|pentest-pawning with powershell.pdf|
Dear PenTest Readers,
We would like to proudly present to you the newest issue of PenTest. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We are really counting on your feedback here!
In this issue we’ll dig deeper into PowerShell and more advanced topics. But before that we will show you required information for clients acquiring or thinking about doing a pentest with PowerShell, basing on 6 steps and small examples. We also have an article about most useful commands of PowerShell, explaining new features like Active Directory.
Moving forward to tutorials you will read on how to pawn with PowerShell, establish server using Empire, and find possible uses of Nishang framework. You will read detailed article explaining how does really antivirus software work, and how to secure nginx server using fail2ban on Centos-7. All the articles are written step-by-step and easy to follow.
We have also prepared short section about career in cybersecurity. We spoke with talent acquisitions and asked them about soft and hard skills, cybersecurity certifications, biggest mistakes in CV’s, and more.
Second part of the magazine has a more mixed content. You will read how to dissect malwares using Sandboxing technique, or hack Excel with malicious macro. We have also prepared an article showing all the useful features of Sparta tool. At the end of the magazine you can read about cyber tension going on since last months in south Asian countries.
Enjoy your reading,
Table of contents:
Pentesting with PowerShell in six steps
by Petter Anderson Lopes
The purpose of this article is to provide an overview of the application of penetration testing using Powershell. As such, the presentation is not overly technical in scope, but covers instead what penetration testing is, what benefits stakeholders in a secure system receive from a test, and how Powershell can used to conduce some steps of penetration testing. The presentation goes into an example procedure for penetration testing, explain some steps Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks and Reporting. These represent the steps that attackers use in common attacks. Finally, this presentation also briefly discusses some techniques involving non-conventional devices such as Smartphone bootable and the dangers of an unprepared team.
Pawning with PowerShell
by Kaisar Reagan
We will discuss some exploitation techniques using Powershell along with a simulated HID device to extract data, inject command and execute. This opens the gate of opportunity to use it not only as post exploitation but also it can be embedded with another tool as a pure exploiting tool.
How to secure Nginx server using fail2ban on Centos-7
by Bhadreshsinh Gohil
In this tutorial, you’ll learn how to install Nginx and Fail2ban in Cent OS7. Fail2ban provides a great deal of flexibility to construct policies which will suit your specific security needs. You can look at some variables and patterns within the /etc/fail2ban/jail.local file, and the files it depends on within the /etc/fail2ban/
filter.d and /etc/fail2ban/action.d directories to a make more secure environment for your website. By using Fail2ban, you can stop security attacks on your web server and prevent it in an automated manner.
PowerShell Pentesting with Nishang
by Mauricio Harley
Nishang is a framework created by the Indian security expert Nikhil Mittal. It is an interesting tool since it unites a handful of scripts and modules that can be easily coupled with any PowerShell code. Additionally, you can use it to execute various tasks such as network scanning and enumeration, credentials discovery, WLAN passwords obtaining, remote execution and many others. For the sake of this article, I’ll focus on showing some of the possible uses of this framework.
The Power of PowerShell with Empire
by Prashant Mahajan
In this article, we’re looking at the scenario of establishing a Command and Control server (using an open-source Python platform called “Empire”) that also builds PowerShell script payloads, allowing you to control a target computer remotely. These steps are easy to follow for a beginner, but make no mistake, the attacks you can carry out using Empire are very advanced. Once you see it in action, we recommend spending time inspecting the collection of PowerShell scripts yourself, to see how they work.
How does anti-virus software work
by Fernando Dominguez
The architecture of a software anti-virus software product depends on the architecture designed by its developers. However, we can observe some common patterns among different anti-virus softwares. In this article you will see couple of techniques to evade anti-virus software. Every technique reviewed in this article is among the well-known techniques on the public domain, and they are more than enough to bypass current anti-virus software.
Powershell: Enumeration, compliance or post-explotation
by Pablo Viera M.
Today’s organizations have to face the big challenge of securing its assets and those from their partners and clients. Many of them are aligned to best practices and implements several internal controls within their information systems. But some Power-full tools may be still out there by the hand of the pentester, even when all “seems” to be blocked.
Career in cybersecurity from talent acquisition perspective
Interviews with Marcus Stefanide and Benedict Burns
Hacking Excel With Malicious Macro
by Fabrício Salomão
In the current scenario of global attacks and vulnerabilities, infections through macro are the most distinctive. These infections are conducted through .xls attachments (e.g. Excel spreadsheets) that allow attackers to exploration techniques from this attack vector, such as remote access to the victim's computer. Companies end up being in big trouble, in specific departments such as human resources, finances, or any curious employee who can become an easy victim of a social engineer.
Dissecting Malwares using Sandboxing technique
by S. Sibi Chakkaravarthy and V. Vaidehi
Malware is a major threat to all networks and systems. Most of the cyber attacks launched were due to malware. Hence it is mandatory to identify malware. Identifying malware in a real environment is a tedious task and traditional security systems using signature based approach fails in detecting advanced malware. Malware analysis is a unique approach to detect, study and determining the functional behavior of malware. In this article, we are going to explore malware analysis for malware detection and investigation using open source sandbox called "Cuckoo".
Introduction to Sparta tool
by Jose Ramos
Most of us think of an over-powered warrior, yelling abruptly, as he kicks a man into a pit when they hear the word Sparta. Aside from being a great scene in an action movie titled 300, we remember the phrase “This is Sparta” because of the sheer force and determination portrayed by the actor. When it comes to the tool Sparta, it does not fall short of its name. Sparta is a Python GUI tool created by Antonio Quina that can be used in network penetration testing. Unlike many of the one trick pony pentesting tools we have learned to love, Sparta embodies a number of tools to both enumerate and exploit systems within a simple to use graphical interface. If I don't have your attention by now, allow me to add that the tool is packaged natively in the Kali Linux distribution. So let's sit back and dive right into this powerful tool that will not only save you time but hopefully become one of your go-to tools in your pentesting arsenal.
Architecture for Securing Data from Exploitation and Cyber Attack
by Steven R. Russo
The threat of cyber-attack, underscored by the recent amount of mass-data breaches in most all sectors, is now so great that US institutions are rushing to buy insurance coverage against the expense of losing sensitive customer information. Cyber insurance has graduated from a faraway thought to somewhat of a necessity; however, obtaining insurance is not the answer. The current need is for new ways to secure data at rest and data in motion from cyber-attack, mass data loss, and internal as well as external criminal exploitations. While penetration testing enhances the level of comfort to some IT professionals, it is by no means a solution, only a method to identify potential holes in a firm’s cyber armor.
Cyber Tension in South Asian Countries
by Vatsal Jain and Jatin Sethi
The tension between India and Pakistan across the Line of Control (LoC) has crossed the geographical boundaries and is now reflecting in cyber space. After the recent terrorist attack in India and the military actions between these two countries in September 2016, all other countries around the globe were worried about the critical situation. But most of us were not expecting that this would be reflected in cyber space.