Penetration Testing With BackTrack Version 3

Penetration Testing with BackTrack

A note from the authors

Thank you for opting to take the “Offensive Security - PWB” extended lab training. PWB is not your usual IT security course. We hope to challenge you, give you a hard time and make you think independently during the training. We will often throw you into the deep end with short exercises and
challenges. You won't be served fish, you'll be taught to catch them.

My personal opinion of the IT security arena is that it should be formally separated into two distinct fields - “Defensive Security” and “Offensive Security”. This idea came to me when a good friend and Microsoft Networking mentor of mine came to visit me during a course. We started talking about the (latest at the time) ZOTOB worm (MS05-039) and I asked him if he had lately seen any instances of it.

He answered that he saw an infection in one location, where it was overcome quickly. He then said: “That ZOTOB was annoying though; it kept rebooting the servers until we managed to get rid of it.” It was then that a massive beam of light shined from the heavens and struck me with full force. More about this enlightenment later.

I took my friend aside and proceeded to boot a vulnerable class computer and told him: “Watch this, I'm going to use the same exploit as Zotob uses when it spreads”. I browsed to the milw0rm site, and downloaded the first (at the time) exploit on the list, and saved it to disk. I opened a command prompt, compiled the exploit using the cl command line Visual Studio compiler and ran the exploit.

The output looked similar to “ms05-039.exe <victim IP>”. I punched in the IP address of the vulnerable computer with one finger, and pressed enter. I was immediately presented with command shell belonging to the victim machine. I typed in ipconfig and then whoami. I gave him just enough time to see the output, and then typed “exit”. Exiting the shell caused svchost.exe to crash, and a reboot window popped up, just like the ones he saw.

I could slowly see the realization seep in. His face lost color and he slowly sat down on the nearest chair. He looked at me with horrified eyes, and somehow manage to gasp “how” and “why” at the same time. He then quickly exited the room and made some urgent phone calls. I was later honored to have this friend sit in one of my courses, which unfortunately left him paranoid as hell.

Now, back to my enlightenment. I realized that this master of Windows Active Directory and Multiple Domain PKI Infrastructure guru did not have the same narrow “security” knowledge as a 12 year old script monkey. He was not aware of the outcomes of such an attack and did not know that the “reboot” syndrome he observed was an “unfortunate” byproduct of SYSTEM access to the machine.

This made me realize that there is a huge gap between the “Defensive” and “Offensive” security fields. A gap so big that a 12 year old (who probably doesn't know what TCP/IP stands for) could outsmart a well-seasoned security expert.

Hopefully, if this separation between the “Defensive” and “Offensive” fields is clear enough, network administrators and (defensive) security experts will start to realize that they are aware of only one half of the equation, and that there's a completely alien force they need to deal with. To truly be able to defend your assets, you must first understand the attacks and the attackers.

This course attempts to partially fill in this gap and present the Penetration Testing and Ethical Hacking field to the student. Basic attack vectors are presented and the penetration testing cycle is introduced. The course focuses on understanding and then implementing the “why” and “how” respectively. Please be aware that this course will not teach you how to be an ethical hacker, or a penetration tester. This is achieved after many months and years of study and experience. This course merely introduces the basic tools and techniques which are used in common attack vectors. Perhaps most importantly, this course introduces the frame of mind required to become a true security professional.

<Zen>The nature of this course and related topics is disruptive. Labs might behave oddly, things might not always work as expected. Be ready to manipulate and adapt as needed, as this is the way of the pen tester </Zen>.

Saying this, we've taken all measures possible for the labs to be easily understood and in many cases recreated by the student, using both the course movies and the written lab guide. If a certain topic is new or alien to you try sticking to the guide, and things should be OK. Once you feel comfortable with the topic, you can try experimenting with lab variables.

We have active forums and an IRC channel where you can interact with other students – these resources will be very valuable to you during the course. I've added several “Extra Mile” mini challenges to part of the exercises for those wanting to particularly advance in the field of penetration testing, and are willing to put in the extra time and effort. These challenges are not necessary, but recommended.

I really hope you enjoy the course, at least as much as I did making it, and that you gain new insights
and a deeper understanding into what the security arena looks like from an attacker's perspective.

