get stung, instead of you!
http://www.microsolved.com/honeypoint

smime.p7s (4K) Download Attachment

Re: Different ways to portscan IPS

2009-12-01T10:21:51Z

You might want to look into using a networked printer that has not
been properly secured (which is often).

>
> On Mon, Nov 30, 2009 at 2:16 PM, Yiannis Koukouras <ikoukouras@...> wrote:
>>
>> Hi,
>>
>> Scripting netcat to do a connect only scan worked for my team.
>>
>> You can use time delays in your script as well ;)
>>
>> Ioannis (Yiannis) Koukouras
>> CISSP, CISA, CISM
>> MSc in Computer Systems Security
>> BEng in Electronic Engineering
>> http://www.linkedin.com/in/ikoukouras
>> ---
>> The information contained in this communication is intended solely
>> for the use of the individual or entity to whom it is addressed
>> and others authorized to receive it. It may contain confidential
>> or legally privileged information. If you are not the intended
>> recipient you are hereby notified that any disclosure, copying,
>> distribution or taking any action in reliance on the contents of
>> this information is strictly prohibited and may be unlawful.
>>
>> If you have received this communication in error, please notify the
>> sender immediately by responding to this email and then delete
>> it from your system.
>>
>>
>>
>> On Fri, Nov 20, 2009 at 1:02 PM, Vimal™ <avvimalkumar@...> wrote:
>> > What are the different ways of port scanning the target when an IPS in placed.
>> >
>> > Some of the methods I used are:
>> >
>> > 1. Delay the scan prob (nmap --scan-delay)
>> >
>> > 2. Integrating the scanner with TOR
>> >
>> > Regards
>> > Vimal
>> >
>> > web : http://www.maestro-sec.com
>> >
>> > ------------------------------------------------------------------------
>> > This list is sponsored by: Information Assurance Certification Review Board
>> >
>> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>> >
>> > http://www.iacertification.org
>> > ------------------------------------------------------------------------
>> >
>> >
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>

winAUTOPWN 2.0 - Introducing winAUTOPWN GUI - Now you can sleep

2009-11-30T18:35:44Z

Hello

Since you've decided to create a GUI for your program, I've decided to
make an installer.

Written with NSIS, this encapsulates all that is included in your
latest (2.1) release.

Installer: http://www.mediafire.com/?3mz1nmviyvl

Best Regards,

Chip D. Panarchy

PS: If you'd like me to include installers for Python, Perl & PHP just
ask. Alternatively I can put in a check for them, and if
not-installed, download and install the latest.

On Fri, Nov 6, 2009 at 9:56 AM, Chip Panarchy <forumanarchy@...> wrote:

> Thanks Quaker, I tried with WinRAR and it all worked fine.
>
> The reason I tried with PeaZIP is because of what was mentioned within
> the PASS.txt file.
>
> Should be useful, keep up the great work.
>
> Thanks,
>
> Panarchy
>
> On Thu, Nov 5, 2009 at 3:57 PM, QUAKER DOOMER <quakerdoomer@...> wrote:
>> Its a peazip error. Nothing to do with the way its packed. Check your password.. looks reversed Could be a peazip
>> feature though..
>> Try Winrar. Works for me.
>>
>>
>>
>> Quoting "Chip Panarchy" <forumanarchy@...>:
>>> Thanks for the release.
>>>
>>> I've downloaded it, and am trying to extract it. Wouldn't extract with
>>> IZArc, so tried with PeaZIP portable.
>>>
>>> Here is the error I'm getting: http://i33.tinypic.com/199yk8.jpg
>>>
>>> Please help.
>>>
>>> Thanks in advance,
>>>
>>> Panarchy
>>>
>>> On Wed, Nov 4, 2009 at 5:05 AM, QUAKER DOOMER
>>> <quakerdoomer@...> wrote:
>>> > Dear all,
>>> >
>>> > After a long break and a lot of Unpolished SITA releases of the
>>> previous version, I am finally releasing
>>> > winAUTOPWN version 2.0
>>> >
>>> > winAUTOPWN or WINDOWS AUTOPWN version 2.0 now has a GUI
>>> (winAUTOPWN_GUI.exe) to initiate the main
>>> > console winAUTOPWN.exe
>>> > winAUTOPWN now supports all console arguments which can also be fed
>>> interactively.
>>> > This version covers almost all remote exploits from 2009 start
>>> uptill October 2009. Though a few are still missing
>>> > but they will be added shortly.
>>> >
>>> > Daily/Weekly Snapshot/Beta Releases of winAUTOPWN are always
>>> available for download from WINAUTOPWN
>>> > website
>>> >
>>> >
>>> > DOWNLOAD LINK : http://089dc64a.seriousfiles.com
>>> >
>>> > Enjoy the Release.
>>> >
>>> >
>>> > The Latest available release now is winAUTOPWN version 2.0
>>> >
>>> > Coded by : Azim Poonawala (QUAKERDOOMER)
>>> >
>>> > winAUTOPWN available at http://winautopwn.co.nr
>>> >
>>> > Author's website : http://solidmecca.co.nr
>>> >
>>> > winAUTOPWN is updated almost daily. Check the Download page for
>>> weekly snapshots.
>>> >
>>> > Latest Release can always be downloaded from :
>>> >
>>> > http://winautopwn.co.nr
>>> >
>>> > "winAUTOPWN - WINDOWS AUTOPWN (For The True HyperSomniac
>>> H-a-c-k-e-r-z-
>>> > z-z-z-Z-Z)"
>>> >
>>> > Regards,
>>> > QUAKERDOOMER
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------
>>> > This list is sponsored by: Information Assurance Certification
>>> Review Board
>>> >
>>> > Prove to peers and potential employers without a doubt that you can
>>> actually do a proper penetration test. IACRB CPT and CEPT certs require a
>>> full practical examination in order to become certified.
>>> >
>>> > http://www.iacertification.org
>>> >
>>> ------------------------------------------------------------------------
>>> >
>>> >
>>
>>
>

Re: out of box scanner

2009-11-30T14:33:16Z

Hi John
only through personal
experience and not to be taken as fact, acutetix may be a good bet for
commercial use. The ones you mentioned may have problems with permutating
the parameter values for complex scenarios which is of great importance
most of the time. Examples may be provided over private e-mailing if you
wish. In any case, try w3af if only testing matters.

Regards

> I'm currently evaluating some commercial
scanners and wanted to get a
> feel for others experiences with
appscan/cenzic/webinspect. Any
> gotcha's with any of these
products and can anybody recommend one over
> the other?
>

> thanks,
> John
>
>
------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification
Review
> Board
>
> Prove to peers and potential
employers without a doubt that you can
> actually do a proper
penetration test. IACRB CPT and CEPT certs require a
> full
practical examination in order to become certified.
>
>
http://www.iacertification.org
>
------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: out of box scanner

2009-11-30T12:55:36Z

I completely agree with Aleph - Burp is the way to go if you are
looking for the best of breed, but for the zero-to-report type
scanner, please see the aforementioned list.

--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com

On Mon, Nov 30, 2009 at 3:51 PM, Aleph One <al3ph.one@...> wrote:

>
> If you are looking for only scanners, then may be above scanners are in the right league. You can happily ignore the further part of this post.
> If you are looking for best web application tool involving manual and automated techniques, Burp rules the web app pen testing today. Webscarab,paros and most of the others had many limitations that were overcame by this tool and is still improving.
> You should verify it with other people or pen testers through your first/second degree network to get a direct feedback.
> These scanners are alright if you have to scan and throw away reports just for the heck of scanning or doin git for the clients who do not know what is pen testing beyong vulnerabilitiy assessment.. In order to find out issues technically, such as SQL Injection or say CSRF , these tools may not do so off the track at some parameters that may be outside the scope of the way scanner is coded. It will just use those filters/checks specfically built inside unlike a manual technique combined with some automated techniques.
> I am not at all related with burp or any of the guys associated with tool. Hope my suggestion is taken as neutral.
>
> On Mon, Nov 30, 2009 at 2:33 PM, Rob Fuller <jd.mubix@...> wrote:
>>
>> I would highly suggest taking a look at the scanner list here:
>> http://webappsec.pbworks.com/Web-Application-Security-Scanner-List
>>
>> Seems to be the most comprehensive list... (at least that I've seen)
>>
>> --
>> Rob Fuller | Mubix
>> Room362.com | Hak5.org | TheAcademyPro.com
>>
>>
>> On Mon, Nov 30, 2009 at 4:24 AM, Onur YILMAZ <contact@...> wrote:
>> >
>> > You can try Netsparker;
>> >
>> > http://www.mavitunasecurity.com
>> >
>> > -----Original Message-----
>> > From: listbounce@... [mailto:listbounce@...] On
>> > Behalf Of John Bennett
>> > Sent: Wednesday, November 25, 2009 6:16 PM
>> > To: pen-test@...
>> > Subject: out of box scanner
>> >
>> > I'm currently evaluating some commercial scanners and wanted to get a
>> > feel for others experiences with appscan/cenzic/webinspect. Any
>> > gotcha's with any of these products and can anybody recommend one over
>> > the other?
>> >
>> > thanks,
>> > John
>> >
>> > ------------------------------------------------------------------------
>> > This list is sponsored by: Information Assurance Certification Review Board
>> >
>> > Prove to peers and potential employers without a doubt that you can actually
>> > do a proper penetration test. IACRB CPT and CEPT certs require a full
>> > practical examination in order to become certified.
>> >
>> > http://www.iacertification.org
>> > ------------------------------------------------------------------------
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------
>> > This list is sponsored by: Information Assurance Certification Review Board
>> >
>> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>> >
>> > http://www.iacertification.org
>> > ------------------------------------------------------------------------
>> >
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>
>
>
> --
> 4E 6F 6C 69 67 68 74 61 74 74 68 65 65 6E 64 6F 66 74 75 6E 6E 65 6C 79 65 74 21

Re: Different ways to portscan IPS

2009-11-30T11:16:37Z

Hi,

Scripting netcat to do a connect only scan worked for my team.

