Monday, 26 August 2013

SANS 542 - Web Application Penetration Testing: Day 1

SANS 542.1
The Attacker's View of the Web




Location: Bangkok's Crowne Plaza Hotel

Topics covered during Day 1:

>Setting up Samurai WTF
> Web Site Server Architecture
>Understanding HTTP protocol
>Pentesting Types and Methods
>Components of Web App pentest
>Reports of findings
>Attack Methodology
>Types of Flaws
>Javascript

While many of the day 1 lesson covered i already have the knowledge, there were also many that i learnt such as analyzing HTTP using Wireshark and Paros Proxy. Also i learnt how to decrypt HTTPS communication using Wireshark. Basic Javascript attacks such as XSS were introduced and will be covered more in the other days and im so looking forward for that! The trainer was from Belgium and he had a great command of the English language that could easily understood. Can't wait for day 2.

Friday, 23 August 2013

Deleted Facebook Pictures: Are they really deleted?

We all love uploading photos to our Facebook wall and albums but sometimes we just wanna get rid of them for whatever reasons we have.. so we delete them and wash our hands...but the question is, are your deleted photos truly been deleted from the Facebook server?

Lets test it out...

Upload any pic to your Facebook wall.


Uploaded a pic and set the privacy to 'Only Me'


 Right Click on your newly uploaded pic and open the image in new tab.


 The new uploaded pic in a new tab.

Now, on the FB wall, delete the pic


Now go back to your pic that opened in a new tab and click refresh or reload. Still there? Now log out your FB account and refresh the pic. Still there?



In an article published in 2012, deleted photos was still online for 3 years!!

Scary isn't it? 


Here's the link to it, let's see how long it will take before the image/link expires.

Wednesday, 7 August 2013

Published Article: AV Evasion

Another article published by PenTest magazine! 


In this article, i demonstrate an end to end process on how to create a malware using open source tools and used it to avoid being detected by Anti Virus applications. However, besides demonstrating on how to evade them, i also described on how to prevent against such things using additional features from AV vendors.



The Cover Page


The First Page

The Last Page



The full article/magazine can be downloaded for free at

Tuesday, 6 August 2013

Windows Remote Desktop Protocol Weak Encryption Method Allowed - Validating the Findings

Results from Qualys Scan

ISSUE:
-Windows Remote Desktop Protocol Weak Encryption Method Allowed

THREAT:
Remote Desktop Protocol is a protocol by which Terminal Service provides desktop level access to a remote user. It can be used to remotely login and interact with a Windows machine.
Since RDP transfers sensitive information about the user and the system, it can be configured to use encryption to provide privacy and integrity for its sessions. It is possible to configure RDP to use encryption algorithms that are considered insecure, such as RC4 40bit and RC4 56 bit.

IMPACT:
If an attacker has access to the network traffic with RDP sessions using weak encryption methods, then it will be possible for them to bruteforce the encryption parameters and compromise privacy of the RDP session.

SOLUTION:
RDP needs to be configured to use strong encryption methods or use SSL as the privacy and integrity provider. To configure RDP encryption methods 'Terminal Services Configuration' snap-in can be launched in mmc.exe. In 'Terminal Services Configuration' properties dialog box General tab for the Encryption Level 'High' should be selected.

LINKS:
http://technet.microsoft.com/en-us/library/cc770833.aspx
https://www.fishnetsecurity.com/6labs/blog/remote-desktop-protocol-security-creating-successful-implementation


Validating the Findings
In order to validate the findings, we use additional tools to see if we can get the same output as Qualys scan. In this case, Qualys detected that the encryption algorithm used are RC4-40bit and RC5-56bit, hence our objective is to use other tools to get that information.

Using NMAP

nmap -p 3389 --script rdp-enum-encryption <ip>


Using Perl Script

Download the package using wget
#wget http://labs.portcullis.co.uk/download/rdp-sec-check-0.8.tar.gz

Extract the package
#tar -xvzf rdp-sec-check-0.8.tar.gz

Run the script
#./rdp-sec-check-pl <IP address>



References:


Friday, 2 August 2013

Published Article in Pentestmag.com - Pentesting: The Open Source and Manual Way


Second security article related to penetration testing/hacking published in Pentestmag.com. Due to author-magazine agreement, i could not upload the whole content of my published article. Only subscribed users can download the whole magazine.


Links to the magazine: 


The focus of this article is to demonstrate on how to perform a pentest using open source and manual methods rather than using automated tools such as Qualys or Nessus. It also elaborates on the reason why performing the manual way provides a better and deeper understanding of the system and vulnerabilities associated with the services/applications found during the recon and scanning phase.


The Cover Page


The Table of Contents

The First Page of my Article

The Final Page of my Article


BT's Advertisement


Thursday, 1 August 2013

A Book about Trust & Security by Bruce Schneier

LIARS & OUTLIERS

ENABLING THE TRUST THAT SOCIETY NEEDS TO THRIVE



"A person might decide to break the norms, not for selfish parasitical reasons, but because his moral compass tells him to. He might help escaped slaves flee into Canada because slavery is wrong. He might refuse to pay taxes because he disagrees with what his government is spending his money on. He might help laboratory animals escape because he believes animal testing is wrong. He might shoot a doctor who performs abortions because he believes abortion is wrong. And so on.

Sometimes we decide a norm breaker did the right thing. Sometimes we decide that he did the wrong thing. Sometimes there’s consensus, and sometimes we disagree. And sometimes those who dare to defy the group norm become catalysts for social change. Norm breakers rioted against the police raids of the Stonewall Inn in New York in 1969, at the beginning of the gay rights movement. Norm breakers hid and saved the lives of Jews in World War II Europe, organized the Civil Rights bus protests in the American South, and assembled in unlawful protest at Tiananmen Square. 

When the group norm is later deemed immoral, history may call those who refused to follow it Heroes." - Bruce Schneier