PENTEST OPEN 01/2014 – TUTORIALS. TUTORIALS EVERYWHERE!

The Raspberry Pi is a small low cost computer originally designed as an educational tool to teach children about computing. The Raspberry Pi now has a large following of hobbyists and hackers using the little computer for various projects from home theater Pcs to home appliance automation. While the Raspberry Pi does not have the greatest specs by contemporary computing standards, it does have a tiny form factor and at $35.00, it is hard to find a better value.

---

Kali is an invaluable platform that when coupled with a sound methodology can make a penetration tester’s life that much easier. In some cases Kali provides so many tools that novice penetration testers may struggle with how all the tools fit together and how they can be used to truly meet a client or internal customer’s penetration test objectives.

---

Universal USB Installer aka UUI is a Live Linux USB Creator that allows you to choose from a selection of Linux Distributions to put on your USB Flash Drive. The Universal USB Installer is easy to use. UUI can create a Bootable UFD containing most of the OS available.

---

In his article our expert, George Lewis, will go through an ISO27001 advisory engagement delivered to one of his clients while working with consulting companies including Big 4 as well as cover a practical approach to implement ISO27001:2005 and will discuss the transition phase to the new ISO27001:2013.

---

Explore the Top 5 root causes for organizational breaches even after ISO 27001certification and learn more about how each of the described root causes is materialized, who the related entities are, and how to overcome them.

---

Penetration testing in cloud computing is a big challenge for security practitioners due to its shared resources, service delivery methodology, and borderless presence. This article presents the basic concept of cloud computing and its usage.

---

As with any penetration testing engagement, you need to define the scope of the test. This can get tricky when dealing with cloud services. If you are engaging the provider directly, it’s relatively easy and you can work out the scope of what they wanted tested between the two of you as they have total control of everything in their environment (assuming they can support testing and not interfere with their customer’s business), however if you are dealing with a customer of the provider, things can get trickier. First off, you’ll have to understand just what the relationship is with the cloud provider.

---

Even though computers and computer networks were not necessarily engineered from inception with security in mind, it did not take long to discover the need for securing both. For anyone who cares to find out, the art of penetration testing has been in existence since the 1960s. The first documented penetration test occurred in 1967 when the Department of Defense (DoD) commissioned one, but the need for it became apparent when the Systems Development Corporation (SDC), a United States government contractor, discovered that one of its employees could override the system protections added to the AN/FSQ-32 time-sharing computer system.

---

Effective. Efficient. Lean and Mean. These words can all be used to describe Sockstress: a type of Denial of Service attack that zeroes right in via TCP to wreak havoc on large or small systems. The idea behind Sockstress is simple: where there is a TCP stack, there is inherent vulnerability. In this article, we are going to examine a bit of the history of this interesting attack and explore its more recent use. We will also describe our execution of the attack that was set up in a laboratory environment to measure the effectiveness of this as a Denial of Service (DoS) attack tool.

---

In recent years, reported attacks against supposedly well protected ICS (Industrial Control Systems) have been growing noticeably leaving security and safety of SCADA (Supervisory Control and Data Acquisition) systems highly questionable. SCADA systems which monitor large amount of machines and sensors over large distances have become highly strategic to major industries and the consequences of system security vulnerabilities may prove catastrophic.

---

Complex and distributed SCADA systems now control vast swaths of industry and infrastructure. While an attacker targeting a traditional IT network can shut down a prominent web site, steal personal or confidential information, an attacker who hacks into a SCADA network can control real world equipment; opening valves, running large, powerful motors, posing a safety risk to plant operators and potentially the community at large.

---

You can use eEye Retina against Red Hat/UNIX/Linux systems. There are some hints and tips how to make it.

---

The increasing use of mobile devices is leading to an alarming observation: our security and privacy is seriously at risk because of a number of bugs and leaks in the mobile software. On the other hand, many users are not able to configure and protect their smartphone using the correct settings and features. A new Tool called SPF (Smartphone Pen-test Framework) is an open source tool designed to allow users to assess the security of the smartphones.