You can use time delays in your script as well ;)

Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---
The information contained in this communication is intended solely
for the use of the individual or entity to whom it is addressed
and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended
recipient you are hereby notified that any disclosure, copying,
distribution or taking any action in reliance on the contents of
this information is strictly prohibited and may be unlawful.

If you have received this communication in error, please notify the
sender immediately by responding to this email and then delete
it from your system.

On Fri, Nov 20, 2009 at 1:02 PM, Vimal™ <avvimalkumar@...> wrote:

> What are the different ways of port scanning the target when an IPS in placed.
>
> Some of the methods I used are:
>
> 1. Delay the scan prob (nmap --scan-delay)
>
> 2. Integrating the scanner with TOR
>
> Regards
> Vimal
>
> web : http://www.maestro-sec.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

Re: out of box scanner

2009-11-30T06:37:14Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yeah...I do not think it will help to send a link to a website which is
only offering a BETA product and you need to join a mailing list to even
get word/download link for the product. I signed up 2 weeks ago and
haven't heard back yet. From the website it states "Filling out this
form does not guarantee that you will get a beta."

So, unless they send word more quickly about the product, I wouldn't
waste your time filling out the form.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center

Onur YILMAZ wrote:

> You can try Netsparker;
>
> http://www.mavitunasecurity.com
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On
> Behalf Of John Bennett
> Sent: Wednesday, November 25, 2009 6:16 PM
> To: pen-test@...
> Subject: out of box scanner
>
> I'm currently evaluating some commercial scanners and wanted to get a
> feel for others experiences with appscan/cenzic/webinspect. Any
> gotcha's with any of these products and can anybody recommend one over
> the other?
>
> thanks,
> John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksT2JgACgkQnvIkv6fg9hYRYgCfe8gmUBmq3Xbd+XsKaBjscHvv
DZsAoI7NC1ynsoR4fCr8+8jAWc84HxHQ
=Labq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: out of box scanner

2009-11-30T06:33:36Z

I would highly suggest taking a look at the scanner list here:
http://webappsec.pbworks.com/Web-Application-Security-Scanner-List

Seems to be the most comprehensive list... (at least that I've seen)

--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com

On Mon, Nov 30, 2009 at 4:24 AM, Onur YILMAZ <contact@...> wrote:

>
> You can try Netsparker;
>
> http://www.mavitunasecurity.com
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On
> Behalf Of John Bennett
> Sent: Wednesday, November 25, 2009 6:16 PM
> To: pen-test@...
> Subject: out of box scanner
>
> I'm currently evaluating some commercial scanners and wanted to get a
> feel for others experiences with appscan/cenzic/webinspect. Any
> gotcha's with any of these products and can anybody recommend one over
> the other?
>
> thanks,
> John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>

RE: out of box scanner

2009-11-30T01:24:05Z

You can try Netsparker;

http://www.mavitunasecurity.com

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of John Bennett
Sent: Wednesday, November 25, 2009 6:16 PM
To: pen-test@...
Subject: out of box scanner

I'm currently evaluating some commercial scanners and wanted to get a
feel for others experiences with appscan/cenzic/webinspect. Any
gotcha's with any of these products and can anybody recommend one over
the other?

thanks,
John

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Windows Internationalization?

2009-11-29T21:07:51Z

Hi,

I am not to sure you will be allowed for this approach. But Microsoft
Windows is shipped with support for various languages. One can always
customize the UI depending on individual preferences. You can read
more on Multilingual User Interface (MUI) at

http://en.wikipedia.org/wiki/Multilingual_User_Interface

However your question can only be answered once you use check the
support for MUI in action.

Cheers!
--
Taufiq Ali
Security Analyst
Network Intelligence (India) Pvt. Ltd.
http://www.niiconsulting.com/products/iso_toolkit.html

2009/11/19 Jon Kibler <Jon.Kibler@...>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I have been approached about doing a pen test job that would involve a target
> organization whose native character set is not ASCII. So, I have a few questions
> and would appreciate some pointers to help me decide if I really want this
> assignment.
>
> Questions that immediately come to mind are:
> 1) On a Windows system that uses a non-ASCII character set (Chinese, Arabic,
> Russian, etc.), how does that effect Windows?
> -- Are registry key names still ASCII? Key values still ASCII?
> -- Are Windows directories still ASCII?
> -- Are Windows file names still ASCII? English language file names?
> -- Are there any differences in how internationalization works between
> Windows versions, such as W2K3 and XP/Vista?
> -- Are standard user names such as "administrator" and "guest" still ASCII,
> or have they been internationalized, too?
> -- Are file extensions (.exe .bat .ini, etc.) still ASCII or have they been
> internationalized?
> -- Are INI file contents ASCII or internationalized?
> -- Any changes to the SAM file? (Will pwdump still work against it?)
> I guess the bottom line is, what gets changed and what is left in ASCII on an
> internationalized Windows box?
>
> 2) Are there any tools that have been customized for use with non-ASCII
> character sets, such as non-ASCII nikto databases?
>
> 3) What are the issues that I should be aware of when pen testing an
> internationalized target? I would be working with a native speaker of the
> language who is a sys admin, but not a security expert. (Unfortunately, I would
> not get to speak to them until after I agree to the assignment!)
>
> Most of the stuff I find when googling the subject gives links to old pages that
> really do not give much specific information.
>
> Thoughts, comments, suggestions?
>
> Thanks in advance for any/all help!
>
> Jon
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> s: JonRKibler
> e: Jon.Kibler@...
> e: Jon.R.Kibler@...
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAksEYHMACgkQUVxQRc85QlMmUACfeaUvnSiYJBTG4cJ0jSnDKHkd
> zNkAn3SxetV7AV1z4uN/FzD89oaeNo24
> =XVHd
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>

--
Cheers!
___ __ ___
(_ _) /__\ / __)
) ( /(__)\ \__ \
(__)(__)(__)(__/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Tools Update - last week of november 2009

2009-11-29T02:33:29Z

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

We also announce 3 new features :

- Vulnerability Dashboard is fully integrated the OSVDB API. Now with each
CVE comes the available OSVDB entry(ies).

- Vulnerability Dashboard is now linking to SAINT Corporation Exploits.
When available, the CVE displays with CVSS, CPE, CAPEC, CWE, OVAL, OSVDB
and SaintExploit ID.

- ToolsWatch Process (6 categories : Vulnerability Scanner & Management,
Penetration testing & Ethical Hacking, IDS, Code Auditing, Application
Scanner) is now mapped with to the appropriate standard or regulation as
well as PCI DSS, GLBA, HIPAA, ISO 27001/27002, SOX, and FISMA

New articles
--------------------------

** Eclipse HTTP Client (HTTP4e) v2.0 available **
by Tools Tracker Team
- 28 November 2009

Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and
RESTful calls. Build with user experience in mind, it simplifies the
developer/QA job of testing Web Services, REST, JSON and HTTP. It is a
useful tool for your daily job of HTTP header tampering and hacking.

Features:

Making/Replaying an HTTP call directly from Eclipse IDE

Visual Editor Panels for headers, parameters and http packet body

Tabbed browsing (allowing replaying different RESTful, HTTP calls on
separate (...)

->
http://www.security-database.com/toolswatch/Eclipse-HTTP-Client-HTTP4e-v2.html

** History of Hacking - Part 1 **
by Tools Tracker Team
- 28 November 2009

Every culture has its beginning somewhere, Computer hacking is no
exception. The History of Hacking video series is a 5 part documentary
which runs down memory lane and presents important figures, facts and
personalities of the Hacking culture. In History of Hacking Part 1, we will
look at Phone Phreaking and John Draper a.k.a Captain Crunch and try and
understand the string of events which molded the Phone Phreaking culture.

Those of you who have not heard of John, he is the guy who (...)

