Welcome to The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS
Search
Nickname Password Security Code Security Code Type Security Code  
Penetration Testing the way it was meant to be
Best instructors Best content Best Option, live online training

We recommend:

Top Instructors Top classes from the confort of your home

Video Library

Skimming for ID theft
5 / 2
Views: 132
Comments: 1
2008-11-01 00:18

Latest version of ATM skimmer hidden behind a speaker looking device
5 / 1
Views: 145
Comments: 0
2008-11-01 00:11

ATM Scam, do check your ATM machine before using it
5 / 1
Views: 141
Comments: 0
2008-10-31 23:59

Forums Posts

Methodologies

Recommended PodCasts

Recommended Sites

Security Blogs

Security Forums

Best Downloads

Best Web Links

Survey

Whic of the following certifications would you like to get?

GPEN
GCIH
CEH
QEH
GREM
GSEC
CISSP
Security+
Other (please leave a comment)



Results
Polls

Votes: 43
Comments: 0

Who's Online

There are currently, 66 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
The CCCure Family of Portals is strictly supported by our Sponsors below and Donations.

Core Impact your compliance best friend
Home of CORE Impact
Click Here to visit.		 Best Online training in the world by SANS. Live Online from the comfort of your home
 LIST OF CLASSES
Register for a class NOW
 Simply the best security consultant you can find!!!
Service Offering
About Secure Anchor

Clement, Nathalie, and Alain the Portals administrators wishes you a warm welcome.


Great supplements to help you reach your certification goals


PenTBox 1.3 Beta Released
Posted by cdupuis on Monday, 08 February 2010 @ 09:03:51 EST (51 reads)
Topic Linux Distro for testers

Anonymous writes "

PenTBox 1.3 Beta Released

By Alberto (Admin) February 2nd, 2010, under General

New version with new features, specially in Cryptography and Secure IM.

Version 1.3
———–
- Added Crypt Ruby and RubyRc4 libraries.
- Added GOST, ARC4 and Rijndael (aka AES) 256 bits ciphers to Secure IM.
- Improvements in error exceptions and connection on Secure IM.
- fileencr.rb included -> Files encryptor and decryptor that uses Rijndael 256 bits, GOST and ARC4 ciphers.
- Included srand(time.now.to_i) function in programs that use random numbers.
- Added “Packets per second” in TCP DoSer and TCP AutoDoSer.
- Minor changes in titles of programs.

You can download it from the Download area

WHAT IS PenTBox:

PenTBox is a Security Suite that packs a lot of security and stability testing oriented programs for networks and systems.  For example, the Suite has Honeypot, TCP Flood Denial of Service testing tools, Secure Instant Messaging, Port Scanner, Fuzzer, Secure passwords generator and more.

All programs are being developed by PenTBox Team and the contributors of the Free Software community to the project.  Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

It is free, licensed under GNU/GPLv3.

Visit the main site at:  http://www.pentbox.net/

"

(comments? | Score: 0)


IPhone Password Breaker
Posted by cdupuis on Monday, 08 February 2010 @ 06:37:51 EST (56 reads)
Topic VOIP

Anonymous writes "

As seen on the H-Security website:

5 February 2010, 15:05

Password breaker for iPhone backups

Elcomsoft's iPhone Password Breaker. Elcomsoft's iPhone Password Breaker[1] (EPPB) promises to recover the passwords of protected iPhone backups. This is said to allow access to stored data such as addresses, SMS archives, apps, calendar items, photos, call logs, email account details as well as the browser cache and history. The breaker works offline and does not require iTunes.

So far, however, there is only a beta version[2] (direct download) which uses (currently rather short) English, German and Russian word lists to attempt the recovery of the correct password. The H's associates at heise Security found that the German word list appears slightly strange, containing virtually none of the terms that can usually be found in password lists – items such as "Strukturproblem" or "Steuerhinterziehungsbranche" are only likely to be used as passwords by rather shrewd individuals.

The final version is to support user-defined dictionary attacks and permutations – accelerated by current ATI and Nvidia graphics cards via Stream SDK or CUDA as well as multi-core CPU support. EPPB runs on Windows7, Vista and XP and can apparently crack the backups of generation 2G, 3G and 3GS iPhones as well as first, second and third generation iPod Touch models. The vendor did not, however, mention what the price for the final version will be.

Elcomsoft also offers other software such as Distributed Password Recovery (EDPR). Apart from WPA passwords, EDPR can also recover the passwords used in Office, Adobe Acrobat, PGP, Lotus Notes as well as Windows and Unix passwords.

See also:

  • iPhone OS 3.1.3 fixes vulnerabilities[3], a report from The H.

