EC-Council Courseware for Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (E|DRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (L|PT) Courseware has been certified at the highest national level by the Committee of National Security Systems (CNSS).

The CNSS is a federal government entity under the U.S. Department of Defense that provides procedures and guidance for the protection of national security systems. The NSA certified these programs as meeting the CNSS 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals in the federal government.

Read more HERE.

Learn how to identify security risks to networks and computers and get the serious preparation you need for the challenging Certified Ethical Hacker certification exam 312-50. The only review guide officially endorsed by EC-Council, this concise book covers all of the exam objectives and includes a CD with a host of additional study tools.

• Easy-to-use book is organized by exam objectives for quick review
• Flexible review guide goes hand-in-hand with any learning tool on the market
• "Exam Essentials" in each chapter helps you zero in on what you need to know
• Book includes over 300 review questions and practice tools

Look inside for complete review coverage of all exam objectives for CEH exam 312-50.

Featured on the CD

SYBEX TEST ENGINE
Test your knowledge with advanced testing software. Includes bonus exams and glossary.

ELECTRONIC FLASHCARDS
Reinforce your understanding with flashcards that can run on your PC, Pocket PC, or Palm handheld.

Click Here for more information or to buy from Amazon.com

Website: http://www.remote-exploit.org/Keykeriki.html

Video with some demonstration available on website as well Contact: hardhack@remote-exploit.org

The first lot of pre-fab PCBs will arrive until the end of this week.

Stay tuned... Max Moser

So here is our press release:

“Keykeriki” – Dreamlab Technologies and remote-exploit.org develop the first open 27Mhz wireless keyboard sniffer. It sniffs and records the signal of wireless keyboards and demonstrates their security
risk level. And it can be used to demonstrate hacking-attacks for educational purpose.

Wireless keyboards are very popular in many offices and private homes.  Even in the front office section of banks, they are frequently used.  But they represent a big security risk – as dreamlab technologies already pointed out in a white paper published 2007.

Wireless keyboards are risky, because they transmit a radio signal that is not enough protected. The newly developed portable universal receiver sniffs and records the signal of wireless keyboards and demonstrates their security risk level.

The keykeriki-software and construction plans for hardware are freely available online at:

[www.remote-exploit.org].

Hardware

The hardware needs to be portable and small and to be able to adapt to future needs. Keykeriki is therefore built around a Texas Instruments TRF7900 chip controlled by an ATMEL ATMEGA microcontroller.

For logging abilities an SDCard-interface is built into the board layout, as well as an additional USART channel for future hardware extensions (“backpacks”). The whole board can be powered directly via the USB-bus or a stable 5V power source.

When connected to a computer’s USB-port, one can use either a decent terminal application or the keykeriCTL software which is included in the software package of this project.  All the schematics can be
downloaded in eagle- and PDF-format as part of the project’s software package.

Fully equipped boards will be provided in the near future.

Software

Because of the flexible hardware design, most features can be built in by software. This first release contains (among other features) radio frequency switching, signal strength display, deciphering of encryptions, sniffing and decoding of keystrokes of Microsoft 27Mhz based keyboards.

Extensions

Hardware extensions are easy to realize because two different interfaces, a second USART, I²C/TWI and SPI, are externalized. Therefore so called Backpacks e. g. an LCD display controller can be connected using the USART Interface.

The Future

Future extensions include amplification for antennas, support of other Microsoft keyboards and products of other producers, the constant amelioration of hard and software and the parallel handling of several keyboards.

Furthermore, a keykeriki able to send mouse and keyboard signals is intended.

Technical details can be found online: www.remote-exploit.org.

About Dreamlab
Dreamlab Technologies AG is an internationally operating company specialized in IT-Security. Established in
1997, Dreamlab Technologies performs high-end security test, consulting and education, and realizes solutions based on “best-in-class” open standard technologies.

Dreamlab Technologies is an official education partner and representative of ISECOM (Institute for Security and Open Methodologies) for France, Germany and Switzerland.

ISECOM is the editor of OSSTMM, today’s most popular security audit methodology.

Subscribe to the EC-Council | Security Channel and learn about some of the hottest topics and latest trends in the security space, via webcast.

To subscribe to the Channel, click HERE.

You will get automatic updates and reminders on the webcasts that are scheduled.

Webcast Schedule for June 2009 June 4, 2009 View HERE.
Topic: Harnessing SIEM for More Effective Investigations Presenter: Eric Knight, CEH | LogRhythm Inc

June 11, 2009 Register HERE.
Topic: Steps to Implementing ISO 27001 Presenter: Eric Lachapelle, CEO | Veridion Inc

June 18, 2009 Register HERE.
Topic: Importance of Risk Management in Governance & Compliance Presenter: Sanjay Anand, Chair | The GRC Group (aka SOX Institute)

June 25, 2009 Register HERE.
Topic: Conficker - Why it Happened? And How We Can Prevent It From Happening Again? Presenter: Mark Harris, Director | Sophos Labs

EC-Council Certified Members attending these webcasts will earn 1 ECE credit

This small utility was written for Information Security Professionals to  aid in conducting  Wireless  Security  Assessment.  The program executes  various utilities included in the  aircrack-ng suite, a set of tools for  auditing wireless networks, in order to obtain the WEP encryption key of
 a wireless access point. aircrack-ng can be obtained from  http://www.aircrack-ng.org

Features:

WEPBuster Cracks all access points within the range in one go!!

