The Security Zealot

Career Advise For Penetration Tester/White Hat Hacker

Security Zealot — Sat, 20 Sep 2008 12:13:38 +0000

Last week, a common question was posted on the seclist.org website where Chip Panarchy ask which tools and certifications would be beneficial in learning to help to become a “white hat hacker/pen tester”. (Which a great in itself to see the interest of this field continue to grow.) This post received several great replies that ranges from a very specific tool listings to check out the Top 100 Network Security Tools Listing. Each post gave a valuable amount resources that not only helped Mr. Panarchy, but also other Penetration Testers alike.

The most interesting (and could be argued the most valuable) post was by a member named J. Oquendo, who did not follow the suit of list any tools at all, instead raised some very significant points of value in regards to becoming distinguished Penetration Tester.

I have highlighted some of the most valid points and added some commentary below:

Take the time to learn the protocols, how things work, learn how intercommunications work before attempting to just download every tool you can find.

In the “hacker” world, this is what differentiates a “5(R1P7 |<1DD13″ from the “L337″ or “UB3R” H4X0R5.

Understand how processes communicate with each other, how and why things happen. Its easier down
the road to understand what is going on in terms of security. One doesn’t need uber tools if one knows what they’re doing from the protocol level on up.

It has been in my experience that this is one the most crucial items, without understanding how each device communicates can you fully understand how the exploit works? Could you advise a remediation act?

Suggestion: Learn networking, learn systems, learn protocols otherwise you end up devaluing the works Understanding the entire range of the what you are doing is better in the long run, think about it, if I hired you to perform a pentest on my network and you couldn’t explain to me what it is you intend on looking for, how it works in my network, what functions my vulnerabilities perform, why I should remove these functions, I’d sit back in my desk and think the script kiddiot in you.

This comment can be looked at in two ways, first if you are hired for a pen test, your understanding of the technology is a direct representation of yourself. Secondly, what if you are the first penetration tester that a company has hired, and you have not taken the time to learn the essentials. The image that you represent is not only the your reputation, but it can represent the entire field of penetration testers.

Too many (quote) professional pentesters have been taking this attitude: “I use Cenzic!@$” that it makes me wonder where this industry is headed. It also makes me think about how many vulnerabilities unclued pentesters can bring into an environment.

Lastly, there is not one school or certification that can be taken that will turn you into a penetration tester/white hat hacker within a week and a test. They can only be used a stepping stones toward a long and laborious journey.

In closing… Becoming a distinguished Penetration Tester/White Hat Hacker is laborious journey and hours and hours of learning and sacrifice, that is both challenging and rewarding. This is the reason why some of the biggest and brightest minds are among the Penetration Testing/White Hat Hacker “Society”.

Matthew S. Becker

Multiple Uses for WinPcap

Security Zealot — Thu, 28 Aug 2008 12:32:44 +0000

In a search to find an automated tool that will build network topologies from saved packet capture, I ran across this web site that is a partial list of the many uses of the neighborhood friendly WinPcap.

I am still on my search for a way to automate a topology build from a packet capture (Windows or Linux). If you have any ideas, please post your comments.

Matthew “The Security Zealot” Becker

Linkedin Will Allow Group Discussion Forums

Security Zealot — Wed, 27 Aug 2008 00:46:21 +0000

To revisit an post that I posted called A Need for More Features in LinkedIn Groups which I sent an e-mail to Linkedin asking to allow for the groups to send questions to one another, it has just been announced that it has finally happened.

Dear Matthew,

First, thank you for managing your group on LinkedIn. We sincerely appreciate the time and effort you devote to your members, and we know they value it. Together you have made Groups one of the top features on LinkedIn.

This Friday, we will be adding several much-requested features to your group:

Discussion forums: Simple discussion spaces for you and your members. (You can turn discussions off in your management control panel if you like.)
Enhanced roster: Searchable list of group members.
Digest emails: Daily or weekly digests of new discussion topics which your members may choose to receive. (We will be turning digests on for all current group members soon, and prompting them to set to their own preference.)
Group home page: A private space for your members on LinkedIn.

We’re confident that these new features will spur communication, promote collaboration, and make your group more valuable to you and your members. We hope you can come by LinkedIn on Friday morning to check out the new functionality and get a group discussion going by posting a welcome message.

Sincerely,
The LinkedIn Groups Team

Great Job.

Matthew “The Security Zealot” Becker

Ultimate Penetration Testing Lab Kit (UPTLK)

Security Zealot — Sun, 17 Aug 2008 05:04:00 +0000

In an attempt to build Ultimate Penetration Testing Lab Kit (UPTLK), I have started a list of tools, Live CD, Penetration Testing Labs and websites. After looking at it I decided that this maybe a good list for a penetration testing at any level. I am sure that I have not covered every item or I may have missed something; if you see something I missed please add to by commenting.