URL of this Article:
http://www.h-online.com/security/news/item/Password-breaker-for-iPhone-backups-923266.html

Links in this Article:
  [1] http://www.elcomsoft.com/eppb.html
  [2] http://www.elcomsoft.com/download/eppb.zip
  [3] http://www.h-online.com/news/item/iPhone-OS-3-1-3-fixes-vulnerabilities-920756.html

"

(comments? | Score: 0)


REC0N 2010 MONTREAL CANADA JULY 9-11
Posted by cdupuis on Friday, 05 February 2010 @ 10:29:31 EST (111 reads)
Topic Training

R E C O N 2 0 1 0 .

Call For Papers (C F P)

REC0N 2010
MONTREAL
JULY 9-11

+ RECON returns for 2010

- Training sessions + conference

+ We are accepting submissions

- Single track
- 45-60 minute presentations, or longer, we are flexible
- There will be time for short, informal lightning talks

+ Especially on these topics

- Reverse engineering (Software, Protocols, Hardware, Human)
- Exploit development and vulnerability assessment
- Data analysis and visualization techniques
- Crypto and anonymity
- Physical security countermeasures
- Anything elite

+ Please include

- Speaker name(s) and/or handle
- Contact information (e-mail and cell phone)
- Brief biography
- Any presentation Supporting materials
- Why it is cool and/or why you want to present it

+ You want to speak!

- Please send the above information to  cfp2010 (at) recon.cx by 15 May, 2010

You can visit the main site at:  http://www.recon.cx/2010/index.html

(Read More... | Score: 0)


Is my network part of a Botnet -- How do I find out?
Posted by cdupuis on Thursday, 04 February 2010 @ 19:01:28 EST (176 reads)
Topic In the News

Welcome to
BotHunter Central
Latest release: version 1.5
BotHunter is a U.S. Registered Trademark of SRI International, 2009. (1)  Patent Pending.


BotHunter 1.5 Development Team:
Phillip Porras (Lead),  Martin Fong, Keith Skinner, Steven Dawson, Rukman Senanayake, Leigh Moulder
BotHunter is developed and maintained by the Computer Science Laboratory, SRI International

BotHunter is the first, and still the best, network-based malware infection detection system out there.  It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1)  Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective.  

BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems.  Let's find out who really owns your network.

Get BotHunter Now (FREE)
and Check Out:  BotHunter2Web

NOW HUNTING ON:
Windows, Linux, FreeBSD, MacOS

(comments? | Score: 0)


A new version of [IN]SECURE magazine is ready for download
Posted by cdupuis on Wednesday, 03 February 2010 @ 11:45:50 EST (125 reads)
Topic In the News

 

DOWNLOAD ISSUE 24 HERE (February 2010)

  • Writing a secure SOAP client with PHP: Field report from a real-world project
  • How virtualized browsing shields against web-based attacks
  • Review: 1Password 3
  • Preparing a strategy for application vulnerability detection
  • Threats 2.0: A glimpse into the near future
  • Preventing malicious documents from compromising Windows machines
  • Balancing productivity and security in a mixed environment
  • AES and 3DES comparison analysis
  • OSSEC: An introduction to open source log and event management
  • Secure and differentiated access in enterprise wireless networks
  • AND MORE!

(comments? | Score: 0)


Researchers Uncover Security Vulnerabilities in Femtocell Technology
Posted by cdupuis on Wednesday, 03 February 2010 @ 06:21:52 EST (130 reads)
Topic VOIP

As seen on Eweek.com:

Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.

Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge.

Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington.

"Our original [area of] curiosity was whether these devices could be utilized to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 compared to over $1,200 for a USRP hardware device plus server costs)," Fasel explained. "After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications."

Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.

"Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device," Fasel said. "As the attacker has access to the device, any services the device offers [are] subject to the attacker's control, including voice, data, authentication and access to the femtocell's home network."

In addition, the researchers plan to offer proof that a malicious user could tamper with a wireless device and create a fake tower in order to monitor people's movement via the identification numbers of their cell phones.

"The cell companies need to focus on the security of the hardware just as much as the software," Fasel said. "In our findings we noticed a limited concern [about] the security of the hardware. We used this to our advantage to get full root access to the device. This then allowed us understand and modify existing software on the device.

"In addition, cellular technologies (specifically in the case of GSM) employ a weak authentication mechanism," he added. "This has been known throughout the security industry for several years."

As for users, there isn't much they can do, he said.

"Stop using cellular technologies? Other than that, because users can't stop using cellular technologies, they must trust their cell phone as much as they trust an open access point," Fasel said. "Use strong encryption on data services and don't say anything over the airwaves that you wouldn't assume someone's listening to."

See original posting at:

http://www.eweek.com/c/a/Security/Researchers-Uncover-Security-Vulnerabilities-in-Femtocell-Technology-760682/

(comments? | Score: 0)


Oracle Hacker Gets The Last Word
Posted by cdupuis on Wednesday, 03 February 2010 @ 05:58:09 EST (289 reads)
Topic Oracle DB

Forbes coverage of BlackHat:

Oracle Hacker Gets The Last Word
Andy Greenberg, 02.02.10, 8:33 PM ET

ARLINGTON, Va. -

In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was "unbreakable." David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt.

