We offer to your attention a new issue of the PenTest Magazine. On more than 100 pages we will discuss new subjects regarding the cyber security world. Hope you will enjoy reading this piece.
In the issue we cover network penetration testing, Brucelle A. Arizmendi gives an overview of Black Box network penetration testing. Our friends, who have already become our regular contributors, Jitendra Kumar and Jorge Mario Ochoa, will take us behind the scenes of network penetration testing and integration of secure containers with DEVOPS.
A security enthusiast Mike Carthy contributes to the issue by taking us to the exciting world of stack-based overflows. Mo Halilov, who has conducted years of penetration tests on large organizations, provides an interesting article about SMB Relay and WPAD attack on the enterprise network. With his article on the topic of cyber security autonomy, Lior Barash will take us away from network penetration testing, and let us delve into other topics.
One of the last, but also one of the most interesting pieces of writing in this edition was offered by Kroll, represented by Devon Ackerman and Brandon Nesbit, who shared with us their report on RawPOS Malware.
As always, Marcelo Mansur will close the issue with his recruiting column and another exciting story about Ben Chester.
Hope it will be a pleasure for you to read through the new issue of the PenTest Magazine.
Editorial team of the PenTest Magazine
TABLE OF CONTENTS
Penetration Testing A Network Infrastructure (BlackBox Overview)
Brucelle A. Arizmendi
You need to perform a Pentest against a Corporate Network Infrastructure, but what type of test should you perform, a Black Box or White Box test? Both? It will really depend on what you were hired to do. Some companies like the idea of contracting individuals that can “try to discover” corporate hosts without given out Corporate information. If this is the case, then you’ll be performing a Black Box Pentest. If the company provides you corporate information such as domain names, server names, server IP address, to name a few, then you’d be performing a White Box Pentest.
Infrastructure Security Testing: A CISO Perspective
You know the drill, you're the guy responsible for information security, your business comes to you on a Friday afternoon and tells you their super-important project needs to 'go-live' over the weekend. Being the amenable, business-aligned CISO that you are, you want to help but your hands are tied. Almost reflexively, you respond: 'Have the endpoints, servers and networks been penetration tested?' There's a rhetorical tone to your voice. Unfortunately, you're greeted with one of two faces: confusion or anger. Neither is good. The business representative sees security as a blocker, the 'department of no'. You and your team are left despondent and sympathetic. This scenario was all too common during my time in the end-user space. It's not a competition, but if it was, no one wins.
Authentication and Cryptography
In this article, I’m going to show how to pen test authentication of Web and Mobile Apps. Any type of authentication uses some kind of cryptography and that means the cryptography used must also be validated for proper strength and algorithms used. The authentication is one of the most critical parts of an application or network. Pen testing for weakness or broken authentication will be an important part of your assessment and any findings will help strengthen the asset you’re testing.
Step By Step Guide to Network Penetration Testing: To understand penetration testing methodology, tools and techniques
In present scenario, many hacking incidents are happening around us and purpose is to gain access to an organization’s information assets. Hackers are taking advantage of vulnerabilities in any of these: Network, Host and Application which are the core values of internet. In past decade, need of protecting Network, application and host systems is increased with increase in hacking incidents around private and government sectors. Present scenario requires secure application in secure host within secure network.
Secure Containers + DEVOPS = Productivity² :The SMART way to check and solve vulnerability issues
Jorge Mario Ochoa
Information security must find the harmony between security and productivity. Many organizations require agile processes to release software continuously, but they must do it safely. For this we will talk about an alternative that consists of integrating secure containers with DEVOPS to increase productivity. Currently, the infrastructure vulnerability assessment process is complex in most organizations. The process consists of installing the required operating system and additional components, then configuring the ports and baselines to ensure compliance with good practices. Finally, tools are used to evaluate vulnerabilities, such as patches, default configurations or ports that should not be open. If we apply this process to organizations that constantly release software, we could delay the software release process, reducing efficiency and productivity. As a result, the organization could make the decision to use less secure but more agile processes.
Stack Overflows: A beginners Guide
In this paper, we dive into the exciting world of stack-based overflows to examine the mechanics behind one of the most infamous vulnerabilities known to the security community. This paper will take you from the ground up to provide you with the insight and understanding required to grasp the low-level operation of these vulnerabilities, and also the means by which they are exploited. Included is a practical step-by-step example, shortly followed by an overview of the most up-to-date mitigations that exist on modern operating systems today. The ultimate goal of this paper is to introduce each concept in simple terms in order to build a linear understanding, facilitate learning and demystify one of the most interesting topics within information security.
SMB Relay attack in combination with WPAD and NBNS Spoofing on Enterprise IT infrastructure.
In this article, I would like to talk about about SMB Relay and WPAD attack on the Enterprise network. Having conducted years of penetration tests on large organizations, they still lack the ability to mitigate easy fix vulnerabilities and attackers can take advantage of these vulnerabilities. One of the examples are SMB protocols, which are a crucial part of IT and organizations heavily rely on this protocol to achieve many tasks. The truth is this protocol has been used by attackers for a very long time to gain access to victims’ hosts by exploiting the protocol and the service. Here I would like to talk about the SMB Signing feature of this protocol, which is normally ignored by Domain / Security administrators.
Cyber Security Autonomy: For the Greater Good
Itʼs now just after 2016 ended and we know clearly that defence is losing ground. While it harms us all, it seems that the gross majority of the ʻinnovativeʼ minds are still prisoners of the old-school paradigm of cops and robbers; deploy defence, countermeasures, add another layer and another decoy, wait for them and strike them hard and mainly just be responsive, even if itʼs called pro-active. On a related note, a few years ago, Steve McConnell in his book ʻCode Completeʼ talked about the ratio of software bugs per lines of code and the ratio was 15-50:1000 respectively. Letʼs take a moment to consider some of the implications of the two.
Malware Analysis Report PartI: RawPOS Malware: An Intruderʼs Toolkit
Devon Ackerman & Brandon Nesbit
In 2016, Krollʼs Cyber experts had the opportunity to focus on a collection of malware related to the RawPOS family, and Kroll proceeded to identify numerous tools that the attacker(s) had dropped into the enterprise environment in order to expand their foothold, target specific machines, collect additional information about the compromised environment, and prepare that data for exfiltration. Through the following report, Kroll is pleased to share the research conducted on the malware and the intruderʼs toolkit with the greater information security community.
Security Career Tips and 'Chronicles of Ben Chester
In this section you will find a column with security career tips from British recruiter. Apart from that, author prepared for you an exciting story about Ben Chester, a penetration tester who is searching for a job. In such a satiric manner author depicts all the difficulties and obstacles on the way to a successful IT security career.