Penetration Testing Labs and Websites

De-Ice Penetration Testing Lab Kits

Dynagen - Front-end for Dynamics Cisco Router Emulator

RootThisBox

CyberArmy

Hackquest

Nmap Scan Testing site

Penetration Testing Live CD/USBs

BackTrack3 - BackTrack is the most Top rated linux live distribution focused on penetration testing.

Open Web Application Security Project (OWASP) CD - The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security.

Samurai Web Testing Framework - Live linux environment that has been pre-configured to function as a web pen-testing environment

Password Administration CD/USB

Ophcrack - Windows Password Cracker based on Rainbow Tables

Gonzor - Hak5

Nordahl - Windows NT/2K/XP/Vista Password Recovery

Trinity Rescue Kit (TRK)

Special Thanks to Larry Pesce @ PaulDotCom.com for the USB Hacker Keychain idea. Works Great!!

General Tools

Emergency Boot CD - System Recovery for Windows

Cain and Abel

Shmoo Group’ Rainbow Tables - Rainbow Tables for Cain and Abel

TrueCrypt 6.0

Darik’s Nuke and Burn (DBAN) - Self-contained boot disk that securely wipes the hard drive

PhotoRec - File Data Recovery Software designed to recover lost files including video, documents and archives from Hard Drives and CD Rom and lost pictures

iKat Kiosk Web Tools

Insecure.org - Top 100 Network Security Tools

Penetration Testing Training

Penetration Testing Ninjitsu” with Ed Skoudis of SANS

Penetration Testing Ninjitsu Part II: Crouching Netcat, Hidden Vulnerabilities with Ed Skoudis of SANS

Pen Testing Ninjitsu III with Ed Skoudis: After the Initial Compromise

Matthew “The Security Zealot” Becker

Sexy Hacking?

Security Zealot — Fri, 15 Aug 2008 01:23:13 +0000

Odd as it may sound but a company Edgeos has put every geeks (well a large percentage) together Nmap and womanly curves. Check it out the “Damsels Causing Distress” here.

Credit Card Loss or Theft Recommendations

Security Zealot — Wed, 30 Jul 2008 12:34:51 +0000

Lucky… (Knock on Wood) I have not had to take this advice; however I recently read a fairly detailed blog entry on credit protect in case of a lost wallet or theft.

The blog entry details the alert periods of the three credit reporting agencies as well as the hurdles that Mr. and Mrs. “NCN” had to go through to place a fraud alert on the lost wallet.

GMail has finally added a https option

Security Zealot — Tue, 29 Jul 2008 11:45:52 +0000

There is a new security feature in the setting options of Gmail, an “Always Use https” feature. Not that https is new or that you could use GMail without HTTPS, but no longer will it have to be manually have to type “https://gmail.com”.

To change your settings go to Settings > General > Browser Connection > Always use https .

Even though this is a slow step in the right direction, it still raises some questions? Why isn’t https default? Also, when will https be available the other services that are provide by Google (e.g. iGoogle)? It seems that even if you manual type “https://www.iGoogle.com” it is redirect to http.

As a user of Google, I hope that this is only the beginning of the security features that Google is planning in the NEAR future.

Matthew “The Security Zealot” Becker

Next HOPE!!! The Two Year Countdown Begins

Security Zealot — Wed, 23 Jul 2008 12:18:41 +0000

A glimpse a hope for the HOPE conference; it has been announced the “Last HOPE” will not truly be the LAST HOPE Conference.

During the closing comments of the “Last HOPE” Emmanuel Goldstein stated the following:

“Despite calling the event this weekend “Last HOPE,” it won’t be the final one; just the most recent one,”

“There will be another one in two years. It will be called “Next HOPE”

So mark your calendars now… and I hope to see you there.

Matthew “Security Zealot” Becker

BackTrack 3 Final Released with Some Cool New Features

Security Zealot — Fri, 20 Jun 2008 12:30:00 +0000

Yesterday during the PaulDotCom.com Web Cast, the developers of the world renown BackTrack announced the release of the Final Release of Version 3.

According to Mut’s Blog, some of the new features of BT3 include:

Saint
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack

Other features include:

PwnSauce Instant John the Ripper Cluster feature (USB version)
Updated Metasploit Exploit framework and dependencies

To get your copy: http://www.remote-exploit.org/backtrack_download.html

Maybe Max and Mut should try to make their own version of Guiness Book of World Records for downloads for a security tool?

Matthew “Security Zealot” Becker

Help Set a Guinness World Record With FireFox 3

Security Zealot — Wed, 18 Jun 2008 12:25:46 +0000

Only a few hours left to set the record.

“Download Day is here!”

All you have to do to help us set the record for the most software downloaded in 24 hours is get Firefox 3 now – it’s that easy.

Please download Firefox 3 by 11:16 a.m. PDT (18:16 UTC) on June 18, 2008.

As of this post 6,293,454 Download have occurred. To increase the number download Firefox 3.

Matthew “Security Zealot” Becker