At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle's 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level. "Anything that God can do on that database, you can do," Litchfield told Forbes in an interview following his talk.

The attack that Litchfield laid out for Black Hat's audience of hackers and cybersecurity researchers exploits a combination of flaws in Oracle's software. Two sections of code within the company's database application--one that allows data to be moved between servers and another that allows management of Oracle's implementation of java--are left open to any user, rather than only to privileged administrators. Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database's contents.

Litchfield says he warned Oracle about the flaws in November, but they haven't been patched. Oracle didn't immediately respond to a request for comment.

The bug is far from the first that 34-year-old Litchfield has outed on Oracle's behalf. As a cybersecurity researcher and penetration tester, Litchfield has exposed more than a thousand database software security flaws, mostly in Oracle's code.

But this one has a special distinction: It may be Litchfield's last. After a distinguished career of tormenting Oracle's security team, as well as making himself a nuisance to other firms like IBM, Sybase and Microsoft, Litchfield plans to retire from NGSSoftware, the firm he helped found in 2001.

In his talk, the Scottish hacker looked back at his nine years of "bashing heads" with Oracle and assessed whether the database giant's security practices have improved over the last decade. His verdict: Yes, but not nearly enough.

In the last 27 months, 43 software flaws have been publicly exposed in Oracle's 11G database software. That's 35% fewer bugs than were found in the previous version of Oracle's software during its first 27 months of public use, a sign, Litchfield says, that Oracle is taking security seriously.

But he also argued that his latest bug find was one that would be obvious to any competent software developer, even while it would be difficult to track down after the fact with security audit tools. In other words, he says the flaw shows that Oracle is still treating security as an afterthought rather than a part of the development process. "They're using their security tools like goalkeepers," Litchfield said in his talk. "They think 'We can develop like we normally do because our security tools will save us.' And they won't."

Litchfield had only recently founded NGSSoftware in 2001 when Ellison made his notorious claim of Oracle's cyber invincibility. The young hacker set about proving him wrong, and found 35 flaws in the company's software within 24 hours. "You just had to look at Oracle 9 and it would fall over," he says of the company's software of the time.

Oracle's war of words with Litchfield began after he started publicizing the bugs he found--always, he says, after giving Oracle a fair chance to patch them. After revealing a bug in Oracle's software in 2004, the company's chief security officer Mary Ann Davidson wrote an opinion piece for ZDNet accusing security researchers like Litchfield of endangering Oracle customers. Litchfield responded by accusing her of negligence and calling for her resignation.

Meanwhile, Litchfield rose to cybersecurity stardom and penned books like Oracle Forensics, The Oracle Hacker's Handbook and The Database Hacker's Handbook. As he spoke with Forbes Tuesday, a fellow security auditor approached to shake his hand and thank him for his research. The auditor talked about a case in which he'd used one of Litchfield's exploits to demonstrate the vulnerability of a Louisiana Department of Health and Hospitals database. "I stopped counting the social security numbers after the first few hundred thousand," said the Litchfield's admirer, who asked not to be named.

Even when Oracle did respond to the bugs Litchfield exposed, he says the company's fixes were often appallingly sloppy. "They'd patch one thing and miss a bug two lines below in the code," he says. "Sometimes it would take five years and five patches just to deal with one issue."

Today, Litchfield says, the situation has vastly improved, as evidenced by the lower rate of bugs in Oracle 11G. He grudgingly gives the company a B plus for its efforts. "As much as it pains me to say it, well done, Oracle," he told the Black Hat audience.

Having sold NGS to the British firm NCC in 2008, Litchfield says he's ready to take a long vacation before exploring business opportunities in post data-breach forensics.

"I'm tired," he says. "I'm going to take a few months off and spend some time diving before I come back."

Given the last decade of security spats and the new bug on his hands, Larry Ellison could probably use a vacation, too.

Original Article at:

http://www.forbes.com/2010/02/02/hacker-litchfield-ellison-technology-security-oracle_print.html

(comments? | Score: 0)


Get FREE copies of Hakin9 Magazines -- PDF Download
Posted by cdupuis on Tuesday, 02 February 2010 @ 09:23:11 EST (391 reads)
Topic Hakin9

NOTE FROM CLEMENT:

Below you have a few copies of Hakin9 that you can download for free from the Hakin9 web site.  On the same page as the magazine you will also find dozens of great articles that you can look at.  They are all in PDF Format.

