Clement, Nathalie, and Alain the Portals administrators wishes you a warm welcome.
Great supplements to help you reach your certification goals
EC-Council Awarded More NSA CNSS Certifications Posted by cdupuis on Friday, 03 July 2009 @ 23:42:22 EDT (9 reads) TopicCEH in the News
EC-Council Awarded More NSA CNSS Certifications
EC-Council Courseware for Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (E|DRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (L|PT) Courseware has been certified at the highest national level by the Committee of National Security Systems (CNSS).
The CNSS is a federal government entity under the U.S. Department of Defense that provides procedures and guidance for the protection of national security systems. The NSA certified these programs as meeting the CNSS 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals in the federal government.
The Security-Database Watch Newsletter -- v20090628 Posted by cdupuis on Tuesday, 30 June 2009 @ 11:51:52 EDT (54 reads) TopicIn the News
---------- Forwarded message ---------- From: SD List Date: Sun, Jun 28, 2009 at 06:51 Subject: [Tools update] The Security-Database Watch Newsletter -- v20090628
Hello
Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days.
I also want to thank Sebastien Gioria (OWASP France Local Chapter), Sucuriteam, Mubix (Rob Fuller) and Billy Austin (CSO Saint Corporation) for submitting us new releases of tools.
In loving memory of Michael Jackson.
New articles --------------------------
** SAINT version 7.0 is now available ** by Tools Tracker Team - 26 June 2009
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-version-7-is-now-available.html
** NBIM (Network-Based Integrity Monitor) v2 released ** by Tools Tracker Team - 26 June 2009
NBIM is a Network-based Integrity monitor, that detects unauthorized changes on Web sites and domains.
It constantly monitors multiple blacklist databases, whois information, DNS and the web site content to detect changes in the integrity (just like a HIDS, but applied to network assets).
** Xprobe-NG announced for July 2009 ** by Tools Tracker Team - 21 June 2009
xprobe: Remote OS identification using ICMP packets Xprobe allows you to determine what operating system is running on a remote host. It sends several packets to a host and analyses the returned ICMP packets. The tool automates a logic of OS fingerprinting methods called "X"
Official release of "Keykeriki" open source wireless keyboard sniffer Posted by cdupuis on Tuesday, 16 June 2009 @ 14:03:12 EDT (199 reads) TopicWireless Vulnerability
Anonymous writes "
Hi everyone, i just like to announce officially the release of our wireless keyboard sniffer Keykeriki.
The first lot of pre-fab PCBs will arrive until the end of this week.
Stay tuned... Max Moser
So here is our press release:
“Keykeriki” – Dreamlab Technologies and remote-exploit.org develop the first open 27Mhz wireless keyboard sniffer. It sniffs and records the signal of wireless keyboards and demonstrates their security risk level. And it can be used to demonstrate hacking-attacks for educational purpose.
Wireless keyboards are very popular in many offices and private homes. Even in the front office section of banks, they are frequently used. But they represent a big security risk – as dreamlab technologies already pointed out in a white paper published 2007.
Wireless keyboards are risky, because they transmit a radio signal that is not enough protected. The newly developed portable universal receiver sniffs and records the signal of wireless keyboards and demonstrates their security risk level.
The keykeriki-software and construction plans for hardware are freely available online at:
The hardware needs to be portable and small and to be able to adapt to future needs. Keykeriki is therefore built around a Texas Instruments TRF7900 chip controlled by an ATMEL ATMEGA microcontroller.
For logging abilities an SDCard-interface is built into the board layout, as well as an additional USART channel for future hardware extensions (“backpacks”). The whole board can be powered directly via the USB-bus or a stable 5V power source.
When connected to a computer’s USB-port, one can use either a decent terminal application or the keykeriCTL software which is included in the software package of this project. All the schematics can be downloaded in eagle- and PDF-format as part of the project’s software package.
Fully equipped boards will be provided in the near future.
Software
Because of the flexible hardware design, most features can be built in by software. This first release contains (among other features) radio frequency switching, signal strength display, deciphering of encryptions, sniffing and decoding of keystrokes of Microsoft 27Mhz based keyboards.
Extensions
Hardware extensions are easy to realize because two different interfaces, a second USART, I²C/TWI and SPI, are externalized. Therefore so called Backpacks e. g. an LCD display controller can be connected using the USART Interface.
The Future
Future extensions include amplification for antennas, support of other Microsoft keyboards and products of other producers, the constant amelioration of hard and software and the parallel handling of several keyboards.
Furthermore, a keykeriki able to send mouse and keyboard signals is intended.