Download PWB version 3:

https://mega.co.nz/#!t1oHQbLI!zCvPwIBiCh0fak5gjilI39TtG7s9Qiyz48XnsjLc4v0

Read more »

Penetration Testing with Kali Linux Version 1

 

Kali Linux is a free security auditing operating system and toolkit that incorporates more than 300 penetration testing and security auditing, delivering an all-­‐‑in-­‐‑one solution that enables IT Administrators and security professionals to test the effectiveness of risk mitigation strategies.

Kali Linux offers a smoother, easier penetration testing experience, making it more accessible to IT generalists as well as security specialists and its adherence to Debian Development standards provide a more familiar environment for IT Administrators. The result is a more robust solution that can be updated more easily. Users can also customize the operating system to tailor it to their needs and preferences.

All the programs packaged with the operating system have been evaluated for suitability and effectiveness. They include Metasploit for network penetration testing, Nmap for port and vulnerability scanning, Wireshark for monitoring network traffic, and Aircrack-­‐‑Ng for testing the security of wireless networks.

Kali Linux can run on a wide variety of hardware, is compatible with numerous wireless and USB devices, and also has support for ARM devices.

 

Download PWK version 1: 

https://mega.co.nz/#!h5IVQbyb!QOe8zaHaewT5AoxUPpeLVnosAdEGXLnJA4QnEUqWVx0

Pass: myblog (http://auditor-it.blogspot.com)

Read more »

Software Assurance Maturity Model

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

◊ Evaluating an organization’s existing
software security practices

◊ Building a balanced software security program
in well-defined iterations

◊ Demonstrating concrete improvements
to a security assurance program

◊ Defining and measuring security-related activities
within an organization

 

SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.

As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use.

OWASP.org is a valuable resource for any company involved with online payment card transactions. Dell uses OWASP’s Software Assurance Maturity Model (OpenSAMM) to help focus our resources and determine which components of our secure application development program to prioritize. Participation in OWASP’s local chapter meetings and conferences around the globe helps us build stronger networks with our colleagues.

Michael J. Craigue, Information Security & Compliance, Dell, Inc.

SAMM has defined the building blocks for effective software security assurance… Our clients can use the model to see what needs to be done and what skills and resources are needed to do the job. Best of all, businesses can use SAMM to quantify results and improvements by assessing practices against SAMM activities.

Matt Bartoldus, Co-Founder & Director, Gotham Digital Science

These days people understand that security has to be built in–it can’t be bolted on.  But for many a big question remains: what does it take to build secure software?  SAMM tackles that question head on with a framework for creating and growing a software security initiative.  SAMM has focused the way I think about the human side of the software security problem.

Brian Chess, Founder & Chief Scientist, Fortify Software

The perfect starting place, finally a methodology to help us bring it all together… Where do i get it!

Anonymous, national university

A great document that can be implemented over a period of time, to help address the risks we have with our software.

Download:

https://mega.co.nz/#!FoZiAaKJ!8ssHnj7d6bZx2C6lFxIJZStJdQxqNl0FDsG_wks2pHU

https://mega.co.nz/#!d8ADCJ7a!QmtUB-J_cTBoBdIv7i4eSGQ-jYiMjnH4g9jMv1Bt3gU

https://mega.co.nz/#!405A1CSB!BVB0NQ8-gvD3IxKVlgBGiW47LoA7HLfZbOIKPM8bvjQ

https://mega.co.nz/#!VkBlwDLb!nXmCr4RExYZdSihUeKmcs-wk023-45mpq2TXBfSgVCs

https://mega.co.nz/#!8kBQ1CjD!0OA0k_W8ok9XDFEjLAJ15H1PwPEG7f2bhdm5kmbz2FU

https://mega.co.nz/#!NtgVDJQQ!ivUyDRr0W3VOMLoX0ySOh8Se7M0ENvb2q1_EEi6jxB4

Read more »

TOGAF Version 9

TOGAF® is the de facto global standard for Enterprise Architecture. The Open Group Architecture Forum, comprised of more than 200 enterprises, develops and maintains the TOGAF standard and publishes successive versions at regular intervals. See Downloading TOGAF 9.

