|preview frameworks 05 2017.pdf
We would like to present you our newest issue. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We are really counting on your feedback here!
In this issue we will dive deeper into pentesting frameworks. First part of the issue will focus on 4 tools: Docker, Faraday, NMap and Armitage. You will learn how those frameworks help us synthesize the work and more.
Second part of the magazine has a mixed content. First you will read an interview with Mike Fey, President and COO of Symantec. He will tell us about building a successful business strategy, what working features are the most precious, and how to build your career path. Moreover you will learn about XML external entities: what are they and how they are used to attack systems. We will demonstrate a buffer overflow attack on the Minishare 1.4.1 application. Bruce Williams prepared 2 articles for you. First is a theory about duelling loops, and second one will show you how to apply the OODA theory to a practical testbed. You will also read about Application Hardening, and how to find the right Security Approach for every App, and Security Development Lifecycle. Last but not least you will be introduced to Intuitive Password Proposition: Post-biometrics Identity Authentication.
We would also want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! every comment means a lot to us.
Again special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would not be a PenTest Magazine.
Enjoy your reading,
Bulletproof Your Docker: Penetration Testing Lab
by Chiheb Chebbi
Docker is an amazing technology that came up with endless possibilities. Figuring out how to use Docker is simple and using it as a Penetration Testing environment is a great opportunity to build a portable, convenient and a fast lab. Hardening these Docker containers in production is a plus because Docker is quite secure but it could be better if we can add an extra layer of safety to defend against threats like DoS, data theft and kernel exploitation.
Using Faraday Framework
by Julio César Pérez Barbosa
Within our world of pentesting frameworks, we have a wide range of software. Among that range we have OSSIM from AlienVault. Security analysis automation of a network is important to save time, however, in many cases, it does not leave us much space for creativity because the parameters are already defined, but in our busy work we do not have much time being careful in our network, it is there where the frameworks help us synthesize the work.
Client-side attack with Armitage: a collaborative Pentest tool
by Washington Almeida
In this article, I present the Armitage tool, a sophisticated script-based framework designed for collaborative pentest exercises, although it can also be used by a single pentester, as shown in this article. I invite the Pentest Magazine reader to start this preparation process with me where we will be working with Armitage in a client-side attack against my own environment designed for that purpose.
NMAP - Much more than a port scan
by Junior Carreiro
When it comes to pentest, almost always cited are the phases of a pentest and scan of ports, which often is done with Nmap. The phase scan is usually stage 2, but can also be used by sysadmins for an analysis of your internal network. Our article seeks to meet these two fronts, so to talk about the target, it can be internal or external network. Our article search gives a scope to that phase 2, which is the port scan, discovery of hosts, O.S., services, among other things. We show that the Nmap can be, and is, much more than a simple port scan.
Interview with Mike Fey, President and COO of Symantec
Hunting XML External Entity (XXE) Injection Vulnerability
by Sachin Wagh
XXE attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. It’s usually caused by a misconfigured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. This article explains what XML external entities are and how they are used to attack systems.
Buffer Overflow Attacks
by Pranav Jagtap
Buffer is a storage place in memory where data can be stored. It’s mostly bound in conditional statements to check the value given by the user and enter it in to the buffer and if the value entered by the user is more than the actual size of the buffer, then it should not accept it and should throw an error. But what usually happens is the buffer fails to recognize its actual size and continues to accept the input from the user beyond its limit and that result in overflow, which causes the application to behave improperly and this would lead to overflow attacks.
Duelling Loops. For your eyes only.
by Bruce Williams
This is the first of two articles; this is the theory and the second is the practical. For many years, I wanted to test a concept regarding cybersecurity. This concept is duelling loops. It uses a strategy which emerged from the aerial dogfights in the Korean war. A pilot named John Boyd developed a way of beating the enemy. He developed the OODA Loop: Observe, Orient, Decide and Act. It is the D that needs improving. Quick decisions are needed. A famous defence pen test succeeded as systems admins failed to act. Boyd taught this strategy.
Quantum of solace
by Bruce Williams
This article is the second article about how to apply the OODA theory to a practical testbed. It shows the real life situation of attack and defence for training security students. The testbed is a pen tester’s training ground.
Application Hardening: How to find the right Security Approach for every App
by Markus Unger-Schlegel
Within the last years, cyber-attacks on mobile applications have increased and become more sophisticated. That is not at all surprising since the rapidly increasing demand for mobile apps and the pressure to release them as fast and profitable as possible have led to neglecting security issues and releasing new applications despite vulnerabilities and security flaws. Furthermore, there is no shortage of readily available hacker tools and techniques for compromising both iOS and Android applications alike.
Security Development Lifecycle
by Claudiano Silva
The secure development lifecycle is important for your organization to protect information critical to the business and to your customers and business partners. When implemented well, it ensures greater reliability and reduced costs, and many security problems are identified before tests are performed by the responsible team.
Intuitive Password Proposition Post-biometrics Identity Authentication
by Hitoshi Kokumai
Security of the real/cyber-fused society hinges on the trusted Identity Assurance, which hinges on the reliable Shared Secrets in cyberspace. Passwords have been the Shared Secrets for many decades. The password has also been a target of resentment. It is so easy to break if easy to recall, while so hard to recall if hard to break. Besieged by an ever increasing number of password-requiring accounts, not a few people are crying that the password should be killed. The password could be killed altogether, however, only where there is a valid alternative.