About Dreamlab Dreamlab Technologies AG is an internationally operating company specialized in IT-Security. Established in 1997, Dreamlab Technologies performs high-end security test, consulting and education, and realizes solutions based on “best-in-class” open standard technologies.
Dreamlab Technologies is an official education partner and representative of ISECOM (Institute for Security and Open Methodologies) for France, Germany and Switzerland.
ISECOM is the editor of OSSTMM, today’s most popular security audit methodology.
EC-Council | Security Channel - The Education Channel for Security Professionals Posted by cdupuis on Thursday, 11 June 2009 @ 00:17:12 EDT (236 reads) TopicTraining
Anonymous writes "
Breaking News
Subscribe to the EC-Council | Security Channel and learn about some of the hottest topics and latest trends in the security space, via webcast.
You will get automatic updates and reminders on the webcasts that are scheduled.
Webcast Schedule for June 2009 June 4, 2009 View HERE. Topic: Harnessing SIEM for More Effective Investigations Presenter: Eric Knight, CEH | LogRhythm Inc
June 11, 2009 Register HERE. Topic: Steps to Implementing ISO 27001 Presenter: Eric Lachapelle, CEO | Veridion Inc
June 18, 2009 Register HERE. Topic: Importance of Risk Management in Governance & Compliance Presenter: Sanjay Anand, Chair | The GRC Group (aka SOX Institute)
June 25, 2009 Register HERE. Topic: Conficker - Why it Happened? And How We Can Prevent It From Happening Again? Presenter: Mark Harris, Director | Sophos Labs
EC-Council Certified Members attending these webcasts will earn 1 ECE credit
"
( | Score: 0)
WEPBuster 1.0 has been released Posted by cdupuis on Tuesday, 02 June 2009 @ 22:29:10 EDT (441 reads) TopicWarDriving
Anonymous writes "
WEPBuster 1.0
This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org
Features:
WEPBuster Cracks all access points within the range in one go!!
Supports:
- Mac address filtering bypass (via mac spoofing) - Auto reveal hidden SSID - Client-less Access Point injection - Shared Key Authentication - WEP Decloacking (future version) - whitelist (crack only APs included in the list) - blacklist (do not crack AP if it's included in the list)
USAGE:
WEPBuster_1.0"> perl wepbuster [1 | 6 | 11] (or any combination, space separated) perl wepbuster (sort | connect) [HOST | IP] Defaults to: gateway)
Typically, one would invoke the program without any arguments. Doing this will set the mode to 'crack' and will try to crack all wep-enabled access points within the range on each of those 3 non-overlapping channels(1,6,11)
Given an argument of numbers (1, 6, or 11 only), mode will be set to 'crack' and will crack all APs on that particular channel/s specified.
If passed with a 'sort' argument, followed by an optional IP address or a hostname, the program will try to sort the list of cracked access points (obtained after running 'crack' mode) in the order of decreasing ping round trip time to the gateway or to the IP address or hostname specified.
If passed with a 'connect' argument, followed by an optional IP address or a hostname, the program will try to connect to each access point included in the list of cracked access points.
The program exits once connection is made to an access point and verified, e.g, if it can successfully ping the gateway or the IP address or hostname specified.
RECOMMENDED MODIFICATIONS (aircrack-ng):
The following modifications to the source and header file of the two aircrack-ng utilities (aircrack-ng, airodump-ng), are not required but will make the decryption of WEP key more accurate (in terms of number of IVs needed in order to obtain the key.
1.) Instead of 5000, change PTW_TRY_STEP to 100 to make cracking more accurate (in terms of number of IVs needed to crack the key) Look for this line below in "aircrack-ng.h"
PTW_TRY_STEP #5000
2.) The script relies heavily on reading and parsing the .csv file output of airodump-ng. As such, instead of airodump-ng waiting for 20 seconds before writing the .csv text output, it is recommended that you make it 2 seconds.
If not changing this line below, you should set $airodumpwait to at least more than 20 to avoid getting errors. A value of 23 should be safe. Look for this line below in "airodump-ng.c"
if( time( NULL ) - tt1 >= 20)
REQUIRED PERL MODULES:
The only module used in this script is the module "Term::ReadKey". This module is used when the 'Enter' key is pressed, e.g, if the user wants to skip injecting into a particular Access Point.
This module can be obtained from "http://search.cpan.org".
A typical installation procedure of any perl module consists of the following steps:
perl Makefile.PL make install
On Debian systems, this can be installed using apt-get e.g:
"apt-get install libterm-readkey-perl"
REQUIRED APPLICATION:
macchanger (http://www.alobbs.com/macchanger) This tool is used for spoofing the macaddress when the AP is using mac address filtering.
