SecuraBit

Before It Bytes!

SecuraBit Episode 39: Stealing candy from little kids everywhere!!!

SecuraBit Episode 39 – Stealing candy from little kids everywhere!!!

Jay brought up that some government web sites will be switching to an OpenID authentication

What Does DHS Know About You?
How to request your travel records

TwiGUARD

Seesmic Desktop
TweetDeck

MS IIS FTPD DoS ZER0DAY

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

Poison Ivy Remote Administration Tool

FRHACK: Pentesting Live DVD

Upcoming Events:

Phreaknic 13 – October 30 – November 1 2009

SANS Cyber Defense Initiative – Washington, DC – December 11 – 18, 2009

ToorCon – San Diego Convention Center -  October 23rd-25th, 2009

See our complete list of upcoming Cons and Webcasts.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Penetration Testing Training on the Cheap

I have been looking into finding a decent Penetration Testing training.  There are a lot of cheap (under $550), self-paced training out there.  I have accumulated the list below (most of which are on sale this month).  If you have taken any of these, drop a comment and let us know how they turned out.

Penetration Testing with BackTrack

“Pentesting with BackTrack” (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

The cost for the course is $550 for training videos and documents and 30 days of lab time.  For $150 more, you can get 60 days of lab time or purchase 30 extra days after the fact for $200.  I have heard great things about Offensive Security Courses and would expect this to be top notch.

Heorot.net

Heorot.net offers two penetration courses ranging from fundamentals to intermediate:

Penetration Testing Fundamentals Course

For those just starting out in the field of professional penetration testing, the Fundamentals course will provide a thorough understanding of how a professional penetration test is conducted and the methodologies behind performing an attack. It is suggested you already have a familiarity with basic Linux commands and file structure.

Intermediate Penetration Testing Course

For those individuals familiar with hacker tools who have some penetration testing experience, the Intermediate course will provide a comprehensive understanding of how to run a penetration test in a real-world environment. Students should have a solid understanding of Linux and the ability to effectively use commercial and Open Source hacker tools.

Heorot.net was founded by Thomas Wilhelm who has contributed to the Security community with a number of great books such as Netcat Power Tools and Professional Penetration Testing along with providing the De-Ice PenTesting Live CD’s.  You get access to the online videos for 30 days, two live CD’s that are downloadable,  and an autographed copy of Thomas’ new book Professional Penetration Testing.  The cost of the Fundamentals course is $395 and is currently discounted to $295 until October 1.  The Intermediate course comes in a little more at $595 and is currently discounted to $445 until October 1.  You also get access to version 2.0 of the courses that come out after Oct 1.  The Fundamentals course looks very intriguing since at $295, you get some decent training and an $80 text book.  Quite a good deal.

So You Wanna Be A Pentester

This was one I never heard of, until MattJay commented on it on Twitter.  This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.   Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

How the course is run is quite different from the ones mentioned above.  You will receive courseware and lab manual PDF’s, but you also get three 30 minute phone calls with Joe McCray to walk you through specific lab exercises and/or answer questions.  This seems like a very interesting way to run it with the chance of interacting with a what appears to be personal phone calls with a trainer.  You also get 30 Day Unlimited Access to LSO Lab Network from the day of course registration. The cost of the course is $300 and is currently discounted to $200 until Oct 1st. They also have a So You Wanna Be A Web App Pentester course for $450 but currently discounted to $300.

This is one of the more unknown trainings to me, so if anyone has comments on it or any training, we would love to hear them.  If there are any other cheap ones out there, drop that in the comments too. 🙂

Upcoming Cons and Webcasts

As we mentioned on Episode 39, there are lots of great cons coming up.  Here is all the links you need to find out more information:

Pittsburgh Information Security Users Group (PittSUG) Capture the Flag Event – September 17, 2009

BrucCON 2009 – September 18-19, 2009 – Speakers: Chris Gates, Chris Nickerson, Jayson Street, and many more!

Louisville Metro Infosec Conference – October 8, 2009 8am – 5pm – Speakers: John Strand, Lee Kushner, Scott Moulton, Adrian “IronGeek” Crenshaw, and many more!

ToorCon -  October 23-25, 2009

Rochester Security Summit – October 28-29, 2009 – Speakers: Rob Fuller (Mubix), Larry Pesce, Bruce Potter, Ed Skoudis and many more!

Phreaknic 13 – October 30 – November 1, 2009

DojoCon – November 6-7, 2009 – Speakers: Marcus J. Carey, Marcus J. Ranum, Richard Bejtlich, Ron Gula, and many more!

