Archive for March, 2011

 

rand() Thoughts

Mar 22, 2011 in Security

[SecurePlanet Wiki][SecurePlanet RSS Feed][SecurePlanet RSS Vulnerabilities]

I just had a slew of random posts and things I’ve seen in the last couple of weeks so I decided to post them up for everyone.

1) Open Penetration Testing Bookmarks Collectionhttps://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
If you are a pentester, this is an excellent guide to hacking. The list contains very good resources, forums, blogs, tools, cheat sheets, labs, and etc. You could spend a month going through all these sites.

2) CERT SEI released a paper called Network Monitoring for Web-Based Threatshttp://www.sei.cmu.edu/reports/11tr005.pdf
This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach. It discusses the means an attacker takes to collect information about the organization’s web presence. It also describes several threat types, including configuration management issues, authorization problems, data validation issues, session management issues, and cross-site attacks. Individual threats within each type are examined in detail, with examples (where applicable) and a potential network monitoring solution provided [Matthew Heckathorn, http://www.sei.cmu.edu/reports/11tr005.pdf]

3) Infosecinstitute released its OWASP Top 10 Tools and Tacticshttp://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/
Infosecinstitute released a discussion listing a tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten. Below is a blurb from their site discussing each vulnerability and the tool used to find the issue.

A1: Injection – SQL Inject Me
A2: Cross-Site Scripting (XSS) – ZAP
A3: Broken Authentication and Session Management – Websecurify
A4: Insecure Direct Object References – Burp
A5: Cross-Site Request Forgery (CSRF) – Tamper Data
A6: Security Misconfiguration – Wapato
A7: Insecure Cryptographic Storage – N/A
A8: Failure to Restrict URL Access – Nikto/Wikto
A9: Insufficient Transport Layer Protection – Calomel
A10: Unvalidated Redirects and Forwards – Watcher

4) Pentesting VOIPhttp://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
Shai rod, released information on how to use backtrack to do a full penetration test against VoIP systems.

5) Maltego Replacement
I know a lot of people have been looking for tools similar to Maltego. Here are a list of some alternatives.
YETI – SensePost project in the space of network footprinting – http://spyeti.blogspot.com/
Foca – Fear the Foca – http://www.informatica64.com/DownloadFOCA/
NetGlub – Open Source Information Gathering – http://www.netglub.org/ *Most promising and seems to be very similar to Maltego

Happy Hacking.
-Cheetz