TESTING PLATFORM:
During the development, this program was tested inside an Ubuntu Linux installation, using Alfa AWUS036H with R8187 driver. The access points tested were Aztech DSL605EW and Linksys WAG54G2
WARNINGS:
Other linux platforms, were not tested. The wireless card mentioned above is the only card that was used, others are not guaranteed to work without making any changes. I don't have all the necessary hardwares to test.
I'm leaving this work to the community. Please contribute so that everyone can benefit. =)
WHERE TO GET IT?
Please visit the project page at http://code.google.com/p/wepbuster/ where you can download the script, and find the link to the video demo.
FINAL THOUGHTS:
This is the first program I have provided to the opensource community.
I hope you'll find it useful. Donations are welcome if you do =). Send them to my paypal account: markjayson.alvarez_AT_gmail.com
Please use this program in a good way and remember: "Morality works best when chosen not when mandated" - Larry Wall
L0phtCrack 6 has been Released Posted by cdupuis on Wednesday, 27 May 2009 @ 22:06:23 EDT (276 reads) TopicPasswords
Anonymous writes "
L0phtCrack is Back
L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.
Password Scoring L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.
Pre-computed Dictionary Support Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.
Windows & Unix Password Support L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.
Remote password retrieval L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
Scheduled Scans System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization's auditing requirements.
Remediation L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.
Updated Vista/Windows 7 Style UI The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6's current session is provided in an "immediate window" with a reporting tab providing up-to-the-minute status of the current auditing session
sqlmap version 0.7rc1 has been released Posted by cdupuis on Thursday, 21 May 2009 @ 07:13:47 EDT (265 reads) TopicSQL Security
Anonymous writes "
Hi,
I am glad to release sqlmap version 0.7rc1.
WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems.
Introduction ============
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Changes =======
Some of the new features include:
* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;
* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable.
* "Advanced SQL injection to operating system full control" whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in Amsterdam (The Netherlands) on April 16, 2009
WarVOX phone analysis suite Posted by cdupuis on Wednesday, 20 May 2009 @ 23:40:01 EDT (217 reads) TopicVOIP
Anonymous writes "
Version 1.0.1 of the WarVOX phone analysis suite has been released. Notable changes since 1.0.0:
- License changed to BSD, no restrictions on commercial use - Support number exclusion lists / black lists (regex based) - Support for phone number ranges in addition to masks - Support for multiple ranges and masks per job - Numerous bug fixes and stability improvements - Command line script for exporting dial results (bin/export_list.rb)
WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.
WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.
SamuraiWTF Web Application testing Virtual Machine Posted by cdupuis on Wednesday, 20 May 2009 @ 20:28:49 EDT (317 reads) TopicWeb Applications Security
Anonymous writes "
Hello everyone,
The SamuraiWTF project team is proud to announce the immediate release of SamuraiWTF 0.6. This release is available at http://samurai.inguardians.com.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
We have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. We have also included a virtual machine of the environment. This VM requires VMWare.
If there are any questions, please either send them to samurai@inguardians.com or join the developers mailing list on sourceforge.net.
Thank you Kevin and the project team
Kevin Johnson Senior Security Analyst InGuardians, Inc. office: 202.448.8958 cell: 904.403.8024
FBI -- Senior Level Technical Forensic Advisor Posted by cdupuis on Thursday, 14 May 2009 @ 07:54:01 EDT (231 reads) TopicJobs
Anonymous writes "
To All,
The FBI has just posted a truly unique employment opportunity, applications for which must be received on-line no later than May 25, 2009.
The position is that of a Senior Level Technical Forensic Advisor whose primary duty it is to advise and assist FBI executives on all issues affecting the acquisition, preservation, examination, processing, presentation and storage of digital evidence in support of both the FBI’s criminal and national security investigations.
The individual filling this position serve as a key architect responsible for mapping the future course of the exploding field of digital evidence forensics, including traditional computer hard drive forensics, network forensics, remote forensics, mobile forensics (e.g., cellular telephones), device forensics (e.g. GPS devices) and more.
The selected candidate would report directly only to Senior Executives of the FBI. The salary range for the position is $117.787 to $162,900 per year.
The FBI currently manages a network of over 400 certified digital evidence forensic examiners located across the country in FBI Field Offices, Laboratories and at FBI Headquarters in the Metro-Washington, DC area.