All that is required to access the downloads is to join their mailing list.  You will immediately receive through email a confirmation link with instruction on how to access the files.  Do read the past issues, you will see that coverage is very thorough and most of the content would still be applicable today with minor changes.  Hakin9 is a magazine that I like very much and it always contains great articles and howto.  The printed magazine comes with a bootable version of Backtrack plus many commercial utilities with license to use.  The best way to really appreciate if it is for you or not is by downloading some of the copies below and see for yourself.

MY ERP GOT HACKED!  Release Date: 2009-07

04_2009-1_free

Issue_contents
  • Nokia’s Vow of Silence
  • Phishing
  • Print Your Shell
  • My ERP Got Hacked – An Introduction to Computer Forensics
  • Attacks On Music and Video Files
  • The Strings Decoding Process
  • Hacking Through Wild Cards
  • Create a Self-Signed Digital Certificate with OpenSSL
  • Automating Malware Analysis

FREE ISSUE: My ERP Got hacked! 04/2009  Download pdf


Breaking Client-Side Certificate Protection   Release Date: 2009-03

Hakin9_3_2009_en

Issue_contents
  • Brute Force Attack
  • Exporting Nonexportable Certificates
  • User Enumeration with Burp Suite
  • More Thoughts on Defeating AntiVirus
  • A New Era for Buffer Overflow
  • Automating Malware Analysis
  • Anatomy of Malicious PDF Documents
  • Analyzing Malware Packed Executables
  • Bootleggers and the Internet
  • Interview with Nicholas J. Percoco
  • Self exposure with…

    FREE ISSUE: Breaking Client-Side Certificate Protection 03/2009   Download pdf

 

The Real World Clickjacking  Release Date: 2009-02

Hakin9_2_2009_en

Issue_contents
  • Metasploit Alternate Uses for a Penetration Test
  • Backdooring Frameworks
  • The Real World Clickjacking
  • Apple Super Drive. Set It Free
  • Mapping HTTP Interface Embedded Devices
  • How Does Your Benchmark of Physical Security Affect Your Environment?
  • iPhone Forensics
  • Safer 6.1
  • Making Open Security Research Sustainable
  • Interview with Raffael Marty
  • Self exposure with…
  • ENGARDE SECURE LINUX
  • Analyzing Malware

    FREE ISSUE: The Real World Clickjacking 02/2009    Download pdf

 


Hacking Instant Messenger    Release Date: 2001-01

Hakin9_1_2009_en

Issue_contents
  • Metasploit Alternate Uses for a Penetration Test
  • Backdooring Frameworks
  • The Real World Clickjacking
  • Apple Super Drive. Set It Free
  • Mapping HTTP Interface Embedded Devices
  • How Does Your Benchmark of Physical Security Affect Your Environment?
  • iPhone Forensics
  • Safer 6.1
  • Making Open Security Research Sustainable
  • Interview with Raffael Marty
  • Self exposure with…
  • ENGARDE SECURE LINUX
  • Analyzing Malware

FREE ISSUE: Hacking Instant Messenger 01/2009  Download pdf

 

(comments? | Score: 0)


The Secret of Hacking -- Who is Leo Impact ??
Posted by cdupuis on Monday, 01 February 2010 @ 10:45:54 EST (288 reads)
Topic Book CEH Cert

NOTE FROM CLEMENT:

I need your help.  Lately I have seen this book called The Secret of hacking being advertised left and right within magazines but i haven't heard of this book before and I have not heard of Leo Impact as a company either.   My question to you is:  Do you know who they are and if you have read the book, could you give us a review for the benefit of all.  See a cut and paste from their website below.  A company that offers to write custom viruses as part of their service.  A CEO with a claim of Leading the Security Industry for more than 4 years.   For sure they do have a good advertising budget but are their product worth the money they ask, that's the main question??? Please leave a comment to tell us more about this company and the book they have published.

 

Leo Impact Security, Inc. is a professional information security services company whose focus and aim is ensuring that your business’s most vital resource, your information, is protected and safeguarded against latest threats.

We provide our clients the best of both worlds: Expertise in knowledge transfer (Education) and Security Services (Consulting), with a solid reputation and world renowned in the IT Security industry.

Leo Impact employee owners are committed to the common goal of delivering high-quality solutions to our customers. When you deal with anyone at any level of our company, you are dealing with an owner who puts the highest value on maintaining Leo Impact reputation of trust by exceeding your expectations.

Our full scope of work takes a project from master planning through construction and includes facility review, threat assessment, security systems planning and design, system specification, Security training. Our success reflects our commitment to customer satisfaction and delivering the highest quality service possible.