->
http://www.security-database.com/toolswatch/History-of-Hacking-Part-1.html

** Security Acts Magazine Issue 1 released **
by Tools Tracker Team
- 27 November 2009

Security Acts is the challenge of producing a high-quality magazine for
profes- sionals in IT Security, which is made by and issued for the people
involved in IT Security. This online magazine is free of charge and will
finance itself through adverts.

In this 1st issue

AJAX makes applications more difficult to secure by Manu Cohen

AJAX is the new hot technology concerning web applications. It allows the
client to do much more than before and have a much better user experience.

An (...)

->
http://www.security-database.com/toolswatch/Security-Acts-Magazine-Issue-1.html

** vmap v0.7 released - identifying remotely daemons **
by ToolsTracker
- 26 November 2009

vmap lets you remotely ident the version of a daemon. It currently works
for ftp, smtp, pop3, imap and http.

Version 0.7

Code cleanup

Fixed lots of bugs

Added support for nmap and amap logs

Added a "make install" (public dir is /usr/local/share/vmap)

Got rid of that damn rn-stuff, now every line ends just with n

How does it work?

Every daemon has it's own reply on commands. For example, the HELP command
sends different replies on different FTP daemons.

This can be (...)

->
http://www.security-database.com/toolswatch/vmap-v0-7-released-identifying.html

** Slitaz Aircrack-ng Distribution v20091117 released **
by ToolsTracker
- 26 November 2009

The Slitaz Aircrack-ng Distribution is the base Slitaz cooking
version plus the latest Aircrack-ng SVN version, wireless drivers patched
for injection and other related tools. The custom distribution is
especially tuned for the Acer Aspire One netbooks but will work well on
virtually all desktops, notebooks and netbooks.

Version November 17/2009

Updated aircrack-ng suite to 1.0 final including sqlite airolib-ng support

Updated all Slitaz packages as of November 16/2009. This is Slitaz (...)

->
http://www.security-database.com/toolswatch/Slitaz-Aircrack-ng-Distribution,885.html

** log2timeline v0.40 released **
by ToolsTracker
- 26 November 2009

log2timeline is a framework for artifact timeline creation and analysis.
The main purpose is to provide a single tool to parse various log files and
artifacts found on suspect systems (and supporting systems, such as network
equipment) and produce a body file that can be used to create a timeline,
using tools such as mactime from TSK, for forensic investigators.

Version 0.40

[CFTL output] Fixed few bugs in the cftl.pm output module, didn't work in
the current CFTL version without these (...)

->
http://www.security-database.com/toolswatch/log2timeline-v0-40-released.html

** Websecurify v0.4 released **
by ToolsTracker
- 26 November 2009

Websecurify Security Testing Framework identifies web security
vulnerabilities by using advanced browser automation, discovery and fuzzing
technologies. The framework is written in JavaScript and successfully
executes in numerous platforms including modern browsers with support for
HTML5, xulrunner, xpcshell, Java, V8 and others.

What's New in Websecurify

better, more responsive UI

support for Workspaces

nicer looking tasks

netter reporting with ability to export to various formats (...)

->
http://www.security-database.com/toolswatch/Websecurify-v0-4-released.html

** SAINT v7.2.1 released **
by ToolsTracker
- 26 November 2009

SAINT is the Security Administrators Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINTs data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

-> http://www.security-database.com/toolswatch/SAINT-v7-2-1-released.html

** Graudit v1.4 released **
by ToolsTracker
- 25 November 2009

Graudit is a simple script and signature sets that allows you to find
potential security flaws in source code using the GNU utility grep. It's
comparable to other static analysis applications like RATS, SWAAT and
flaw-finder while keeping the technical requirements to a minimum and being
very flexible.

Version 1.4

New and improved signatures

Graceful detection of grep version graudit /path/to/scan

The following options are available:

-h prints a short help text

-v prints version number (...)

-> http://www.security-database.com/toolswatch/Graudit-v1-4-released.html

** (updated) SHODAN - Computer Search Engine released **
by Tools Tracker Team
- 25 November 2009

SHODAN lets you find servers/ routers/ etc. by using the simple search bar
up above. Most of the data in the index covers web servers at the moment,
but there is some data on FTP, Telnet and SSH services as well.

I've just looked upon the new search engine. My first impression was :
Holy s.., it could find a lot of buggy servers, websites, devices and so
on.

But when playing again with google dorks (GHDB), it happens to look (hope
i'm not mistaken), that Shodan is a kind of GUI for (...)

->
http://www.security-database.com/toolswatch/SHODAN-Computer-Search-Engine.html

** Acunetix WVS Version 6.5 build 20091124 released **
by Tools Tracker Team
- 24 November 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing

An updated build for Acunetix WVS Version 6.5 has been released with a
number of improvements, bug fixes, and most important of all, a good number
of (...)

->
http://www.security-database.com/toolswatch/Acunetix-WVS-Version-6-5-build,879.html

** Focus on Pangolin SQL Injection Tool **
by Tools Tracker Team
- 24 November 2009

Pangolin is an automatic SQL injection penetration testing tool developed
by NOSEC. Its goal is to detect and take advantage of SQL injection
vulnerabilities on web applications.

Once it detects one or more SQL injections on the target host, the user
can choose among a variety of options to perform an extensive back-end
database management system fingerprint, retrieve DBMS session user and
database, enumerate users, password hashes, privileges, databases, dump
entire or user's specific (...)

->
http://www.security-database.com/toolswatch/Focus-on-Pangolin-SQL-Injection.html

** OSSEC v2.3 BETA available **
by Tools Tracker Team
- 24 November 2009

OSSEC is a scalable, multi-platform, open source Host-based Intrusion
Detection System (HIDS). It has a powerful correlation and analysis engine,
integrating log analysis, file integrity checking, Windows registry
monitoring, centralized policy enforcement, rootkit detection, real-time
alerting and active respons

New features - v2.3

Added support for the Nginx web server.

Added support for Suhosin (Hardened PHP).

Added support for real time integrity monitoring on Windows systems

Added (...)

->
http://www.security-database.com/toolswatch/OSSEC-v2-3-BETA-available.html

** Nmap 5.10BETA1 released **
by Tools Tracker Team
- 24 November 2009

Nmap ("Network Mapper") is a free open source utility for network
exploration or security auditing. It was designed to rapidly scan large
networks, although it works fine against single hosts. Nmap uses raw IP
packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other (...)

->
http://www.security-database.com/toolswatch/Nmap-5-10BETA1-released.html

** Security-Database integrates OSVDB **
by Tools Tracker Team
- 23 November 2009

Security-Database provides a continuous IT vulnerability XML feed based on
open security standards for classification, scoring, enumeration and
exploitation. It also provides a well maintained repository for latest
security and auditing tools and utilities.

We are happy (again) to announce that we have fully integrated the OSVDB
API with our Vulnerability Crosslinker Engine.

Now with each CVE comes its appropriate OSVDB entry.

Here is an example. For this MS09-68 Microsoft bulletin, you (...)

->
http://www.security-database.com/toolswatch/Security-Database-integrates-OSVDB.html

** RISK IT Framework and Practitioner Guide published **
by Tools Tracker Team
- 23 November 2009

The Risk IT Framework fills the gap between generic risk management
frameworks and detailed (primarily security-related) IT risk management
frameworks. It provides an end-to-end, comprehensive view of all risks
related to the use of IT and a similarly thorough treatment of risk
management, from the tone and culture at the top, to operational issues. In
summary, the framework will enable enterprises to understand and manage all
significant IT risk types, building upon the existing risk (...)

->
http://www.security-database.com/toolswatch/RISK-IT-Framework-and-Practitioner.html

** "Compliance Mandates" feature added to ToolsWatch Process **
by Tools Tracker Team
- 22 November 2009

ToolsWatch Process is a free service started by Security-Database in Sept
2006. ToolsWatch is tracking hundreds of software and utilities divided
into different categories.

We are happy to announce that we've just implemented a new feature called
"Compliance Mandatory". In fact, we took as basis for our work the
excellent reference SANS WhatWorks.

Now along with a category, we provide a mapping to the appropriate
standard or regulation as well as PCI DSS, GLBA, HIPAA, ISO 27001/27002,
SOX, (...)

->
http://www.security-database.com/toolswatch/Compliance-Mandates-feature-added.html

** NetworkMiner updated to v0.91 **
by Tools Tracker Team
- 22 November 2009

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows.
NetworkMiner can be used as a passive network sniffer/packet capturing tool
in order to detect operating systems, sessions, hostnames, open ports etc.
without putting any traffic on the network.

NetworkMiner can also parse PCAP files for off-line analysis and to
regenerate/reassemble transmitted files and certificates from PCAP files.

The purpose of NetworkMiner is to collect data (such as forensic evidence)
about (...)

->
http://www.security-database.com/toolswatch/NetworkMiner-updated-to-v0-91.html

** ISO 31000:2009 risk management standard released **
by Tools Tracker Team
- 22 November 2009

ISO 31000:2009 provides principles and generic guidelines on risk
management.