SecurityTubeCon – November 6-8, 2010

SANS Cyber Defense Initiative – December 11 – 18, 2009

Shmoocon – Feburary 5-7, 2010

NOTACON – April 15-18, 2010

There are also lots of great free webcasts coming up in the next few months (some posted on the EDUCAUSE Security List):

WhatWorks in Intrusion Detection and Prevention: Securing Servers for PCI Compliance with The White Company
WHEN: Friday, September 11, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Stop Cache Poisoning Attacks With DNSSEC
WHEN: Monday, September 14, 2009 at 1:00 PM EDT (1700 UTC/GMT)

SIEM and DLP – Strength in Integration
WHEN: Tuesday, September 15, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Staying Ahead of the Latest Endpoint Security Threats Featuring highlights from the IBM X-Force 2009 Mid-year Trend and Risk Report
WHEN: Thursday, September 17, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Building the Business Case for Penetration Testing
WHEN: Thursday, September 17, 2009 at 1:00 PM EDT (1700 UTC/GMT)

It All Starts with Log Management: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency
WHEN: Thursday, September 24, 2009 at 1:00 PM EDT (1700 UTC/GMT)

WhatWorks in Firewalls, Enterprise Antivirus and Unified Threat Management: Virtualizing Server Security with the U.S. Army Human Resource Command
WHEN: Monday, September 28, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Identity-Aware Networking Done Right
WHEN: Tuesday, September 29, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Is Your Organization Losing the Cyber-War?
WHEN: Wednesday, September 30, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Transparent Data Encryption: New Technologies and Best Practices for Database Encryption
WHEN: Thursday, October 1, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Finding the Root Cause of Any Security Alert – Fast
WHEN: Wednesday, October 7, 2009 at 1:00 PM EDT (1700 UTC/GMT)

IT Audit for the Virtual Environment
WHEN: Thursday, October 08, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Automated Malware Threat Analysis: Getting actionable intelligence on attacks effectively and efficiently
WHEN: Wednesday, October 21, 2009 at 1:00 PM EDT (1700 UTC/GMT)

Post any others that you know in the comments and we will add them to the list!

Web 2.0 and common sense

Web 2.0 and cloud computing seem to be getting equal amounts of publicity as of lately however despite public press about vulnerabilities associated with such, users are either unknowingly or unwillingly changing their habits and therefore fall victim to easily preventable compromises that are taking place.

Twitter has had overwhelming success in the past year and has grown well beyond initial expectations.  Facebook is another social networking site that has surpassed MySpace with nearly 200 million users.  Although there are pros to utilizing such sites, users must be aware that anytime a site generates that much traffic, bad things are to come.

In steps the latest exploit that has taken to the masses, the twitter-botnet.  Jose Nazario of Arbor Networks was the first to report on this activity taking place and gave a very thorough break down of what was/is exactly taking place.  It’s to be noted that this isn’t a vulnerability in Twitter but nearly old obfuscation techniques used in the Web 2.0 environment.  To sum it up, as you can read the complete blog post here, the malicious user would post a bit64 link which in turn resolved to a bit.ly address.  For those of you who don’t know what bit.ly is, it’s a tool/site used to shorten URL’s to allow them to be posted within the 140 character limit imposed by Twitter.  Obfuscation at it’s finest!  The malicious link is wrapped twice before directing you to the evil site where a gbpm.exe file is downloaded and you can guess what happens from there.  Typical drive-by download techniques used by attackers for whatever reason it may be.

Tom Eston, who presented at DefCon17 with Kevin Johnson last month, helped me out exponentially as both have had a stake in the latest social networking attacks.  It’s worth noting that Tom has also created a whitepaper on how to secure your Facebook settings in order to prevent/deter attacks and I highly suggest taking a look at it no matter how 1337 you may think you are.

So what’s next?  Obviously social networking sites are here to stay and are on the rise, but how do we prevent attacks in the future?  You don’t….yes that’s correct.  You’d be lying to yourself if you truly believed that we’ll be able to rid the Internet of malicious activity.  But then again if you believe that then you also believe that 2pac, Elvis, and Michael Jackson are all still alive and their deaths were nearly publicity stunts.  User awareness is always going to be the number one way of reducing compromises.  There are many elaborate attacks and even the most educated users can sometimes, and I use that loosely, fall victim.  If you get a friend request from President Obama and accept, you should refrain from ever using a computer again much less anything else in life.  It’s disturbing when you look at the amount of compromises and after analysis is complete you’ve come to the conclusion that it could have been avoided if the person behind the keyboard exhausted some common sense….

SecuraBit Episode 36: The f0rb1dd3n Network

SecuraBit Episode 36 – The f0rb1dd3n Network

We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them.

Additionally we get Jayson’s input on the topic of the recent denial of service attacks not coming from North Korea after all.

DJ Great Scott gives us an update on the social events at this years DEFCON.

Finally we cover media destruction policies. How do you decommission old hard disks? Do you retain the ones from your copiers and fax machines? What about thumb drives?

Join us in IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Guest:
Jayson E. Street – http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
Computer attack may not have originated in North Korea after all –

http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html
UK, not North Korea, source of DDOS attacks, researcher says –

http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says
DEFCON 17 – http://www.defcon.org/html/defcon-17/dc-17-index.html

Podcasters Meetup – http://www.podcastersmeetup.com/

SecuraBit Episode 35: Content, what content? Oh, THAT content!!!

