Dear PenTest Readers,
We would like to proudly present you the newest issue of PenTest. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We are really counting on your feedback here!
In this issue we want to focus on building your own in-house pentest lab. You will be able to read three articles where authors will show their favorite approach to building a lab. You may ask: “Why do I need a pentest lab?” If you aspire to be a pentester, or want to improve your skills, in-house pentest labs are one of the best way to practice!
Besides that, we prepared nine other articles that will focus on mixed content. You can read some of the more technical articles of this issue, which are about Pentesting Mainframes, Gathering information with Maltego, or Hacking WPA2-PSK with Kali Linux, where authors will show you everything step by step. In this issue we also present you two articles where authors explain concepts of Finite State Machine Diagrams that are used to model and verify web apps logic, and GATE - an interception-proof authentication and encryption system and method. You will also read articles about Matching Wits with DevOps, meaning building the benefits of continuous application security by combining bug bounty and external dynamic scanning programs. Bruce Williams will also tell you about his story of 3 questions that might help in pentesting. Last, but not least, you will be introduced to threat modeling cycle, and you will be shown why organizations should consider implementation of ERP systems.
Enjoy your reading,
Table of contents
Building a Cyber Range for Penetration Testing
by Kevin Cardwell
In this article, I will discuss the need for a penetration range, and we will present a diagram for a range that will allow you to prepare for most of the different types of penetration testing engagements you may encounter.
The Hacking Lab
by Junior Carreiro
The Hacking Lab is my favorite website for training and learn hacking skills. There are many challenges that can help to practice hacking. The Hacking Lab has many types of labs that you can choose, from Hacking-Lab for Beginners, a lab for those who are just starting learning hacking, to CTF challenges. On The Hacking Lab, the training courses are called Events and try to do something similar to a competition, where you receive points for each solution that you send to the team.
Building In House Pen Testing Lab
In today’s fast growing world of information systems and networks, it becomes very difficult for people to find their training grounds who aspire to be pen testers. No doubt, today we have multiple websites which host such fields but are rarely updated. The best way in my opinion is to set up your own lab and practice. The biggest question is what are the requirements and how to set it up?
by Sparc Flow
Mainframes are often associated with everything that is technologically old and obsolete. Sadly, like most stereotypes, this assertion is simply not true. Mainframes rule the world! This is not an overstatement but simply a fact. Every ATM withdrawal, wire transfer, flight booking, insurance claim issued by billions of people around the world are ultimately handled by these so-called legacy systems. Mainframes provide unique stability and performance that cannot be matched by other technologies. Core business applications relied on them for years, and will continue to do so for the foreseeable future. They are not going anywhere, so might as well learn how to pentest them properly in an engagement instead of discarding their IP range from the audit plan.
The purpose of this article is to demystify this technology and share a few tips and tricks on how to approach it in a typical pentest.
Maltego: Intelligent Information
by Washington Almeida
Many powerful tools are available for capturing, mining and processing information from the Internet environment, sometimes referred to as public network, but one in particular draws my attention: Maltego. Why? Maltego is a proprietary multi platform software tool developed by Paterva, used to gather information from public sources and display it in a graphic framework. This is a sophisticated tool that provides a set of transforms that can be done over entities, both infrastructures and people.
In this article, I will work on Maltego for network intelligence gathering and explore some of its functionalities.
Cyber Security Innovation: Bye Bye “Open Seasame”. Hello “GATE”!
by Frank Ni
Introducing a digital security innovation: Graphic Access Tabular Entry [GATE], an interception-proof authentication and encryption system and method. The newly patented GATE system overcomes all of the weaknesses of traditional passwords. Special characters are part of the GATE design. It uses tokens to let users enter user pins from a passcode, each token has several symbols, and some randomly selected user pins are included in these tokens. It is impossible to tell which symbols in the tokens are valid user pins and which are non-user pins, thereby increasing password strength exponentially.
Practical threat Modeling for Ransomware
by Sumit Kumar Soni
Ransomware is a formidable threat to enterprise and end users. It has become a major concern in recent years with hacks becoming bigger and risks becoming greater. We have seen many variants and strains of this threat. In past years, techniques used by ransomware writers have evolved and all sorts of methods have been used by the various ransomware programs to enter into the system, infect the system & data, and propagate into the network.
No doubt that the industry needs specific tools & a specific threat modeling approach to combat this type of attack, otherwise you will squander resources, time, and money on useless controls that fail to focus on the real threats.
Matching Wits with DevOps
Building the Benefits of Continuous Application Security by Combining Bug Bounty and External Dynamic Scanning Programs
by David Kosorok
By design, DevOps uses a continuous delivery model to deploy product features to customers on a daily, or continuous, basis. While this model is unrivaled for delivering features, it is potentially flawed by its very nature of simultaneously deploying application security vulnerabilities. Generally speaking, existing controls within application security are not currently being used at the same level of frequency as the continuous deployment model of DevOps, so issues may sit out in product for longer periods of time due to the less efficient methods of testing and, additionally, not keeping up with deployment changes with security testing still in a periodic model.
by Bruce Williams
"The Three Questions" is a short story by Russian author Leo Tolstoy first published in 1885 as part of the collection What Men Live By, and Other Tales. The story takes the form of a parable, and it concerns a king who wants to find the answers to what he considers the three most important questions in life.
I started using three questions in strategy forty years ago. I started to write a book using the above parable for strategy which may one day exist. It is a good parable worth a read.
Hacking WPA2-PSK with Kali Linux
by Uche Akaijuba
A wireless network is a network that uses radio waves to connect computers and other like devices together. The implementation is done at the physical layer (Layer1) of the OSI model. WPA2 (Wi-Fi Protected Access) It is a wireless security protocol that makes use of AES encryption and CCMP, a TKIP replacement. It is stronger than the other wireless security protocols (WEP, WPA). We are going to take a step-by-step look at how you can break WPA2 using Kali Linux.
Modeling and Verifying Web Application Logic Using Finite State Machine Diagrams
by Ken Krauss
In this article, I will present the reader with information about mathematical models of web application logic and functionality, as well as describe how these models can be used to develop and test web applications. Mathematical models, or formal models, are not often used today in software development outside of a few specialized areas, such as compilers, embedded/real-time systems, or other systems involving the physical safety of humans. Much literature regarding software security today either omits the use of formal methods entirely or implies that formal methods are not for development of information systems software. This is a shame, as formal models can help developers design and build higher quality software in the same amount of time, with less wasted developer efforts.
Consider ERP Security before Cybersecurity
by John Guven
It is a well-known fact that many organizations concentrate their efforts in Cybersecurity, looking for solutions on how to eliminate attacks or defend their organizations against them. I believe that as far as business risks are concerned, you can reduce the effects of such possible attacks by taking measures prior to or during the implementation of your ERP systems, or by considering the actions listed below if you already have a system running.