Registred in USA (Delaware):

EIN No: 80-0527389

Leo Impact Security, INC
616 Corporate Way, Suite 2
#4000, Valley Cottage, New York 10989
USA

 

Registred in India (Rajasthan):

Corporate Identification Number:  U72900RJ2009PTC028837

Company number: 28837

Leo Impact Security Services Pvt. Ltd.
T-8, Malyia apartment near BJP office,
C Scheme , Jaipur pin 302001(Rajasthan) India

Our Clients:

Some of his client’s and projects include but not limited to:
• Intelligence Bureau (INDIA)
• Counter Intelligence
• Military Intelligence
• Signal Intelligence
• CID, ARMY-CERT
• RAW and National Security Guard.
• TCS, US ARMY, etc…

 

Chief Security Officer

MR. MANISH KUMAR IS THE CHIEF SECURITY OFFICER OF LEO IMPACT SECURITY, A PROFESSIONAL INFORMATION SECURITY SERVICES COMPANY , FOCUSSED ON PROVIDING SPECIALISED SOLUTIONS AND ASSISTANCE TO ORGANISATIONS IN PROTECTING AND SAGEGUARDING THEIR MOST VITAL BUSINESS RESOURCE I.E. INFORMATION, AGAINST LATEST THREATS.

WITH AN EXPERIENCE OF MORE THAN 4 YEARS IN LEADING THE IT INDUSTRY, MR MANISH IS A PRINCIPAL INFORMATION SECURITY CONSULTANT, AUDITOR AND TRAINER, HAVING MORE THAN 1000 HOURS OF TRAINING PER YEAR IN THE VARIOUS DOMAINS OF THE INFORMATION SECURITY, CYBER FORENSIC, ETHICAL HACKING, BUSINESS CONTINUITY, WI-FI SECURITY AND MORE. HE HAS BEEN AWARDED MANY CERTIFICATIONS LIKE CERTIFIED HACKING FORENSIC INVESTIGATOR (CHFI), CERTIFIED ETHICAL HACKER (CEH), RED HAT CERTIFIED ENGINEER (RHCE) AND MICROSOFT CERTIFIED PROFESSIONAL, JUST TO NAME A FEW. POSSESSING AN INDEPTH KNOWLEDGE AND INSIGHT INTO TODAY'S SECURITY RISKS AND TOMORROWS POTENTIAL THREATS.

CHFI (EC-Council | Computer Hacking Forensic Investigator v3)
Certificate Number: ECC929666

• CEH (EC-Council | Certified Ethical Hacker)
Certificate Number: ECC928602

• RHCE (Redhat Certified Engineer)
Certificate Number: 805008571833751

• MCP (Microsoft Certified Professional)
Certificate ID: 3726016


HE SPECIALIZES IN NETWORK SECURITY, PENETRATION TESTING AND FORENSIC INVESTIGATION. HIS RESEARCH INTERESTS INCLUDE COMPUTER SECURITY, NETWORKING, DATA FORENSIC, VIRTUALIZATION AND INFORMATION SECURITY. HE HAS BEEN INTERVIEWED BY SEVERAL PRINT AND ONLINE NEWSPAPERS WHERE HE HAS SHARED HIS EXPERIENCES RELATING TO CYBERWAR AND CYBER CRIMES.

Specialization

• Hacking
Idenity Spoffing (Mobile, SMS, Email, voice)
Virtual Credit Card
Virus Development
• Cyber Crime Forensic Investigation
• Black Hat Penetration Testing,
• Custom VIRUS creation [Exe,PDF,XLS]
• Network Security [IDS/Firewall bypassing, tunnel]

(comments? | Score: 0)


BSD Magazine -- Get your FREE copy
Posted by cdupuis on Monday, 01 February 2010 @ 08:33:17 EST (286 reads)
Topic BackTrack

 
What's inside:

  • A first look at PC-BSD 8 release
  • Installing and securing an Apache Jail with SSL on FreeBSD
  • The gemstones for FreeBSD
  • OpenBSD, NetBSD and FreeBSD as file sharing servers – Part 1 – NFS
  • Ipsec VPNs: An Introduction to IKE and Ipsec
  • LDAP on FreeBSD
  • Secure and stable mailservers with OpenBSD and qmail
  • Developing Secure Storages: Now On FreeBSD
  • Web Server Benchmarking
  • BSD Tips and Tricks
  • Interview with Olivier Cochard – Labbe, Founder of FreeNAS
  
Hello everyone!

We are happy to inform you that the first online issue of BSD Magazine is finally out.

We would like to take this opportunity to thank everyone who made this transformation possible. We are delighted that we can now provide practical knowledge about BSD systems to everyone across the world.

Please help us spread the word about BSD Magazine.

Thank you for your support!
We still have two pages of advertising space available in the upcoming March issue. If you wish to inform our readers about your company/service/products (or anything else) please let us know, we have some great last minute offers.