Facebook privacy settings are getting simplified.
Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.
Slowloris DOS the show stream.
We discuss OSSEC with Andrew Hay.

Join us in IRC at irc.freenode.net #securabit

Next live recording is July 15, 2009 at 8pm EDT.

Hosts:

Andrew Borel – @andrew_secbit
Anthony Gartner ñ http://www.anthonygartner.com ñ @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Rob Fuller – Mubix – http://room362.com – @Mubix

Guest(s):

Wesley McGrew – http://www.mcgrewsecurity.com/ – @mcgrewsecurity
Andrew Hay – http://www.andrewhay.ca/ – @andrewsmhay

Links:

http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server
http://www.ossec.net/
OSSEC – http://www.ossec.net/
Andrew Hay’s Book – http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

SecuraBit Episode 35 – Content, what content? Oh, THAT content!!! NSFW well some anyway!!!

Facebook privacy settings are getting simplified.

Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.

Slowloris DOS the show stream.

We discuss OSSEC with Andrew Hay.

Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.

Next live recording is July 15, 2009 at 8pm EDT.

Hosts:

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Anthony Gartner ñ http://www.anthonygartner.com ñ @anthonygartner

Andrew Borel – @andrew_secbit

Rob Fuller – Mubix – http://room362.com – @Mubix

Guest(s):

Wesley McGrew – http://www.mcgrewsecurity.com/ – @mcgrewsecurity

Andrew Hay – http://www.andrewhay.ca/ – @andrewsmhay

Links:

http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server

http://www.ossec.net/

OSSEC – http://www.ossec.net/

Andrew Hay’s Book – http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

SecuraBit Episode 34: RoundTable Well Virtually anyway!!!

This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.

News Items:
StrongWebMail Fail – http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html

TweetDeck still passes authentication in the clear

Google Apps criticized about their security

iPhone 3.0 Teathering Hack – http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/

RSnake’s SlowLoris (low bandwidth, greedy, poisonus HTTP client) – http://ha.ckers.org/slowloris/

Mubix presenting a six hour work shop “From Shell to Owning the Company” at ToorCamp

DefCon and the Podcasters Meetup
– In Sky box 207 and 208 8pm or after the last talk on Saturday night.
– Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.

PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.

Join us in IRC at irc.freenode.net #securabit

Our Next live recording is July 1, 2009 at 8pm EDT.

Hosts:
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Jason Mueller – @securabit_jay
Christopher Mills – http://www.packetsense.net – @thechrisam
Rob Fuller – Mubix – http://room362.com – @Mubix
Andrew Borel – @andrew_secbit

Guests:
Scott Fitzpatrick

Links:
Symantec – http://www.symantec.com/
Mubix – Couch to Career – http://www.room362.com/archives/564-couch-to-career-follow-up.html

SecuraBit Episode 33: Bursting Clouds with Kostya Kortchinsky

In this episode we talk to Kostya about the process that is behind
Cloud Burst.  He speaks about breaking out of the existing Virtual
Machine and into the host.  Once you own the host you have the ability
to own other Virtual Machines.

Quick Topics:

OS X Security Update

Palm Pre

North Korea Cyberware

Air France Flight 447

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Jason Mueller – @securabit_jay

Guests:

Kostya Kortchinsky – http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71

Tim Krabec – http://www.SMBMinute.com – @tkrabec

Links:

Immunity Inc – http://www.immunitysec.com/

CLOUDBURST exploit video -  http://www.immunityinc.com/documentation/cloudburst-vista.html

CVE-2009-1244 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244

53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution – http://osvdb.org/53634

Microsoft Security Bulletin MS08-067 – http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

SyScan ’09 Singapore July 2-3 – http://www.syscan.org/Sg/program.html

The Cassandra Tool – https://cassandra.cerias.purdue.edu/main/index.html

Apple Security Update 2009-002 / Mac OS X v10.5.7 – http://support.apple.com/kb/HT3549

Palm̠ Pre̫ Рhttp://www.palm.com/us/products/phones/pre/

North Korea Builds Up Cyber Warfare Unit – http://news.yahoo.com/s/afp/20090505/ts_afp/nkoreaitmilitary

Air France Flight 447 – http://en.wikipedia.org/wiki/Air_France_Flight_447

DEFCON̠ Hacking Conference Рhttp://www.defcon.org/

Immunity CANVAS – http://www.immunitysec.com/products-canvas.shtml

SecuraBit Episode 32: PDF Love!

Didier talks about how the ifilter will actually allow you to use a
pdf to exploit the system because ifilter uses the windows indexing
service. He also discusses some of the various methods of prevention
including his tool called PDFiD.

Penetration Document Format

http://www.flickr.com/photos/packetsense/3549486353/

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Guests:

Didier Stevens – http://blog.didierstevens.com/

Links:

PDFiD – http://blog.didierstevens.com/2009/03/31/pdfid/

PDF Tools – http://blog.didierstevens.com/programs/pdf-tools/

Security Justice – http://securityjustice.com/

Exotic Liability – http://exoticliability.ning.com/