ISO 31000:2009 can be used by any public, private or community enterprise,
association, group or individual. Therefore, ISO 31000:2009 is not specific
to any industry or sector.

ISO 31000:2009 can be applied throughout the life of an organization, and
to a wide range of activities, including strategies and decisions,
operations, processes, functions, projects, products, services and assets.

ISO 31000:2009 can be (...)

->
http://www.security-database.com/toolswatch/ISO-31000-2009-risk-management.html

** Process Hacker v1.7 released **
by ToolsTracker
- 21 November 2009

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Version 1.7

NEW/IMPROVED

#2873973 - "Columns window improvements"

New settings system - settings can now be saved anywhere

Decreased memory and CPU usage

Process Hacker probably runs on Windows 2000 now

FIXED

#2880368 - "Highlight Option (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-7-released.html

** Hyena v8.0 32-bit & 64-bit released **
by ToolsTracker
- 21 November 2009

Hyena is a tool for day-to-day administration of Windows NT and Windows
XP/2000/2003 systems. Now Windows 7 too.

Hyena brings together all of the administrative tools from Windows NT such
as User Manager, Server Manager, and File Manager/Explorer, and many of the
MMC components from Windows 2000/2003 into a single, easy-to-use,
centralized program. Hyena arranges all system objects, such as users,
servers, and groups, in a hierarchical tree for easy and logical system
administration. (...)

->
http://www.security-database.com/toolswatch/Hyena-v8-32-bit-64-bit-released.html

New news items
--------------------------

* Security-Database integrates OSVDB *
- 23 November 2009

We are happy (again) to announce that we have fully integrated the OSVDB
API with our Vulnerability Crosslinker Engine.

Now with each CVE comes its appropriate OSVDB entry.

Here is an example. For this MS09-68 Microsoft bulletin, you have very
nice information:

CVE

CVSS v2.0

CWE

CAPEC (...)

->
http://www.security-database.com/toolswatch/+Security-Database-integrates-OSVDB+.html

* Mapping Tools with Standards and Regulations feature added *
- 22 November 2009

We are happy to announce that we've just implemented a new feature called
"Compliance Mandatory". In fact, we took as basis for our work the
excellent reference SANS WhatWorks.

Now along with a category, we provide a mapping to the appropriate
standard or regulation as well as PCI DSS, GLBA, (...)

->
http://www.security-database.com/toolswatch/+Mapping-Tools-with-Standards-and+.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolWatch Leader
Security-Database
Argentina

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Different ways to portscan IPS

2009-11-28T21:29:11Z

On Nov 20, 2009, at 6:02 AM, Vimal™ wrote:

> What are the different ways of port scanning the target when an IPS in placed.
>
> Some of the methods I used are:
>
> 1. Delay the scan prob (nmap --scan-delay)
>
> 2. Integrating the scanner with TOR

A couple of things to think about. Look at what normal SYNs look like, and try and emmulate them. Look at what bad SYNs look like, and don't look like those. I posted this a while back: http://danielmiessler.com/study/synpackets/ which shows that there are differences in traffic created by regular applications and traffic created by security tools.

Take notice of this, and adjust accordingly.

Also, just for giggles, consider using the decoy option with Nmap and loading in a list of DShield blacklisted addresses (assuming you're not trying to be quiet). It's likely to throw most off your trail.

--
Daniel R. Miessler
W: http://danielmiessler.com
E: daniel@...
P: 0x4048712D

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Penetrating a MySql Server

2009-11-26T18:41:46Z

If you have read permissions, then you can read the error log. If its
a PHP based application, which it is, then you can inject a one-line
PHP backdoor into the error log by making a "bogus" request against
the server. Then the next time you read the error log, your PHP will
execute if you do it right. We've used that technique on many
occasions to get a shell... works very well. :)

Does that make sense?

On Nov 23, 2009, at 5:27 AM, r00fsec@... wrote:

> Hi!!
>
> So...I have a home server . It uses apache , php and MySql (5.0.77).
> It doesn't has any site on it but i create a page with a simple sql
> injection Bug.
> MySql server is running as root user. Now the goal is to take a
> shell in this server just for exercise . I know that it is not so
> easy to find out there a server like this but im now starting to
> "play" with these things.
>
> I have try some technics but i didnt got the shell yet :p Here is
> what im doing..
>
> 1st I use the load_file() function to see any file in the server
> like /etc/passwd
> 2nd i tried to use the technic of into outfile and then use it as
> Remote Code Execution but occurs an error. Because of the permissions.
>
> Thats all i had tried in the home server.
>
> Do you have any idea on how to continue penetrate this server ? If
> you want give me some hints to continue my exercise.
>
> Thanks!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification
> Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs
> require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>

Adriel T. Desautels
ad_lists@...
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: How to write a security vulnerability assessment consulting project

2009-11-26T02:00:51Z

Hi!
you can check ISSAF too: http://www.oissg.org/downloads/issaf-0.2/index.php
Regards,
Miguel

2009/10/16 Nikhil Wagholikar <visitnikhil@...>:

> Hello Kai,
> Like OSSTMM, you can also have a look at OWASP.
> Link: http://www.owasp.org/
> ---
> Nikhil Wagholikar
> Practice Lead | Security Assessments & Digital Forensics
> Network Intelligence India Pvt. Ltd. [NII Consulting]
> Web: http://www.niiconsulting.com/
> Comprehensive Information Security Training
> http://www.iisecurity.in/courses/Training%20Calendar.html
>
> 2009/10/10 Kai <phamtungduong@...>
>>
>> Hi all guys,
>>
>> Our security team is working in a security vulnerability assessment
>> project. The phase one of this project is security vulnerability
>> assessment consulting. But, it is the first time, our team works as
>> consultant, so it is hard to start this phase. So, we have some some
>> concern:
>> - Which methodology can we use? Because, our customer need us to
>> present our methodology which we use in this project.
>> - Can we build the checklists to make reports? If yes, please give us
>> details about these checklists. Which documents can we read to build
>> these checklists?
>>
>> --
>> Best regards,
>>
>> Phạm Tùng Dương
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

--
Miguel Tubía
www.zero-day.info

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: CEH or OSCP?

2009-11-25T15:17:12Z

Ok, is not an advanced course but also not an introductory one.

You are right, you will learn cool stuff like arp|dns spoofing,
crawling, shell programming, basic web attacks (directory traversal,
SQL Injection)

The first modules are basics and definitely you will understand them
without problems, Muts (instructor) has very good skills as a trainer.
The top of this course is Stack Overflows and there is where you could
get lost, specially because there are many topics related.

The think is that the exam is not only about basic stuff.

You can go to training page and download the brochure where you will
find the requirements, if you feel good then go for it!!!!!!

Definitely, any course will give you a new learned experience.

My 1.1 cents

On Wed, Nov 25, 2009 at 2:01 PM, Leandro Quibem Magnabosco
<leandro.magnabosco@...> wrote:

> Danux escreveu:
>>
>> Always the same question from newbies!!! Dont feel that, I asked the
>> same long time ago.
>>
>> If you wanna learn hundred of security tools go for CEH.
>> If you wanna learn how to crete basic hacking tools go for OSCP.
>>
>> If you are a beginner definitely OSCP is not for you.
>>
>
> I consider myself a beginner.
> Wouldn't I learn something from OSCP anyway?
> Is it *that hard* that beginners would not be able to learn enough to make
> it valuable?
>
>
> What do you guys think?
>

--
Daniel Regalado aka Danux
Hacker Wanna Be from Nezahualcoyotl

www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: CEH or OSCP?

2009-11-25T12:01:25Z

Danux escreveu:
> Always the same question from newbies!!! Dont feel that, I asked the
> same long time ago.
>
> If you wanna learn hundred of security tools go for CEH.
> If you wanna learn how to crete basic hacking tools go for OSCP.
>
> If you are a beginner definitely OSCP is not for you.
>
I consider myself a beginner.
Wouldn't I learn something from OSCP anyway?
Is it *that hard* that beginners would not be able to learn enough to
make it valuable?

What do you guys think?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

out of box scanner

2009-11-25T08:16:26Z

I'm currently evaluating some commercial scanners and wanted to get a
feel for others experiences with appscan/cenzic/webinspect. Any
gotcha's with any of these products and can anybody recommend one over
the other?

thanks,
John

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Web Application Scanners Comparison

2009-11-24T19:52:47Z

How about MatriXay 3.0, it is also a commercial web application vulnerability scanner?

anantasec wrote:

Hi all,

In the past weeks, I've performed an evaluation/comparison of three
popular web vulnerability scanners.This evaluation was ordered by a
penetration testing company that will remain anonymous. The vendors
were not contacted during or after the evaluation.

The applications (web scanners) included in this evaluation are:
- Acunetix WVS version 6.0 (Build 20081217)
- IBM Rational AppScan version 7.7.620 Service Pack 2
- HP WebInspect version 7.7.869

I've tested 13 web applications (some of them containing a lot of
vulnerabilities), 3 demo applications provided by the vendors
(testphp.acunetix.com, demo.testfire.net, zero.webappsecurity.com) and
I've done some tests to verify Javascript execution capabilities.