Contact our Editor-in-Chief at michal.gladecki@software.com.pl
Best regards,
BSD Magazine Team
www.bsdmag.org

Michal Gladecki
michal.gladecki@software.com.pl

(comments? | Score: 0)


The H Security: Scareware becomes ransomware again
Posted by cdupuis on Monday, 01 February 2010 @ 06:42:20 EST (307 reads)
Topic In the News

Scareware becomes ransomware again

Data Doctor 2010 will allegedly repair files, for a price.  Rather than infected files, the latest scareware uses allegedly corrupted files to alarm users. The setup work is performed by a trojan known as W32/DatCrypt, which encrypts files including office, image and MP3 files. When the user then tries to open any of these files, Windows reports them as being corrupted.

Where previous encrypting trojans, such as GPCoder, have demanded a payment from the victim in order to decrypt files (ransomware), the criminals behind this particular attack have taken a more brazen tack. They offer the victim a program called Data Doctor 2010, which will allegedly repair the files, for download. The 'trial version' of Data Doctor downloaded then reports that it is only able to repair a single file, and that repairing all the user's files will require the full version costing around €90.

Happily for victims, anti-virus software vendor Sunbelt has provided a free downloadable tool (direct download) for repairing files without the intervention of Data Doctor. The tool simply decrypts the encrypted files, which use a simple encryption algorithm. Malware specialist FireEye reported a similar case back in early 2009. The alleged repair tool in that case was entitled FileFix Pro 2009 and was priced at €50.

Meanwhile Eset is warning of a new worm called Zimuse, which overwrites the master boot record on infected systems. BitDefender has also issued a warning about Zimuse, but claims that it destroys hard drives using malicious code. What is unanimously agreed is it does not do so immediately upon infecting a system but, depending on the variant, 20 or 40 days later  by rendering the system unbootable. It is usually possible, however, to repair the system by using a repair CD to restore the MBR, allowing a normal Windows installation to once more boot.

Zimuse is being spread via infected USB sticks and via the web as a downloadable IQ test. Eset believes that the malware was originally targeted at members of a Slovakian bikers' club. Most initial reports on the spread of the worm came from Slovakia, but this has now been overtaken by the USA, followed by Slovenia, Thailand, Spain, Italy and the Czech Republic. Eset has provided a tool for removing the malware, but this is only useful before the MBR has been overwritten.

See also:

(comments? | Score: 0)


winAUTOPWN version 2.1 has been released
Posted by cdupuis on Saturday, 30 January 2010 @ 22:49:09 EST (332 reads)
Topic winAUTOPWN

Dear all,

This is to announce release of winAUTOPWN version 2.1

This version covers almost all remote exploits from January 2009 start up-till December 2009.
It also contains a few exploits released before January 2009 and for January 2010 till date.
A few could still be missing but they will be added shortly.
A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT

- winAUTOPWN or WINDOWS AUTOPWN version 2.1 now attempts to exploit port 80 after completing testing
exploits for all other ports.   This is mainly because of the high number of "Remote File Include Vulnerabilities" which winAUTOPWN tries to exploit.
- winAUTOPWN 2.1 no longer incorporates the "Shell Upload vulnerabilies".
- It also has a few internal modifications to suit a few exploits.
- The winAUTOPWN GUI now allows you to keep any Text box empty unlike the previous one which contained a
bug in processing the input arguments.   If you intend to use the GUI, kindly use the new winAUTOPWN GUI 2.1 and not the old one.

Daily/Weekly Snapshot/Beta Releases of winAUTOPWN are always available for download from WINAUTOPWN website.

ALTERNATE DOWNLOAD LINK : http://089dc64a.seriousfiles.com
(Use this only if the Primary Website for Download [URL given below] is unavailable)

Enjoy the Release.

The Latest available release now is winAUTOPWN version 2.1.

Coded by : Azim Poonawala (QUAKERDOOMER)

winAUTOPWN available at http://winautopwn.co.nr

Author's website : http://solidmecca.co.nr

winAUTOPWN is updated almost daily. Check the Download page for weekly snapshots.
Latest Release can always be downloaded from : http://winautopwn.co.nr

"winAUTOPWN - WINDOWS AUTOPWN (For The True HyperSomniac H-a-c-k-e-r-z-z-z-z-Z-Z)"

Regards,
QUAKERDOOMER

(comments? | Score: 0)


New logo for the CCCure Family of Portals
Posted by cdupuis on Friday, 29 January 2010 @ 23:16:55 EST (263 reads)
Topic In the News

Today I am happy to present our new logo:

The CCCure Family of Portals

Our new logo represent very well the mission of CCCure and it's family of portals.

It shows that our mission is Education, Information System Security, helping people worldwide.

Every month we have people from more than 125 countries that are making use of our portals.  That's over 100,000 unique visitors overall.  We are proud today to show our new identity,  the next time you see it you will know it is not a clone, a rogue, or a fake.  It is the real thing.

Thanks to all who supported us over the past ten years.