Supports:

- Mac address filtering bypass (via mac spoofing)
- Auto reveal hidden SSID
- Client-less Access Point injection
- Shared Key Authentication
- WEP Decloacking (future version)
- whitelist (crack only APs included in the list)
- blacklist (do not crack AP if it's included in the list)

USAGE:

WEPBuster_1.0">  perl wepbuster [1 | 6 | 11] (or any combination, space separated)
perl wepbuster (sort | connect) [HOST | IP] Defaults to: gateway)

Typically, one would invoke the program without any arguments. Doing this will set the mode to 'crack' and will try to crack all wep-enabled access points within the range on each of those 3 non-overlapping channels(1,6,11)

Given an argument of numbers (1, 6, or 11 only), mode will be set to 'crack' and will crack all APs on that particular channel/s specified.

If passed with a 'sort' argument, followed by an optional IP address or a hostname, the program will try to sort the list of cracked access points (obtained after running 'crack' mode) in the order of decreasing ping round trip time to the gateway or to the IP address or hostname specified.

If passed with a 'connect' argument, followed by an optional IP address or a hostname, the program will try to connect to each access point included in the list of cracked access points.

The program exits once connection is made to an access point and verified, e.g, if it can successfully ping the gateway or the IP address or hostname specified.

RECOMMENDED MODIFICATIONS (aircrack-ng):

The following modifications to the source and header file of the two aircrack-ng utilities (aircrack-ng, airodump-ng), are not required but will make the decryption of WEP key more accurate (in terms of number of IVs needed in order to obtain the key.

1.) Instead of 5000, change PTW_TRY_STEP to 100 to make cracking more accurate (in terms of number of IVs needed to crack the key) Look for this line below in "aircrack-ng.h"

PTW_TRY_STEP  #5000

2.) The script relies heavily on reading and parsing the .csv file output of airodump-ng. As such, instead of airodump-ng waiting for 20 seconds before writing the .csv text output, it is recommended that you make it 2 seconds.

If not changing this line below, you should set $airodumpwait to at least more than 20 to avoid getting errors. A value of 23 should be safe. Look for this line below in "airodump-ng.c"

if( time( NULL ) - tt1 >= 20)

REQUIRED PERL MODULES:

The only module used in this script is the module "Term::ReadKey". This module is used when the 'Enter' key is pressed, e.g, if the user wants to skip injecting into a particular Access Point.

This module can be obtained from "http://search.cpan.org".

A typical installation procedure of any perl module consists of the following steps:

perl Makefile.PL
make install

On Debian systems, this can be installed using apt-get e.g:

"apt-get install libterm-readkey-perl"

REQUIRED APPLICATION:

macchanger (http://www.alobbs.com/macchanger)
This tool is used for spoofing the macaddress when the AP is using mac address filtering.

TESTING PLATFORM:

During the development, this program was tested inside an Ubuntu Linux installation, using Alfa AWUS036H with R8187 driver. The access points tested were Aztech DSL605EW and Linksys WAG54G2

WARNINGS:

Other linux platforms, were not tested. The wireless card mentioned above is the only card that was used, others are not guaranteed to work without making any changes. I don't have all the necessary hardwares to test.

I'm leaving this work to the community. Please contribute so that everyone can benefit. =)

WHERE TO GET IT?

Please visit the project page at http://code.google.com/p/wepbuster/  where you can download the script, and find the link to the video demo.

FINAL THOUGHTS:

This is the first program I have provided to the opensource community.

I hope you'll find it useful. Donations are welcome if you do =). Send them to my paypal account: markjayson.alvarez_AT_gmail.com

Please use this program in a good way and remember: "Morality works best when chosen not when mandated" - Larry Wall

L0phtCrack is Back

L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.

Password Scoring
L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.

Pre-computed Dictionary Support
Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.

Windows & Unix Password Support
L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.

Remote password retrieval
L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.

Scheduled Scans
System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization's auditing requirements.

Remediation
L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.

Updated Vista/Windows 7 Style UI
The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6's current session is provided in an "immediate window" with a reporting tab providing up-to-the-minute status of the current auditing session

More Info and Download

WARNING: This release is a candidate, it only works on Linux so please do not complain that it does not work on your Windows or Mac OS X systems.

Introduction
============

sqlmap is an open source command-line automatic SQL injection tool.  Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.


Changes
=======

Some of the new features include:

* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell()
stored procedure on Microsoft SQL Server;

* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell
and VNC payloads for both Windows and Linux;

* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;

* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;

* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;

* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable.

Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.

Download
========

You can download it in two formats:

* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.tar.gz

* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.7rc1.zip


Documentation
=============

* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf

* "Advanced SQL injection to operating system full control" whitepaper[1] and slides[2] presented at Black Hat Europe 2009 in Amsterdam (The Netherlands) on April 16, 2009

[1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf

[2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides


Happy hacking!

--
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

We have updated and fixed a number of issues with the environment as well as improved performance of the java based tools.  We have also included a virtual machine of the environment.  This VM requires VMWare.

If there are any questions, please either send them to samurai@inguardians.com or join the developers mailing list on sourceforge.net.

Thank you
Kevin and the project team

Kevin Johnson
Senior Security Analyst
InGuardians, Inc.
office: 202.448.8958
cell: 904.403.8024