Dear PenTest Readers,
We are extremely happy to present you the first 2020 edition of PenTest Mag! The main focus of this issue is the most hip, relevant, and - in most cases - open-access tools which will be immensely useful for every pentester this year. No matter which exact pentesting territory is your favourite, whether you’re into application security, cloud security, IoT - you will definitely find something for yourself here!
To start with, Alyssa Miller, prominent security researcher and international speaker, provides you with an excellent walkthrough on must-have AppSec pentesting tools, especially for beginners or intermediate level pentesters. After reading this article, you will definitely know how to set up your pentest lab this year.
It is a great pleasure to have Yuri Diogenes among our contributors in this issue. The acclaimed author of cybersecurity books presents how to reduce the attack surface and detect threats in the cloud environment on Azure platform. The article is simply a must-read to everyone involved in cloud security, as Yuri is definitely THE expert on the topic.
Of course, that's not all what our contributors provided for an exciting start of pentesting year 2020. In the issue, you will read also the article by Tom Updegrove - one of our reviewers - who shows how to set up an efficient pentesting lab without the necessity of a second mortgage! ;)
Pablo Gonzalez Perez and Fran Ramirez prepared a very informative tutorial on HomePwn, the Swiss Army Knife amazingly useful for every IoT Security enthusiast!
As usual, there are also articles on other topics connected with white-hat cybersecurity. Binary Exploitation, Exploiting Routers, SCADA Systems Exploitation, Cybersecurity Management, and - last but not least - client side HTTP request encryption.
Without further ado,
Let’s dive in the reading!
PenTest Magazine’s Editorial Team
Table of Contents
Must-Have Application Security Tools in 2020
by Alyssa Miller
While it would be difficult to ever put together a fully comprehensive list of application security tools, building a toolkit from this list will get you a long way. New tools are being developed all the time and quite often they are very niche, and purpose built. So, when you find yourself investigating a new vulnerability type or wishing you had some way to automate your attacks, be sure to leverage your favorite search engine. Chances are, if it’s not in our list, there’s probably still a script or tool out there that will be helpful for you.
Cloud Security Posture Management - Reducing the Attack Surface and Detecting Threats in the Cloud
by Yuri Diogenes
A bad habit that was created over the years when vulnerability management systems were scanning servers on-premises, and the results were sometimes ignored, is getting carried on to cloud environments. The lack of security hygiene in cloud workloads is real, is dangerous and should be immediately addressed. According to a study conducted by Online Trust Alliance, 93% of reported incidents could have been avoided with basic security hygiene best practices. Read this part again: “basic security hygiene”!! The question is, why wait to get owned before doing something?
Trident of Open Source Penetration Testing Tools
by Tom Updegrove
The new paradigm in security compliance is being adopted by more states and local governments and is going to be the standard along with HIPPA, PCI-DSS, SOX, GPDR and California’s CCPA to name some. There are some great commercial security assessment tools available, but they come with a big price tag. This prompted a need for an effective yet inexpensive security assessment tool. I have found that Kali Linux, OpenVAS and Vega fill that need and shows that security testing doesn’t have to require a second mortgage to be effective.
HomePwn - The Swiss Army Knife for IoT Pentesting
by Pablo Gonzalez Perez and Fran Ramirez
HomePwn is like a Swiss Army Knife pentesting tool that aims to fill the gap to check the safety between professional IoT devices and those personal devices used day by day at home. Any device connected in a home or office network is the target of this tool. Evaluating the security of any device in the home or office is very useful since we connect to a network of very heterogeneous devices that can give a false sense of security when we are exposing essential assets (such as personal data) as they become the weakest point.
A Pentester’s Overhead: Client Side HTTP Request Encryption
by Dinesh Sharma
In this article, we will be working on client side encrypted traffic decryption. We will try to decrypt it and try to inject our payload. It is important to decrypt the client side HTTP requests so that we can inject our payload and perform the web application testing thoroughly.
Exploiting Connect Box EuroDOCSIS 3.0 [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION] >>
by Filipi Pires
In this article, we explain how to get admin credentials in the Connect Box DOCSIS 3.0 Voice Gateway router - it was possible by sniffing the HTTP traffic packets, within the same tested network, and perform some tests. It is then possible to discover a vulnerability in the authentication process known as Cleartext Transmission of Sensitive Information. This router that has been tested is in Poland by the internet service provider UPC. This company provides services in many EU countries.
Binary Exploitation in Hacking Methodology
by Jason Phillips
Many certifications talk about buffer overflows and how to exploit the vulnerable code. Fewer certifications talk about how to subvert some problems that may present themselves during an engagement. The available buffer may be too small to hold the shellcode needed to successfully gain access to the desired environment or permissions. As a security professional/hacker, the main objective is to think outside the box.
Techniques to Redirect the Execution Flaw
by Mostafa Mahmoud
In the our previous article, we illustrated how we can control the EIP value and redirect execution flaw techniques to our shellcode, and we showed how to use two of them in our exploit development for the FreeFloat FTP app. In this article, we are going to show how we can use the rest of techniques to redirect the execution flaw.
by Bruce Williams
There are few articles on cybersecurity management. I wanted to see if cybersecurity management was different and to see which strategies were used in management and which strategies were used in cybersecurity to determine where they were the same or different. This article explains the similarities in their management.
Exploitation of SCADA Systems
by Mohamed Nasfi
As white-hat hackers, ultimately we want to be able to develop exploits for SCADA/ICS systems. In this way, we can find vulnerabilities and exploits before the Black Hats and patch the vulnerability before any bad guys take advantage of it. In this article, I want to give you a basic outline of the process of developing a zero-day exploit against SCADA/ICS systems.