In total, 16 applications were tested. I've tried to cover all the
major platforms, therefore I have applications in PHP, ASP, ASP.NET
and Java.

The report can be found at http://drop.io/anantasecfiles/
The full URL to the PDF document:
http://drop.io/download/497f0f4e/c1d8b2966f85fb8549a18cbe2d789224ea665f45/759c3010-ce68-012b-dcee-f407c7ff11c2/9eeb1f00-cea5-012b-aa7b-f219675fa758/report.pdf/report_pdf.pdf

I've included enough information in this report (the javascript files
used for testing, exact version and URL for all the tested
applications) so anybody with enough patience can verify and reproduce
the results presented here.

Therefore, I will not respond to emails for vendors. You have the
information, fix your scanners!

Best wishes & regards,
anantasec

--
http://anantasec.blogspot.com

Re: Pentest lab box 16 gigs of ram

2009-11-23T10:29:04Z

Hello jk,

I don't see any added value on going with Win7. Why pay for the license?

After you setup vmware server, you won't have to use the host OS anymore.

Vmware is fully administered remotely through its console, so I think
that you should go for the cheapest and least demanding
(resource-wise) solution.

I do need to get a life! ;)
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---
The information contained in this communication is intended solely
for the use of the individual or entity to whom it is addressed
and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended
recipient you are hereby notified that any disclosure, copying,
distribution or taking any action in reliance on the contents of
this information is strictly prohibited and may be unlawful.

If you have received this communication in error, please notify the
sender immediately by responding to this email and then delete
it from your system.

On Thu, Nov 19, 2009 at 1:33 AM, macubergeek <macubergeek@...> wrote:

> All
>
> I'm thinking of building a vmware target box for a pentest practice lab
> consisting of:
>
> cheap Dell server with 16 gigs of ram PowerEdge T105
> vmware workstation
>
> My question is with the host OS.
> I was contemplating the home version of Windows 7 to give me a 64 bit OS to
> support the amount of ram I'm planning on
> Does anyone have any experience with the latest version of VMware
> workstation and if it will run properly on Windows 7?
>
> would 64 bit Ubuntu be a better idea?
> jk
> ------------------------------
> SWYlMjB5b3UlMjBjYW4lMjByZWFkJTIwdGhpcyUyMHlvdSUyMG5lZWQlMjB0byUyMGdldCUyMGElMjBsaWZlLg==
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>

CfP DIMVA 2010 - Detection of Intrusions and Malware & Vulnerability Assessment

2009-11-23T04:18:16Z

Hello List-Member,

attached you'll find the Call for Paper for the International Conference
on Detection of Intrusions and Malware & Vulnerability Assessment. The
focus of the conference DIMVA covers topics on this list, so do not
hesitate to submit your research results as a paper or your ongoing work
as an extended abstract.

best regards,
Sebastian Schmerl (publicity-chair@...)

(We apologize if you receive multiple copies of this message.)
----------------------------------------------------------------------
CALL FOR PAPERS

DIMVA 2010

Seventh International Conference on
Detection of Intrusions and Malware & Vulnerability Assessment

Organized by GI SIG SIDAR
In Cooperation with
IEEE Computer Society Task Force on Information Assurance

Bonn, Germany
July 8-9 2010

http://www.dimva.org/dimva2010
info@...

----------------------------------------------------------------------

The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. Each year DIMVA brings together
international experts from academia, industry and government to
present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI). The
conference proceedings will appear in Springer's Lecture Notes in
Computer Science (LNCS) series.

DIMVA solicits submission of high-quality, original scientific work.
This year we invite two types of paper submissions:

* Full papers, presenting novel and mature research results. Full
papers are limited to 20 pages, prepared according to the
instructions provided below. They will be reviewed by the program
committee, and papers accepted for presentation at the conference
will be included in the proceedings.

* Short papers (extended abstracts), presenting original, still
ongoing work that has not yet reached the maturity required for a
full paper. Short papers are limited to 10 pages, prepared according
to the instructions provided below. They will also be reviewed by
the program committee, and papers accepted for presentation at the
conference will be included in the proceedings (containing Extended
Abstract in the title).

DIMVA's scope includes, but is not restricted to the following areas:

* Intrusion Detection
+ Novel approaches & new environments
+ Insider detection
+ Prevention & response
+ Data leakage
+ Result correlation & cooperation
+ Evasion attacks
+ Potentials & limitations
+ Operational experiences
+ Privacy, legal & social aspects

* Malware Detection
+ Automated analysis, reversing & execution tracing
+ Containment & sandboxed operation
+ Acquisition of specimen
+ Infiltration
+ Behavioral models
+ Prevention & containment
+ Trends & upcoming risks
+ Forensics & recovery
+ Economic aspects

* Vulnerability Assessment
+ Vulnerability detection & analysis
+ Vulnerability prevention
+ Web application security
+ Fuzzing techniques
+ Classification & evaluation
+ Situational awareness

Organizing Committee

General Chair: Marko Jahnke, Fraunhofer FKIE, Wachtberg,
Germany (info@...)
Program Chair: Christian Kreibich, International Computer
Science Institute, Berkeley, USA
(pc-chair@...)
Local Chair: Jens Toelle, Fraunhofer FKIE, Wachtberg,
Germany (info@...)
Rump Session Chair: Sven Dietrich, Stevens Institute of Technology,
USA (rump-chair@...)
Sponsorship Chair: Felix Leder, University of Bonn, Germany
(sponsor-chair@...)
Publicity Chair: Sebastian Schmerl, Technical University of
Cottbus, Germany (publicity-chair@...)

Program Committee

* Michael Bailey, University of Michigan, USA
* Herbert Bos, Vrije Universiteit Amsterdam, Netherlands
* Juan Caballero, CMU/UC Berkeley, USA
* Herve Debar, Telecom SudParis, France
* Sven Dietrich, Stevens Institute of Technology, USA
* Holger Dreger, Siemens CERT, Germany
* Ulrich Flegel, SAP Research, Germany
* Carrie Gates, CA Labs, Canada
* Chris Grier, University of California, Berkeley, USA
* Guofei Gu, Texas A&M University, USA
* Thorsten Holz, Vienna University of Technology, Austria
* Piotr Kijewski, NASK/CERT Polska, Poland
* Engin Kirda, Eurecom, France
* Christopher Kruegel, University of California, Santa Barbara, USA
* Wenke Lee, Georgia Institute of Technology, USA.
* Corrado Leita, Symantec Research Labs, France
* Kirill Levchenko, University of California, San Diego, USA
* Pavel Laskov, University of Tuebingen, Germany
* Ludovic Me, Supelec, France
* Michael Meier, Technical University of Dortmund, Germany
* Tyler Moore, Harvard University, USA
* Lexi Pimenidis, iDev GmbH, Germany
* Moheeb Rajab, Google/Johns Hopkins University, USA
* Robin Sommer, ICSI/LBNL, USA
* Henry Stern, Cisco/Ironport, USA
* Diego Zamboni, IBM Research, Switzerland

Important Dates

Deadline for paper submission: February 5, 2010
Notification of acceptance/rejection: April 5, 2010
Final camera-ready copies due: April 26, 2010
Conference: July 8-9, 2010

Paper Submission

All papers must be submitted electronically in PDF format via the
conference Web site. Submissions must be formatted according to the
instructions provided by Springer Verlag. For instructions, see
http://www.springer.de/comp/lncs/authors.html .

Submitted papers must be in English and must not substantially
overlap work that has been published before, or that is
simultaneously in submission to a journal or a conference with
proceedings. Simultaneous submission, submission of previously
published work, and plagiarism constitute dishonesty or fraud. DIMVA
prohibits these practices and may take appropriate action against
authors who have committed them.

Authors of accepted papers must ensure that their papers will be pre-
ented at the conference. Presentations must also be held in English.
Details about the electronic submission procedure will be provided on
the conference Web site by the end of December 2009. Authors of ac-
cepted papers must follow the Springer guidelines for preparation of
camera-ready copies. Details of the process will be provided to the
authors in time.

Rump session

As in previous years, DIMVA 2010 will hold a Rump Session: a series
of short and entertaining talks where attendees can present recent
research results, work in progress, or other topics of interest to
the community. Please contact the Rump Session Chair for submission
questions.

Sponsorship Opportunities

We solicit interested organizations to serve as sponsors for DIMVA
2010; please contact the sponsorship chair for information regarding
corporate sponsorship.