The FBI also operates and administers the FBI Digital Evidence Laboratory in Quantico, VA and Linthicum, MD as well as 14 existing Regional Computer Forensic Laboratories (RCFLs) across the country in collaboration with other Federal, State and local law enforcement agencies, all of which have either been accredited by the American Society of Criminal Laboratory Directors – Laboratory Accreditation Board (ASCLD-LAB) or are in the process of applying for the same.
Combined, these elements represent the world’s largest contingent of digital evidence forensic examiners operating under one central, validated, quality assurance system.
Details on the vacancy can be found at www.usajobs.gov as Job Announcement Number 18-2009-006, under the category “Senior Executive.”
moth - vulnerable web application vmware Posted by cdupuis on Friday, 08 May 2009 @ 08:02:25 EDT (373 reads) TopicWeb Applications Security
Anonymous writes "
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
- Testing Web Application Security Scanners - Testing Static Code Analysis tools (SCA) - Giving an introductory course to Web Application Security
The motivation for creating this tool came after reading "anantasec-report.pdf" which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools.
For almost every web application vulnerability in existance, there is a test script available in moth.
Other tools like this are available but they lack one very important feature: a list of vulnerabilities included in the Web Applications!
In our case, we used the results gathered in the anantasec report to solve this issue without any extra work.
There are three different ways to access the web applications and vulnerable scripts:
- Directly - Through mod_security - Through PHP-IDS (only if the web application is written in PHP)
Both mod_security and PHP-IDS have their default configurations and they show a log of the offending request when one is found. This is very useful for testing web application scanners, and teaching students how web application firewalls work. The beauty is that a user may access the same vulnerable script using the three methods; which helps a lot in the learning process.
This is the first contribution of Bonsai Information Security to the w3af project.
Many more contributions are on it's way,
More information about moth and the download link can be found here:
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches.
VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
New Features: * *Nortel Support: * VoIP Hopper can now automatically discover the Voice VLAN ID used in Nortel IP Phone networks and VLAN Hop!
* *DHCP client:* A fully integrated DHCP client! VoIP Hopper now implements DHCP messaging as function calls instead of relying on the old 'dhcpcd' client. This opens up the door for future VLAN Discovery mechanisms for other vendors, such as Alcatel.
* *New CDP mode:* A new CDP Spoof mode that uses a pre-constructed IP Phone packet of a Cisco 7971G-GE! Now you can VLAN Hop faster by spoofing CDP and don't have to construct your own CDP Packet!
* *Error correction with VLAN Interfaces:* Implemented a feature that checks to see if the IP address is already configured for the voice interface before running the VLAN Hop and DHCP request
* *Bug fix 1:* Fixed an important libpcap bug with pcap_next_ex read timeout when CDP sniff mode was used (-c 0)
Web App Security, Web Apps Testing Checklist, Protecting Passwords Posted by cdupuis on Monday, 04 May 2009 @ 20:59:10 EDT (282 reads) TopicWeb Applications Security
Anonymous writes "
Hi,
I have just updated the security section of my web site; there's a couple of pages that may interest people on this list:
Also, for many years I have provided a JavaScript MD5 library. This can be used to perform challenge-response authentication, protecting passwords on sites that do not use SSL. I have recently approached some of the main web frameworks, to encourage them to implement this in their authentication library.
The consultant should provide a structured programme of penetration testing and delivery of a management report providing recommendations to improve security posture of the organization.
Required competencies:
Deep knowledge of application and network penetration testing tools and exploits to identify vulnerabilities and recommend effective corrective actions.
Excellent report-writing skills.
Ability to communicate technical impact and business risk to a non-technical audience after the project
Is the ennemy already living side by side with you without your knowledge Posted by cdupuis on Wednesday, 29 April 2009 @ 09:28:41 EDT (245 reads) TopicWeb Applications Security
---------- Forwarded message ---------- From: WebAppSec Date: Tue, Apr 28, 2009 at 08:12 Subject: New WebApp security paper: Anit-fraud Image Solutions To: webappsec@securityfocus.com
WebAppSec gurus,
I recently had some time on my hands to write up a whitepaper covering a topic that I've been repeatedly queried about over the years - how can you tell which person "stole" a copy of your Web application content and used it to build a phishing or fraud site?
It's not a particularly easy question to answer, but there are a number of things that can be done to help this identification task. One useful component of that identification process is the embedding of unique tagging information within the content of the application. This process, referred to as Distribution Tracing, can be applied to the images used to construct the Web site.
Hope the paper proves insightful for some of you having to advise your customers directly. I'll offer a beer at BlackHat Las Vegas this year to the first person to name 3 large international banks that already use this tracing process, and the algorithm they went with :-)
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
When can I expect my certificate?
