Description

Dear PenTest Readers,

In the new edition of our magazine, you will find the top-notch selection of quality write-ups on various offensive security tools, tips, tricks, and techniques. Whether you're into AWS security, WiFi pentesting, Python for Windows API, or AI and Machine Learning, you will definitely find your own treat in this edition. You will also read about fascinating technique of discovering vulnerabilities and attack vectors in HTTP/2 protocol. For the Web3 enthusiasts, our contributors brought to the table an interesting write-up on level_up - an open-source project on Web3 security. We also remind one of our older articles about fuzz testing in Automotive environments, and last but not least, you will find articles on OpenVAS and integrating AI into audio files in offensive security workflows.

Without further ado,
Let's dive in the reading.

PenTest Magazine's Editorial team.

---

Table of Contents

---

How to Integrate Artificial Intelligence on Audio Files into Offensive Security Workflows

by José Pablo Hernández

Today's OSINT and software systems offer a significant advantage in offensive security by providing access to relevant public information, identifying threats and malicious actors, performing efficient intelligence gathering and analysis, integrating artificial intelligence techniques, and supporting informed and anticipatory decision making. With the continued advancement of artificial intelligence and NLP, the use of voice files and audio tracks in OSINT is expected to continue to grow, thanks to improvements in automatic transcription and sentiment analysis. These improvements enable faster and more accurate processing of this type of content, further extending real-time information detection and understanding capabilities.

---

Good, Bad and the Ugly of HTTP/2

by Pranali Phadtare, Soummya Kulkarni, Shruthi Shunmugom M

Any new technology will have its surface open to the cyber world. Even though HTTP/2 improved the performance of the website, the protocol implementation flaws and misconfigurations have exposed the website using HTTP/2 to greater security risks. Applications that were secure earlier have now become insecure in a few aspects. A whole new set of vulnerabilities also arise when the HTTP/2 protocol is not implemented end-to-end and with downgrading. Throughout this article, we tried to showcase a few of the security vulnerabilities associated with HTTP/2 protocol. It is very much essential for any organization to ensure that they are aware of these security loopholes and take prompt action in preventing bigger cyber-attacks. Below are a few of the mitigation techniques we would recommend for the ones who would like to secure their websites on HTTP/2.

---

Approach of Detecting Dependency Confusion Attacks using Artificial Intelligence and Machine Learning

by Gaurav Bhatia, Vansh Chanchlani, Tanisha Gupta, Dhruv Jain

Dependency confusion is a critical vulnerability that can be exploited by attackers to compromise software supply chains. Machine learning algorithms can be used to detect this type of attack by analyzing software dependencies and package metadata. The use of machine learning algorithms to detect dependency confusion is an important tool for companies looking to secure their software supply chains and protect their assets. By staying vigilant and proactive in their security efforts, companies can mitigate the risk of dependency confusion and minimize the potential impact of any attacks that do occur.

---

Navigating AWS Cloud Security: Insights from a Red Team Manager

by Or Nuriani

The methodologies for pen-testing AWS diverge considerably from traditional security infrastructure due to the unique characteristics of the AWS ecosystem. The fundamental differences stem from the ownership of the systems – Amazon owns the core infrastructure. Therefore, traditional 'ethical hacking' methodologies could violate the AWS acceptable use policies and possibly trigger incident response procedures by the AWS security team.

---

Zues7v2 - Cloud-Based Hash Cracker

by Max Ahartz

This project started as a fun automation project, combining learning how to automate in a zero-trust cloud environment with a topic of interest like "hash cracking". Once you setup an AWS Web Services account and S3 bucket, you upload your password list, you populate your account settings in Zues7, then your Cloud-Cracker will be ready to work automatically.  It will create an ec2 instance with Ubuntu 22.04, 16GB ram, 200GB SSD, and an Nvidia Tesla T4 GPU w/16GB.  Zues7 will load hashcat and Cuda drivers, upload the hash file, transfer the password list from the S3 bucket, crack the hash(es) or exhaust the wordlist, download the result to your machine, and terminate the instance.

---

Unlocking the Power: Python for Windows API

by Sachin Wagh

If you are eager to explore the possibilities of interacting with the Windows API using Python, then you are in the right place. This article may be your gateway to unlocking the potential of invoking Windows API functions using Python. According to official Python documentation, ctypes is a foreign function library for Python. It provides C-compatible data types and is helpful for calling functions that are present in DLLs (Dynamic-link library) or shared libraries. In short, a foreign function library provides the ability for a developer using a program written in one programming language to invoke functions written in another programming language. This Fundamental data types table contains Python data types and their associated ctypes types.

---

Detecting “Undetectable” Vulnerabilities When Fuzz Testing Advanced Automotive Systems

by Dr. Dennis Kengo Oka

As one of the initial steps in a penetration test, automated fuzz testing can be used to efficiently and effectively find potential issues that can be further analyzed to identify vulnerabilities. For example, an application may crash due to a certain fuzzed message. An attacker may be able to analyze the issue and specifically craft a malicious message that would not crash the application but instead exploit the vulnerability, which could allow the attacker access to the target system or potentially execute arbitrary code. It is important to note that some issues on the target system may not be detectable over the fuzzed protocol. Therefore, it is imperative to apply additional approaches for monitoring the target system such as agent instrumentation to detect previously undetectable vulnerabilities when fuzz testing advanced automotive systems.

---

Learning about Web3 security with level_up!

by Pablo Gonzalez Perez and Fran Ramirez

The level_up! project is an open-source initiative aimed at teaching about security in Web3. It provides a platform featuring a system of challenges, categorized by difficulty level, where various Web3 concepts are presented, and points are earned upon successfully overcoming these challenges. The goal is learning. Users register on the platform and can deploy multiple SmartContracts. Each challenge might comprise one or more SmartContracts. How does one overcome a challenge? As we do in any CTF, by achieving a flag. A flag is a hash that must be obtained to validate against the platform and earn the flags. In new versions of level_up! you can earn NFTs as you accrue different amounts of points. With an NFT, you can verify your level of knowledge within the platform. It could be said that level_up! operates on a web2.5 system. This means it incorporates elements of both web2 and web3. The visual aspect of level_up! is straightforward and intuitive, quickly showcasing the platform's capabilities.

---

WiFi Deauthers vs Signal Jammers

by Eliot Eggers

You might have seen several WiFi jamming devices on Chinese sites such as Aliexpress, Wish, or Alibaba.  However, Signal Jammers are very different from WiFi deauthers, since the first one creates a lot of signal interference in the RF spectrum while the other one basically injects forged frames to disconnect the WiFi clients from the WiFi router or access Point.

---

GREENBONE OPENVAS, THE OPEN SOURCE TOOL THAT CLOSES VULNERABILITIES

by Andrea Cavallini

OpenVAS is a powerful open source tool (fast and reliable automated scanner) that works as other paid tools. It is easy to manage and to update and it can be customizable on the NASL scripts side: this last feature allows users to increase its strength putting in place scenarios directly related to the user field. The WEB interface is friendly and simple; this helps users new to vulnerability management to start this process safely, provides scans that are very accurate, and the reports can be used such as those generated by enterprise tools because they are well produced and very detailed.