Dear PenTest Readers,
As it's now kind of a tradition, at the beginning of each year we publish an edition dedicated to building your home pentest labs. Let’s say it straight - the ideas for extending your own toolset never end, as the fresh, relevant, yet-to-be-discovered elements of your own laboratories can only enrich your craft! Also, as we’re still in the midst of the pandemic, equipping yourself with new pentesting toys for home usage is even more important.
To start with, Mauricio Harley brings in another excellent contribution to the table. In his article, the author presents you with excellent options on how to build your low-cost home pentesting lab.
Bruno Rodrigues presents the creation process of Advance Malware Laboratory for Microsoft Defender from Endpoint. A must-read for everyone, particularly for Python fans!
We never forget about the wider perspective of pentesting, so the article about great tools for cloud environment pentesting with your home lab is also in the issue. Harpreet Singh brilliantly explains the usage of 5 open-source tools for cloud ethical hacking.
Next, we have two really cool write-ups for PowerShell enthusiasts! Nairuz Abulhul shows how to create a malicious CHM file with PS using the Nishang framework, and Filipi Pires keeps up with delivering his superb case studies. This month, you will read two of his interesting reports. The first one is about infection with PowerShell using a VBS file, while the second one deals with Zusy malware using MSI.
Dan Browne, who publishes his first article with us, discusses the automation of pentesting in a creative, story-telling form. Your home lab will be boosted with automating performance, so make sure you don’t miss this article.
Perhaps you like interviews with cybersecurity professionals, who share their unique perspective on the industry, education, and challenges? You will find it here as well! Klaudia Krawiecka, a doctoral candidate at the University of Oxford, shares her thoughts on the infosecurity landscape with multiple interesting points.
For those who are into cryptography, there is a brilliant write-up by Sanjay Phanshikar, Jyotisman Chakrabarty, and Ashiq Khader, on using encryption techniques to ensure secure communication between the network endpoints, even when the server’s private key has been compromised.
Last but not least, once you equip yourself with all these great tools and knowledge presented in this month’s edition, it’s a good idea to think about CTFs! Jarret Parent shares his impressions on one of the previous editions of BSides Ottawa Capture the Flag event, to inspire you with some competitive spirit for the future.
Without further ado,
Let’s dive into the reading!
PenTest Magazine's Editorial Team
Table of Contents
Low-cost Pentest Lab in 2021
by Mauricio Harley
Creating your own pentest lab is one of the first steps you should think about when starting in this marvelous professional area. Frequently updating it is mandatory to keep up with the ever-changing offensive security landscape. In this article, I will present some suggestions for setting up a low-cost pentest lab.
Malware Advance Lab
by Bruno Rodrigues
What we are going to approach on this article is creating an Advance Malware Laboratory from Microsoft Defender for Endpoint (MDE). Although not free, you can always benefit from the 30-day free trial and if you really enjoy it maybe subscribe to its license. We also going to incorporate some Python code that will take advantage of all the great capabilities the API provides.
Adding a Pinch of Cloud to Your Lab
by Harpreet Singh
In this article we will discuss five tools that you can add to your lab in order to get started with cloud security assessments. All five tools are open source and easy to install and use.
Weaponize .chm files with PowerShell - Nishang
by Nairuz Abulhul
In this tutorial, we will learn how to create malicious CHM files with PowerShell; we will use the Nishang framework. The Nishang framework is a collection of PowerShell scripts and payloads that can be used during pentesting and red teaming engagements.
Exploitation with Shell Reverse and Infection with PowerShell using VBS File
by Filipi Pires
The first objective is to simulate targeted attacks using a Python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by Signatures, NGAV and Machine Learning. Running this script, the idea is to use the reverse shell technique to gain access to the victim's machine. After executing this attack, the second objective consists in performing the PowerShell Script to run this script, to download a VBS Malicious file on the victim's machine and execute itself, calling this malware provided through Malwares Bazaar by API request.
How to Automate Some Parts of Pentesting to Stretch Your Pentesting Resources
by Dan Browne
Many web development shops use web browser automation for functional testing. Something like Selenium or similar is a decent choice for this, since it can be automated with a variety of different and well known scripting languages like Python or Ruby. Not only do software development testers use these scripting languages for testing, but they are also commonly known and used by pentesters. Including me. So, I was off to a flying start. Essentially, what we would be doing here is creating some “functional security tests” using the same tools as the functional testers so that ultimately the testers would own the scripts.
“I Think That Cybersecurity Courses Should Become the Core Curriculum Within the Computer Science Field”
An Interview with Klaudia Krawiecka
One of the biggest advantages of a Ph.D. is that you can work on projects that interest you and such projects can be very diverse. Last year, I was building tools for users to take part in our user study remotely. Normally, such experiments are carried out in our lab but it was not possible during the pandemic. Thanks to this, I had the opportunity to build client applications (Android mobile applications for experiment participants) and server scripts that communicated with each other using the MQTT protocol to somewhat simulate the communication between different nodes in smart environments.
Zusy Malware using MSI [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Filipi Pires
Regarding the test performed, the first objective was to simulate targeted attacks using known malware to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, downloading these artifacts directly on the victim's machine manually from daily batches provided by MalwareBazaar. The second objective consisted of analyzing the detection of those same malware (or those not detected yet) when the directories were changed; the idea here is to work with manipulation of samples (without execution).
Private Key Compromised! I Should Have Handled It Better…
by Sanjay V. Phanshikar, Ashiq Khader, and Jyotisman Chakrabarty
Encryption, in itself, is a vast topic. It is not the scope of this article. This article focuses on mechanisms, using encryption techniques to ensure secure communication between the network end points, even in the case of a server’s private key [long-lived key] being compromised.
BSides Ottawa Provides CTF at its Finest
by Jarret Parent
In tune with the BSides Ottawa canon, the CTF is open to all skill-levels, and provides challenges easy enough to be solved by the beginners of the group, and some that are so tough that only the most hardcore CTF-ers could prevail. As a result, a diverse gathering of competitors from various backgrounds, with various skillsets and cybersecurity knowledge came out to play the CTF at BSides Ottawa - known as “Hack Area 52”. True to the Jeopardy-style of CTF competition, there was a list of nearly 100 challenges posted, much like a Jeopardy game board, for competitors - usually in teams - to work through. The answer to each challenge leads to a progressively harder challenge, leading up to the ultimate challenge - hacking a Siemens programmable logic controller (PLC) in order to send a delivery train tumbling off a cliff (toy train, that is).