Steering Committee

Chairs:

* Ulrich Flegel, SAP Research, Germany
* Michael Meier, Technical University of Dortmund, Germany

Members:

* Roland Bueschkes, RWE, Germany
* Danilo M. Bruschi, Universita degli Studi di Milano, Italy
* Herve Debar, Telecom SudParis, France
* Bernhard Haemmerli, Acris GmbH & HSLU Lucerne, Switzerland
* Marc Heuse, Baseline Security Consulting, Germany
* Klaus Julisch, IBM Zurich Research Lab, Switzerland
* Christopher Kruegel, UC Santa Barbara, USA
* Pavel Laskov, University of Tuebingen, Germany
* Robin Sommer, ICSI/LBNL, USA
* Diego Zamboni, IBM Zurich Research Lab, Switzerland

--
_____________________________________________________________________
Sebastian Schmerl Tel: +49 (0) 355 69 20 29
sbs@... Fax: +49 (0) 355 69 21 27
BTU Cottbus

Computer Networks and Communication System
P.O.Box 10 13 44, 03013 Cottbus, Germany
http://www-rnks.informatik.tu-cottbus.de
_____________________________________________________________________

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Penetrating a MySql Server

2009-11-23T02:27:59Z

Hi!!

So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page with a simple sql injection Bug.
MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it is not so easy to find out there a server like this but im now starting to "play" with these things.

I have try some technics but i didnt got the shell yet :p Here is what im doing..

1st I use the load_file() function to see any file in the server like /etc/passwd
2nd i tried to use the technic of into outfile and then use it as Remote Code Execution but occurs an error. Because of the permissions.

Thats all i had tried in the home server.

Do you have any idea on how to continue penetrate this server ? If you want give me some hints to continue my exercise.

Thanks!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Tools Update - third week of november 2009

2009-11-22T02:04:29Z

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

New articles
--------------------------

** Process Hacker v1.7 released **
by ToolsTracker
- 21 November 2009

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Version 1.7

NEW/IMPROVED

#2873973 - "Columns window improvements"

New settings system - settings can now be saved anywhere

Decreased memory and CPU usage

Process Hacker probably runs on Windows 2000 now

FIXED

#2880368 - "Highlight Option (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-7-released.html

** Hyena v8.0 32-bit & 64-bit released **
by ToolsTracker
- 21 November 2009

Hyena is a tool for day-to-day administration of Windows NT and Windows
XP/2000/2003 systems. Now Windows 7 too.

Hyena brings together all of the administrative tools from Windows NT such
as User Manager, Server Manager, and File Manager/Explorer, and many of the
MMC components from Windows 2000/2003 into a single, easy-to-use,
centralized program. Hyena arranges all system objects, such as users,
servers, and groups, in a hierarchical tree for easy and logical system
administration. (...)

->
http://www.security-database.com/toolswatch/Hyena-v8-32-bit-64-bit-released.html

** VideoJak v2.0 - IP Video security assessment tool **
by ToolsTracker
- 20 November 2009

VideoJak is an IP Video security assessment tool that can simulate a proof
of concept video interception or replay test against a targeted,
user-selected video session.

This tool is designed in consideration of todays UC infrastructure
implementions in which QoS requirements dictate the separation of data and
VoIP/Video into discrete networks or VLANs.

VideoJak is a proof of concept security assessment tool that can be used
to test video applications.

VideoJak feature list:

VLAN (...)

->
http://www.security-database.com/toolswatch/VideoJak-v2-IP-Video-security.html

** iWatch v0.2.2 - realtime filesystem monitoring program **
by ToolsTracker
- 19 November 2009

iWatch is a realtime filesystem monitoring program. Its purpose is to
monitor any changes in a specific directory or file and send email
notification immediately after the change.

This can be very useful to watch a sensible file or directory against any
changes, like files /etc/passwd, /etc/shadow or directory /bin or to
monitor the root directory of a website against any unwanted changes.

Features

run in command line mode as well as in daemon mode

using an easy xml configuration file (...)

->
http://www.security-database.com/toolswatch/iWatch-v0-2-2-realtime-filesystem.html

** Xplico v0.5.3 released **
by ToolsTracker
- 18 November 2009

The goal of Xplico is extract from an internet traffic capture the
applications data contained. For example, from a pcap file Xplico extracts
each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP
call (SIP), FTP, TFTP, and so on. Xplico isnt a network protocol
analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Xplico is released under the GNU General Public License.

Version 0.5.3

snoop Packet Capture File Format as input file

DNS (...)

-> http://www.security-database.com/toolswatch/Xplico-v0-5-3-released.html

** inSSIDer v1.2.3.1014 - Wi-Fi network scanner **
by ToolsTracker
- 18 November 2009

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista
and Windows XP. Because NetStumbler doesn't work well with Vista and 64-bit
XP, exits an open-source Wi-Fi network scanner designed for the current
generation of Windows operating systems.

InSSIDer is licensed under the Apache License, Version 2.0.

What's Unique about inSSIDer?

Use Windows Vista and Windows XP 64-bit.

Uses the Native Wi-Fi API.

Group by Mac Address, SSID, Channel, RSSI and "Time Last Seen." (...)

->
http://www.security-database.com/toolswatch/inSSIDer-v1-2-3-1014-Wi-Fi-network.html

** Knock v1.3b - subdomain bruteforcer scan **
by ToolsTracker
- 18 November 2009

Knock is a python script designed to enumerate subdomains on a target
domain trought a wordlist. This code is released under the GNU / GPL v3.

Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or
minor).

Usage:

python knock.py [ -url ] [ wordlist ]

View the Demo and the Output

Documentation

Required:

Python version 2.6.x or minor.

A wordlist

Tool Submittted by Gianni Amato, author of this (...)

->
http://www.security-database.com/toolswatch/Knock-v1-3b-subdomain-bruteforcer.html

** MS CAT.NET v1.1.1.9 - Code Analysis Tool .NET **
by ToolsTracker
- 18 November 2009

CAT.NET is a binary code analysis tool that helps identify common variants
of certain prevailing vulnerabilities that can give rise to common attack
vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath
Injection.

CAT.NET is a snap-in to the Visual Studio IDE that helps you identify
security flaws within a managed code (C#, Visual Basic .NET, J#)
application you are developing. It does so by scanning the binary and/or
assembly of the application, and tracing the data (...)

->
http://www.security-database.com/toolswatch/MS-CAT-NET-v1-1-1-9-Code-Analysis.html

** log2timeline v0.33b - artifact timeline creation and analysis **
by ToolsTracker
- 18 November 2009

log2timeline is a framework for artifact timeline creation and analysis.
The main purpose is to provide a single tool to parse various log files and
artifacts found on suspect systems (and supporting systems, such as network
equipment) and produce a body file that can be used to create a timeline,
using tools such as mactime from TSK, for forensic investigators.

The tool is written in Perl for Linux but has been tested using Mac OS X
(10.5.7+ and 10.6.+). Parts of it should work (...)

->
http://www.security-database.com/toolswatch/log2timeline-v0-33b-artifact.html

** Metasploit Framework v3.3 released (includes support for Windows 7) **
by ToolsTracker
- 17 November 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

Version 3.3 is the latest stable release of the Metasploit (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-released.html

** PDFResurrect v0.9 released **
by ToolsTracker
- 17 November 2009

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format
allows for previous document changes to be retained in a more recent
version of the document, thereby creating a running history of changes for
the document. This tool attempts to extract all previous versions while
also producing a summary of changes between versions.

Version 0.9

This is a bug fix release and addresses the gathering of data (within
limit) for the Creator MetaData at the end of a (...)

->
http://www.security-database.com/toolswatch/PDFResurrect-v0-9-released.html

** Metasploit Framework v3.3 Release Candidate 2 released **
by ToolsTracker
- 17 November 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

This 3.3 release candidate is last minute test release of (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-Release.html

** Offensive-Security released its Exploit Database **
by Tools Tracker Team
- 16 November 2009

The ultimate archive of exploits and vulnerable software and a great
resource for vulnerability researchers and security addicts alike.
Offensive-Security aim is to collect exploits from submittals and various
mailing lists and concentrate them in one, easy to navigate database. When
possible, we've added the vulnerable software for download. We are still in
the process of organizing the database. You can Download the relevant
exploit by clicking the "D" and when available, download the (...)

->
http://www.security-database.com/toolswatch/Offensive-Security-released-its.html

** (IN)Secure Magazine issue 23 released **
by ToolsTracker
- 16 November 2009

(IN)SECURE Magazine is a free digital security publication discussing some
of the hottest information security topics.

Issue 23

Microsoft's security patches year in review: A malware researcher's
perspective

A closer look at Red Condor Hosted Service

Report: RSA Conference Europe 2009, London

The U.S. Department of Homeland Security has a vision for stronger
information security

Q&A: Didier Stevens on malicious PDFs

Protecting browsers, endpoints and enterprises against new Web-based (...)

->
http://www.security-database.com/toolswatch/IN-Secure-Magazine-issue-23.html

** PenTester Scripting Logo Competition (Results) **
by ToolsTracker
- 16 November 2009

PenTester Scripting website is a very handy collection of Scripts (ruby,
shell, perl...) initiated by a group of researchers to make our pentests
journey easier. The scripts are focused into 8 categories (recon, mapping,
discovery, exploitation and so on).