Best regards

Clement, Nathalie, and Alain
Site Owners and Maintainers

 

(comments? | Score: 0)


The EC-Council CHFI Version 4 is soon to be released
Posted by cdupuis on Thursday, 28 January 2010 @ 20:55:58 EST (380 reads)
Topic CEH

This morning I had the opportunity to listen to a webcast on the new CHFI Version 4 that will very soon be released.

The presenter was no other than Haja Mohideen.  Haja Mohideen is the technical director for EC-Council. He manages the certifications and training programs at EC-Council. He has multiple years of experience in IT. He has contributed to the development of EC-Council programs such as CEH, CHFI, LPT, ECSA, etc.

Haja started the webinar by describing what the CHFI Version 4 will be,  he used words such as bigger, better, Enormous, a Monster.   As you will see below he was not playing with words, it is a very accurate description of what the CHFI Version really is.

The CHFI Version 4 is not a complete rewrite of the course, it is based on the old version 3.  More data, content, products, and tools have been added to the 5 days of training.   A total of 27 new modules have been added to the content of the CHFI V4.  For a great total of approximatively 65 modules overall.

If this pattern is maintained we can expect to have 150 modules for version 7 of the courseware as Haja mentioned semi seriously in the Webinar.

WHAT IS NEW ?

One great addition will be thorough coverage of Encase.  The EC-Council has signed an agreement with Guidance Software to get an academic version of the software to be use in class.  Guidance has provided a full slide show to be use to teach it as well. 

The academic version cannot be used on real case but it allow you to make use of the images contained within the software itself to go through the normal step that would be followed to investigate a computer crime.

Below you have a high level overview and comparison of the old version versus the new version:


  CHFI VERSION 3  CHFI VERSION 4
Number of Modules             35         65
Pages Total          2751         4193
Pages per Module          74         91
Slides Overall          2457         4872
Slides per modules          66         75
Latest Security News           NO         YES
Cartoon in Slides          YES         YES

 

MODULES ADDED TO THE COURSE

Below you have a screenshot of some of the modules that were added to the course.  This is not the official list as there could be minor changes between now and the final release of the V4 courseware.  But it will give you a good idea of what to expect:

New modules in the ec-council CHFI V4

WHAT ABOUT THE CHFI V4 EXAM

Of course more content means that the exam must be expanded to cover it properly.  The exam will consist of:

150 Questions
4 hours in length
70% is required to pass
Availability as of the 1st of February 2010

Just like the curriculum the exam will not be completely new.  Some of the old V3 exam content will remain with the addition of a lot of new questions to cover the new material of the V4 version.  More study will be required to master this exam.

HOW COMPLEX DOES THE LAB SETUP HAS TO BE

The lab setup has not change much compare to the old CHFI V3, the following is recommended:

1.  Follow same steps as V3
2. Windows Server 2003 with 2 partitions,  C & D partitions.
3. CHFI Tools preloaded on each of the machines

Haja discussed why they decided not to move to the new Windows Server 2008 as the base platform.  Mostly the main reasons were that 2008 is very well locked down, it is hard to run all of the tools on that platform.   2003 is simple to install and run.


MY PERSONAL OPINION AND FEELING ABOUT THIS VERSION

BIGGER IS NOT ALWAYS BETTER (At least in the world of Penetration Testing and Security Assessment training)

It is very scary to think that this package has close to 5000 slides and more than 4000 pages.   At one point one has to wonder how can this be delivered over a period of 5 days.   The answer is very simple:  IT CANNOT BE

Then what else can be done.   The instructor guide usually always propose 3 delivery methods.  The usual one where you ONLY cover only the core modules and the class run from 9 AM to 5 PM.   The second method is to extend the training hours where you start at 0800 AM and you finish at 6 PM.  A few more modules can be covered this way.  The third method is simply PURE bootcamp method where you get in class earlier than 8 AM and you stay in class until 10 PM or more.  That will allow you to cover yet more modules but not all of them for sure.

From personal experience,  you cannot teach for 16 hours a day to students.  After 8 to 9 hours or even less in many cases their brain is no longer in receive mode.  You need to have some hands on labs or red team exercises to close the day.  You let them use their brain and further explore what they have learned under the supervision of a master.  This is the only way you will keep them awake and engage that long.

That brings another challenge,  it means that the class has to be adapted by the instructor according to his own desire or what the client stressed that he wanted as far as content.  It works well when it is an onsite class,  the client who pays the bill for all the students can tell you what focus he would like for his class.  However, this is not a viable solution for a public class with a mix and match of experience level.  It is hard to succeed and still carry along everyone under such a scenario.

A normal class day (8 hours of teaching) usually covers a maximum of 220 slides without any labs.  If you introduce labs you have to reduce this down to about 180 slides per day or maybe a bit less.  Those numbers have always work very well for us.  There is no way you can go through a lot of modules per day when there is an average of 75 slides per modules.  This means that on a good day you would cover about 3 modules if you do it correctly.  If you multiply this by 5 you get 15 modules done at the end of the week.   What about the other 50 you haven't done....

