Dear PenTest Readers,
Our team prepared something special for you - this time we’ve decided to tackle multiple topics in one issue. We believe that every pentester will find something useful here.
In other words, our authors provided you with a wide range of content, including articles focusing on various topics related to Android pentesting, C2, intelligence-led penetration testing and even an article for those interested in forensics!
When deciding on the content of this edition, our team chose to take a break from issues focusing on one aspect only of penetration testing - after all, every cybersecurity professional needs to (or wants to!) hone a variety of skills, oftentimes outside their main scope of interest.
Without further ado,
Enjoy the content!
PenTest Magazine’s Editorial Team
Table of Contents
Exploiting Insecure Deeplinks
by Gaurav Ahire
The Auto-Verify feature starting from Android SDK 23, should skip asking you and directly deeplink into your app. If you don’t see this prompt, even with the setup as above, you probably fall into this Android Bug issue. If you register many domain hosts in your deeplink, then your app will get lots of redirected visits. The user will be prompted to decide if they wish to deeplink these URLs into your app.
ETW vs Sysmon Against C2 Servers
by Damon Mohammedbeger
I made some C# codes/tools, which are Open-source in GitHub, and in this article, I want to talk about them one by one and my experience about them for detection against some techniques also against some C2 server. In this article, I do not want to talk about ETW C# Codes or C# programming but I will show you some pictures of research and some test results, so if you’re a Blue-Teamer, you can see how these codes worked for detection and if you are a pentester or a Red-Teamer, you can see, as a pentester you can always make something hopefully useful for the other side, in this case, the Blue-Team side, which is kind of Purple Teaming.
Posh C2 Introduction
by Andrea Cavallini
Cybersecurity attacks aim to exploit vulnerabilities to create unpredictable actions. An attack or, in the worst case, an intrusion has the goal to command and control the vulnerable and attacked system. Command and Control, or C&C or C2, is the post-exploitation model implemented by a set of tools used to create persistent access on a compromised system.
Intelligence-Led Offensive Security - a Powerful Combination [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Eva Prokofiev
An effective risk-based security program cannot ensure safety against truly new threats, but a good threat intelligence program involving a manual, automated and threat-led offensive approach can help a business get a leg up on the competition in this area. In light of these observations, it should be clear that threat intelligence is a powerful tool for assessing cyber risk (both current and predictive). The data it collects can also be used to guide a variety of proactive and preventative safety measures.
Introduction to Internal Penetration Tests
by Dimitris Pallis
On-site visits would require your own dedicated space and access to the client's network through wired ethernet or wireless connection. After that, you would only have to confirm you are assigned with an IP address and you're ready to go. Other measures could be required such as whitelisting your computer's MAC address, but those details should be handled during the scoping process and you'll know beforehand; if you don't, just ask the project manager who will confirm with the client. Most of the time, the client agrees to a remote internal assessment. This could be achieved by providing them with a virtual machine, which the client spins up on their internal network and provides you with the IP address. This machine could include a local Nessus installation and other tools such as Responder and Crackmapexec. Finally, one could use the X2Go client tool to connect to that virtual machine through SSH.
SSL Pinning Bypass for Android Applications
by Nikhil Karpe
In this article, we will see how to bypass SSL pinning of Android applications using the Frida framework. SSL pinning works by keeping information within the application to identify the server and it is used to prevent man-in-the-middle attacks. Applications with pinned SSL certificates rely on stored certificates rather than relying on certificate authority stores licenses.
Defeating AES in Android
by Farman Ullah Marwat
Insecure Local Authentication in Android
by Gaurav Popalghat
The Frida instrumentation toolkit is designed for developers, reverse engineers, and researchers interested in security. Using Frida, any class can be dynamically manipulated by attaching it to a mobile application process and performing PIN brute force, jailbreak detection bypass, and fingerprint/biometric authentication bypass. A Vulnerable Biometric application is used in this article to bypass biometric authentication.
CryCryptor: an Android Ransomware
by Sarthak Thakur
When a user falls victim to CryCryptor, the ransomware encrypts files on the device (all common file types), but instead of locking the device, it encrypts a "readme" file, containing the attacker's email, in each directory along with the encrypted files.
Autopsy as Forensic Tool
by Andrea Cavallini
Useful analysis performed by Autopsy can provide action results of attacks realized by malware (such as ransomware) or common Red Team attackers that use C2 techniques in order to set a backdoor on a compromised system. Attacks performed with positive results can open a breach in the information process or in the entire infrastructure and only powerful tools can provide to the Blue Team all the necessary data to analyse the attack perimeter and the compromised area. Autopsy can give more than an idea of the attack, providing an analysis based on modular drivers (ingest modules), expandable with a custom plugin in order to set your own perimeter milestone in order to create, expand and execute remediation plan after forensic analysis.