The TOGAF framework enables organizations to effectively address critical business needs by:

• Ensuring that everyone speaks the same language
• Avoiding lock-in to proprietary solutions by standardizing on open methods for Enterprise Architecture
• Saving time and money, and utilize resources more effectively
• Achieving demonstrable ROI

About TOGAF®

 

TOGAF®, an Open Group Standard, is a proven enterprise architecture methodology and framework used by the world's leading organizations to improve business efficiency. It is the most prominent and reliable enterprise architecture standard, ensuring consistent standards, methods, and communication among enterprise architecture professionals. Enterprise architecture professionals fluent in TOGAF standards enjoy greater industry credibility, job effectiveness, and career opportunities. TOGAF helps practitioners avoid being locked into proprietary methods, utilize resources more efficiently and effectively, and realize a greater return on investment. 

First published in 1995, TOGAF was based on the US Department of Defense Technical Architecture Framework for Information Management (TAFIM). From this sound foundation, The Open Group Architecture Forum has developed successive versions of TOGAF at regular intervals and published them on The Open Group public web site. 

Details of the Forum, and its plans for evolving TOGAF in the current year, are given on the Architecture Forum web site.

Download TOGAF Version 9:

https://mega.co.nz/#!ZlJFhB4B!kfn5r9kJ6-_AX4hHZYbRmCFpsMuO5dJ0kVf5uVfwUaA

Template TOGAF Version 9:

https://mega.co.nz/#!UhRjjK4L!NNf2QJJNzEwdZA0g2TXSVTKkJuM04QFVQvplU5a1CrU 

Materi Training:
https://mega.co.nz/#!ox4lmLDI!rSCr4Cjj8it9TomeNGeSE-p7jhX1-tjAi2HSzYW6_Bw

Certification Documents:
https://mega.co.nz/#!1hQlERhZ!uVy-Yvr6t7iF9OF5UCMgos3UQ9N8aHpD727r5AerPGc

Read more »

NIST 800-53 (INFORMATION SECURITY)

The selection and implementation of appropriate security controls for an information system4 or a system-of-systems5 are important tasks that can have major implications on the operations6 and assets of an organization7 as well as the welfare of individuals and the Nation. Security controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information. There are several important questions that should be answered by organizational officials when addressing the security considerations for their information systems:
• What security controls are needed to adequately mitigate the risk incurred by the use of information and information systems in the execution of organizational missions and business functions?
• Have the selected security controls been implemented or is there a realistic plan for their implementation?
• What is the desired or required level of assurance (i.e., grounds for confidence) that the selected security controls, as implemented, are effective8 in their application?

Download NIST 800-53:

https://mega.co.nz/#!cpAnDDJY!0BmTJ7qbCWkEgQX_RXDkUeaPZs9GXD2IQKRd06lPEso

Read more »

Download Kali Linux Social Engineering

This book contains instructions on how to perpetrate attacks with Kali Linux. These tasks are likely to be illegal in your jurisdiction in many circumstances, or at least count as a terms of service violation or professional misconduct. The instructions are provided so that you can test your system against threats, understand the nature of those threats, and protect your own systems from similar attacks.

The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each activity.

Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer's phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID. This book discusses the different scenario-based social engineering attacks, both manual and computerized, that might render the organization's security ineffective.

This book is for security professionals who want to ensure the security of their organization against social engineering attacks. TrustedSec has come up with the wonderful tool Social-Engineering Toolkit (SET) with the vision of helping security auditors perform penetration testing against social engineering attacks. This book sheds light on how attackers get in to the most secured networks just by sending an e-mail or making a call.

Download Kali Linux Social Engineering

Read more »

Kali Linux : Assuring Security by Penetration Testing

Kali Linux is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying an appropriate testing methodology equipped with well-defined business objectives and a scheduled test plan will result in the robust penetration testing of your network.

Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book that provides guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real world attack scenarios from your business perspective in today's digital age.

This book reveals the industry's best approach for logical and systematic penetration testing process. This book starts with lab preparation and testing procedures, explaining the basic installation and configuration setup, discussing different types of penetration testing, uncovering open security testing methodologies, and proposing the Kali Linux specific testing process. We shall discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. We have also provided extra weaponry treasures and key
resources that may be crucial to any professional penetration testers.

This book will serve as a single professional, practical, and expert guide to develop necessary penetration testing skills from scratch. You will be trained to make the best use of Kali Linux either in a real-world environment or in an experimental test bed.

Download Kali Linux E-Book

Read more »