If you can do more than 3 full modules a day it means that you have very little content on your slide or you have slide with one or two bullet points that could have been condensed onto less slides as they add little value to the package.  Some of those slides are the dozen of tools listen within some of the modules.  The instructor must skip through those at warp speed.  They are only there for reference and to make you aware that they exist.  Such a list of tools should be listed in the student manual but not one by one on the slides.   

Let's say for the sake of argument that you are a top trainer and you can zip through slide at a rythm of 1 slide every two minutes (which is about the normal ratio for a fast instructor who does not add much value to the slides),  if you teach for ten hours without any pause or break, you would cover only 300 slides in a day.  You would still be short on time and would only complete 4 modules in your full day.  This means a total of 20 modules for a 5 day class without any pause, break, lunch break, or labs at all.   It does not add up.

THE INSTRUCTOR DECIDE HOW THE CLASS WILL BE

As you might have guessed there are many instructors who can deliver such a class.  They are the one in charge and they decide what is more important to cover within all of those modules.  The student has to and must do self learning of the modules not covered in class.  Certainly NOT what most students would expect.  They expect to learn from a master.

This means that you must pick your instructor very carefully as it could make a world of difference from one class to the next.

WHAT CAN BE DONE

Some very serious taught has to be given to the CHFI and the CEH class for that matter.  They both suffer from bloatware.  Adding, adding, and adding more content does not generate a cohesive CBK or map to clear objective.

150 Questions means 2.3 questions per modules.  If a module does not have enough material to generate more then 2.3 questions, it should not be called a module.  Seriously,  any modules that has content should have 5 or more questions.  If an exam with 300 questions is needed then be it.  Else your exam does not validate the full spectrum of what the class contains.

This MONSTER as Haja defined it should be cut in three portions where there could be a foundation class, an intermediate, and advanced.  Then it would make sense as far as content, progress, and delivery.  I think giving someone all of the tools that exists at Home Depot does not make that person a carpenter.   Only years of experience and leaning from other carpenters will allow you to become such an expert.  You have to learn to walk before you run.  It is better to learn one tool at the time than TONS of tools in 5 days.

Anyway, this is a quick overview of the CHFI V4 and some of the challenges and issues that I can foresee in the future.

Do take care

Clement

(comments? | Score: 0)


NO PHYSICAL SECURITY = NO LOGICAL SECURITY
Posted by cdupuis on Thursday, 28 January 2010 @ 19:01:07 EST (375 reads)
Topic Social Engineering

NOTE FROM CLEMENT:

Below you have links and information about a methodology to apply when you have to perform Social Engineering attacks to defeat Physical Security.   The methodology talks about the proper steps to avoid exposing privacy, getting employee mad, or other legal issues.  See the info below about this new methodology,  it is in it's infance but it is based on two years of Social Engineering attacks:

During a penetration test on the physical security of an organization, if social engineering is used, the penetration tester directly interacts with the employees.  These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust towards the organization, leading to
law suits and loss of productivity of the organization.

This paper proposes two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies are validated by a set of penetration tests we did in a period of two years

Download PDF of the methodology at:

http://eprints.eemcs.utwente.nl/17043/01/Pentesting_methodology.pdf

Get info about authors and publication at:

http://eprints.eemcs.utwente.nl/17043/

(comments? | Score: 0)

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Our Sponsors

Latest Windows Tools

Latest Linux Tools

Virtual Machines VM's

Hacker's Magazine

Web & Apps Security

Scanning Service

Reverse Engineering

Advisories

Big Story of Today

There isn't a Biggest Story for Today, yet.

Old Articles

Thursday, January 28
· What is rogue security software?
· Resume of the CEH Webcast I attended yesterday
Monday, January 25
· Version 5.20 of the Nmap network scanner arrives
Thursday, January 21
· STRATEGIC SECURITY TESTING WEBCAST by Dr. Eric Cole
Friday, January 15
· News from the Pauldotcom Crew
· SANS vLive! online training announces March schedule of LIVE courses
Thursday, January 14
· Job Offer Consultant - ISO 27001 Implementation & Certification, Doha, Qatar
· New Magazine: Hack In The Box (HITB) Ezine is launched
· Best Practices in Higher Ed Security Assessments: Virginia Tech’s IT Security
· nullcon Goa, India, 2010 International Security & Hacking Conference
· 26C3 THe world largest hacker conference in Berlin - Recording now online
Wednesday, January 13
· GCIH in the news
· Which cert would you like to get in 2010
· GPEN in the news
· GSEC in the news

Older Articles

You can syndicate our news using the file backend.php or ultramode.txt


All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003-2008 by Clement Dupuis and Nathalie Lambert (Site Maintainers).

 


 

 


Page Generation: 0.63 Seconds