From Security-Database we want to thank to all those that voted for Max's
logo.

Fortunately, Max Soler won the competition!!!

Results

More information: (...)

->
http://www.security-database.com/toolswatch/PenTester-Scripting-Logo,856.html

** Katana v1.0 (Kyuzo) released - multi-boot security suite **
by ToolsTracker
- 16 November 2009

Katana is a portable multi-boot security suite designed for all your
computer security needs. The idea behind this tool is to bring together all
of the best security distributions to run from one USB drive. Katana
includes distributions which focus on Penetration Testing, Auditing,
Password Cracking, Forensics and Honey Pots.

Katana comes with over 100 portable Windows applications such as
Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG.

Version 1.0

Updated Ophcrack Live, Backtrack (...)

->
http://www.security-database.com/toolswatch/Katana-v1-Kyuzo-released-multi.html

Kind Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolWatch Leader
Security-Database
Argentina

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Malware Analysis

2009-11-21T22:12:02Z

Hi,

Not sure what happened to my last post, so I'll just reiterate it!

Of many anti-malware software I've tried, MalwareBytes (free) seems to
be the best.

However, I haven't tested the latest ones, so I'd recommend (if you
have the time) to test out as many of the different free/trial malware
detection/removal software as you can, then decide for yourself.

Best of luck,

Panarchy

On Wed, Nov 11, 2009 at 9:35 AM, Murda Mcloud <murdamcloud@...> wrote:

> Hi JMK,
> I welcome the expansion of the thread to include process as well as tools.
> I guess it just got me thinking about other tools. You're right on the money
> when you say that it is essential to have a framework for the tools to work
> within.
>
> As for the IR threads, check out
> http://www.securityfocus.com/archive
>
>> >-----Original Message-----
>> >From: listbounce@... [mailto:listbounce@...]
>> >On Behalf Of kmj1268@...
>> >Sent: Wednesday, November 11, 2009 3:55 AM
>> >To: murdamcloud@...; kmj1268@...; security-
>> >basics@...
>> >Subject: RE: Malware Analysis
>> >
>> >Yes.
>> >I did notice the thread was around tools. However, I just wanted to talk
>> >about the process as well so that was my 2 cents worth. I also mentioned
>> >the TCPView tool which is great at allowing you to tie process visually
>> >to
>> >network connections. Like they say, the devil is in the details. Even if
>> >you have the best tools, it's how you use them that makes the biggest
>> >difference.
>> >
>> >I wonder if there is a thread or security focus list around Incidence
>> >Response in the event of a breach, virus attack, etc. That would be
>> >another
>> >good topic to discuss as far as processes.
>> >
>> >As far as the question, what's in your RAM?
>> >
>> >You should check out this episode at hak5.org.
>> >I am not affiliated with this podcasting group, but they always have
>> >great
>> >episodes around this kind of thing.
>> >
>> >http://www.hak5.org/?s=Cold+boot+attack
>> >
>> >Thanks..
>> >JMK
>> >
>> >Original Message:
>> >-----------------
>> >From: Murda Mcloud murdamcloud@...
>> >Date: Tue, 10 Nov 2009 10:13:50 +1000
>> >To: kmj1268@..., security-basics@...
>> >Subject: RE: Malware Analysis
>> >
>> >
>> >Good points. I know that the OP was asking for straightforward tools for
>> >some basic tasks but I began to wonder whether having the ability to
>> >capture
>> >the physical memory as well might come in useful, especially as the
>> >systems
>> >may be allowed to stay 'live'. Windd is good for that.
>> >
>> >> >-----Original Message-----
>> >> >From: listbounce@...
>> >[mailto:listbounce@...]
>> >> >On Behalf Of kmj1268@...
>> >> >Sent: Tuesday, November 10, 2009 5:10 AM
>> >> >To: security-basics@...
>> >> >Subject: Malware Analysis
>> >> >
>> >> >In relation to the copied thread below, this is some great discussion.
>> >> >
>> >> >I have been fascinated with the science of malware analysis myself,
>> >and
>> >> >there is so much to learn. While I am not an expert, what I generally
>> >> >see
>> >> >happen with a machine is processes (either hidden by rootkits or not
>> >> >hidden) taking over network connections and phoning home to control
>> >and
>> >> >command centers to grow the botnet army. You always have to take the
>> >> >assumption that you could have a rootkit and start from there. The
>> >> >problem
>> >> >with rootkits is they make everyday programs on the suspect's running
>> >OS
>> >> >that should be innocuous operate differently and hide behavior. What
>> >I
>> >> >have always seen as a recommendation is to take a suspect machine's
>> >drive
>> >> >out and have it scrubbed and analyzed with a live forensic distro.
>> >Better
>> >> >yet, use a Live CD distro such as clonezilla to create a bit for bit
>> >> >clone
>> >> >of the hard drive. A popular one is Trinity Rescue. The key is
>> >working
>> >> >with something that is not native to the suspect machine. You cant
>> >trust
>> >> >the programs or what kind of response you might get if you run
>> >programs
>> >> >on
>> >> >a possibly rootkitted machine or one that is compromised. What you
>> >can
>> >> >trust is the programs on a live CD/DVD and the traffic you see on your
>> >> >network. Now when the machine is running and I want to do analysis, I
>> >> >usually will carry a hub with me (they are certainly hard to find now
>> >> >adays) and will run wireshark on the traffic for the suspect machine.
>> >> >Have
>> >> >it running with all explorer sessions shut down and the machine
>> >started
>> >> >from a reboot - but the machine doesnt need to be connected to the
>> >> >network.
>> >> >If there are rogue processes they will show up in wireshark. Then
>> >> >after
>> >> >you identify rogue network processes you can use a program like
>> >TCPView
>> >> >which will tie back a connection to a program and then you can
>> >> >investigate
>> >> >that program to see if it is malicious.
>> >> >
>> >> >Anyways, I just wanted to chime in and say thanks and offer my two
>> >cents
>> >> >for whatever it is worth. There is certainly more than one way to
>> >> >approach
>> >> >the analysis. I would be interested in learning more about the
>> >processes
>> >> >folks on this thread run through in this type of event.
>> >> >
>> >> > There is some excellent feedback and advice in this thread and I am
>> >glad
>> >> >to be able to take away some good advice myself.
>> >> >
>> >> >Thanks so much....
>> >> >
>> >> >JMK
>> >> >J. Mark Kellerman, CISSP, CCSA-NGX
>> >> >Snr Security Engineer.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >Sent from my iPhone
>> >> >
>> >> >Begin forwarded message:
>> >> >
>> >> >From: Murda Mcloud
>> >> ><murdamcloud@...<mailto:murdamcloud@...>>
>> >> >Date: November 4, 2009 11:46:13 PM EST
>> >> >To: 'exzactly' <exzactly@...<mailto:exzactly@...>>,
>> >> >"security-basics@...<mailto:security-
>> >> >basics@...>
>> >> >"
>> >> ><security-basics@...<mailto:security-
>> >> >basics@...>
>> >> >>
>> >> >Subject: RE: Security Toolkit for dummies
>> >> >
>> >> >Fport might come in handy.
>> >> >I'm guessing you want 'clean' versions of everything because who knows
>> >> >what
>> >> >is running on the box itself or what has been modified.
>> >> >How will you be able to trust that the cmd window that you run some of
>> >> >these
>> >> >from is legit? Or that it will run at all?
>> >> >Maybe a cmd alternative will help, too.
>> >> >Fciv so you could check hashes?
>> >> >Regalyzer?
>> >> >
>> >> >
>> >> >Will you image the machines before allowing the support guys to do
>> >their
>> >> >stuff?
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >-----Original Message-----
>> >> >From:
>> >listbounce@...<mailto:listbounce@...>
>> >> >[mailto:listbounce@...]
>> >> >On Behalf Of exzactly
>> >> >Sent: Thursday, November 05, 2009 4:27 AM
>> >> >To: <mailto:security-basics@...>
>> >> >security-basics@...<mailto:security-
>> >> >basics@...>
>> >> >Subject: Security Toolkit for dummies
>> >> >
>> >> >I am currently working on a (free)toolkit to pass down to Tier 3 and
>> >Tier
>> >> >2
>> >> >to be used in the event of a breach/infection or suspected
>> >> >breach/infection.
>> >> >In a nutshell I want to give them some tools to use to gain further
>> >> >information about the system and processes and/or malicious tools
>> >running
>> >> >on
>> >> >it. This toolkit is designed for a Windows desktop and Server
>> >> >environment. I
>> >> >am looking at building out tools that are fairly easy to use and do
>> >not
>> >> >require much training. Currently I have the following tools on it:
>> >> >
>> >> >(SysInternal tools)
>> >> >Autoruns
>> >> >PortMon
>> >> >Process Explorer
>> >> >Process Monitor
>> >> >Ps Tools
>> >> >Logon Sessions
>> >> >
>> >> >Other tools:
>> >> >Adaware
>> >> >
>> >> >
>> >> >Is there anything else folks out there are using to provide their
>> >lower
>> >> >level support guys with some tools for informational gathering
>> >> >purposes....the tools have to run offline as systems are removed in
>> >the
>> >> >event of a breach or infection...I am not looking for a full blown
>> >> >forensics
>> >> >kit, just something I can train folks unfamiliar with tool fairly
>> >> >quickly...
>> >> >
>> >> >
>> >> >----------------------------------------------------------------------
>> >--
>> >> >Securing Apache Web Server with thawte Digital Certificate
>> >> >In this guide we examine the importance of Apache-SSL and who needs an
>> >> >SSL certificate. We look at how SSL works, how it benefits your
>> >company
>> >> >and how your customers can tell if a site is secure. You will find out
>> >> >how to test, purchase, install and use a thawte Digital Certificate on
>> >> >your Apache web server. Throughout, best practices for set-up are
>> >> >highlighted to help you ensure efficient ongoing management of your
>> >> >encryption keys and digital certificates.
>> >> >
>> >>
>> >>http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
>> >f
>> >> >727d1
>> >> >----------------------------------------------------------------------
>> >--
>> >> >
>> >> >
>> >> >----------------------------------------------------------------------
>> >--
>> >> >Securing Apache Web Server with thawte Digital Certificate
>> >> >In this guide we examine the importance of Apache-SSL and who needs an
>> >> >SSL
>> >> >certificate. We look at how SSL works, how it benefits your company
>> >and
>> >> >how
>> >> >your customers can tell if a site is secure. You will find out how to
>> >> >test,
>> >> >purchase, install and use a thawte Digital Certificate on your Apache
>> >web
>> >> >server. Throughout, best practices for set-up are highlighted to help
>> >you
>> >> >ensure efficient ongoing management of your encryption keys and
>> >digital
>> >> >certificates.
>> >> >
>> >>
>> >>http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
>> >f
>> >> >727
>> >> >d1
>> >> >----------------------------------------------------------------------
>> >--
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >--------------------------------------------------------------------
>> >> >mail2web.com - Enhanced email for the mobile individual based on
>> >> >MicrosoftR
>> >> >Exchange - http://link.mail2web.com/Personal/EnhancedEmail
>> >> >
>> >> >
>> >> >
>> >> >----------------------------------------------------------------------
>> >--
>> >> >Securing Apache Web Server with thawte Digital Certificate
>> >> >In this guide we examine the importance of Apache-SSL and who needs an
>> >> >SSL certificate. We look at how SSL works, how it benefits your
>> >company
>> >> >and how your customers can tell if a site is secure. You will find out
>> >> >how to test, purchase, install and use a thawte Digital Certificate on
>> >> >your Apache web server. Throughout, best practices for set-up are
>> >> >highlighted to help you ensure efficient ongoing management of your
>> >> >encryption keys and digital certificates.
>> >> >
>> >>
>> >>http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
>> >f
>> >> >727d1
>> >> >----------------------------------------------------------------------
>> >--
>> >
>> >
>> >------------------------------------------------------------------------
>> >Securing Apache Web Server with thawte Digital Certificate
>> >In this guide we examine the importance of Apache-SSL and who needs an
>> >SSL
>> >certificate. We look at how SSL works, how it benefits your company and
>> >how your customers can tell if a site is secure. You will find out how to
>> >test, purchase, install and use a thawte Digital Certificate on your
>> >Apache
>> >web server. Throughout, best practices for set-up are highlighted to help
>> >you ensure efficient ongoing management of your encryption keys and
>> >digital
>> >certificates.
>> >
>> >http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f
>> >727
>> >d1
>> >------------------------------------------------------------------------
>> >
>> >
>> >--------------------------------------------------------------------
>> >mail2web LIVE - Free email based on MicrosoftR Exchange technology -
>> >http://link.mail2web.com/LIVE
>> >
>> >
>> >
>> >------------------------------------------------------------------------
>> >Securing Apache Web Server with thawte Digital Certificate
>> >In this guide we examine the importance of Apache-SSL and who needs an
>> >SSL certificate. We look at how SSL works, how it benefits your company
>> >and how your customers can tell if a site is secure. You will find out
>> >how to test, purchase, install and use a thawte Digital Certificate on
>> >your Apache web server. Throughout, best practices for set-up are
>> >highlighted to help you ensure efficient ongoing management of your
>> >encryption keys and digital certificates.
>> >
>> >http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f
>> >727d1
>> >------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

Re: Windows Internationalization?

2009-11-21T15:34:31Z

It's been a bit, but I used to do work (remotely) on machines in
Singapore sometimes & I seem to recall everything being in (what I
assume was) Chinese.

As far as the internals go, I noticed some exploits in Metasploit have
'Windows XP Chinese' as a target, so I guess there is some difference
in the return addresses & such.

I see mention on foofus.net from 06/21/2007 about Chinese language
packs that states: "I know there is still an issue with some Unicode-
centric versions of XP (specifically, some Chinese language packs). I
started working on this a bit, but have been swamped. Hopefully I'll
get some updates to this soon.".

Maybe that has been corrected since, if not in pwdump6 than in fgdump...

On Wed, Nov 18, 2009 at 4:00 PM, Jon Kibler <Jon.Kibler@...> wrote:

Re: Firewall Type Fingerprinting

2009-11-21T13:00:40Z

Nmap should be the right tool, it can recognize many target systems. Get
it at http://nmap.org, see the docs for more information.

Regards,
Edin

Zaki Akhmad schrieb:
> Hello,
>
> Can we do firewall type fingerprinting? With what tools? I want to
> know the type of the firewall in front of the web server.
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Replicating the Gonzalez Cyber Attacks through Penetration Testing

2009-11-20T16:07:11Z

--------------------------------------------------------------------------------
YOU'RE INVITED: IT SECURITY ON DEMAND WEBCAST

"Replicating the Gonzalez Cyber Attacks through Penetration Testing"
Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
---------------------------------------------------------------------------------

Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations.

Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.

> Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez

During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages:

* the initial web application compromise via SQL Injection
* the use of a well-known backend database command to make the attacks even
* more invasive
* the planting of malware on the backend database server
* the collection and transmission of credit card transactions to the
* attackers

Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ...

* assessing how deployed defenses react to specific threats
* revealing what systems and data would be exposed by a breach
* depicting how chains of vulnerabilities open paths to mission-critical
* systems and information
* providing actionable data for immediately mitigating critical exposures
* repeating tests to ensure the effectiveness of remediation efforts

This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats.

> Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Firewall Type Fingerprinting

2009-11-20T15:32:08Z

Am Thu, 19 Nov 2009 16:09:02 +0700
schrieb Zaki Akhmad <zakiakhmad@...>:
>
> Can we do firewall type fingerprinting? With what tools? I want to
> know the type of the firewall in front of the web server.

Sometimes - if so, a simple portscan can tell things. Sometimes service
gateways / proxies are a giveaway

- There are typical ports for some firewalls
(services like http-auth, VPN-ports)

- Some FWs tell their name when using a Layer7 protocol filter.

- Some have a very distinct appearance in a portscan
(esp. Raptor / Symantec Enterprise).

- Some have specific modifications to the IKE protocol (use IKEscan).

- Some can be identified by NMAP / Hping2 OS scan.

Usually: the "tighter" a FW is configured the harder it is to find out
its brand, too...

I don't know any special tools - usually NMAP is sufficient for most of
the tests above. Plus a bit of experience to interpret the results
unless they are blantantly obvious from service names...

Bye

Volker

--

Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@... PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Using linux firewalls for PCI compliant infrastructure

2009-11-20T09:05:48Z

Hi

We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been AOK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).

I'm personally very happy with the iptables firewalls - we can use all
the standard components for firewalls that we use for everything else
(including standard administration methods, patching and so forth).

What do you think, would a commercial firewall provide a tangible
improvement in security?
Is anyone else using linux-based firewalls for PCI (or otherwise
sensitive) infrastructure?

Best regards,
Siim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Different ways to portscan IPS

2009-11-20T03:02:57Z

What are the different ways of port scanning the target when an IPS in placed.

Some of the methods I used are:

1. Delay the scan prob (nmap --scan-delay)

2. Integrating the scanner with TOR

Regards
Vimal

web : http://www.maestro-sec.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Re: Firewall Type Fingerprinting

2009-11-20T02:50:56Z

On Thu, 2009-11-19 at 16:09 +0700, Zaki Akhmad wrote:
> Hello,
>
> Can we do firewall type fingerprinting? With what tools? I want to
> know the type of the firewall in front of the web server.

If you know what to look for, absolutely. I have yet to see an automated
tool beyond what I've scripted myself. Check out question 13 below as
well as the answer, I've documented a portion of the process:

http://www.chrisbrenton.org/2009/07/test-your-network-security-skills/

Thought about releasing this as a tool but the potential is a bit
scary. ;-)

HTH,
Chris
--
www.chrisbrenton.org

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------