Professional Security Testers resources warehouse

2008 Data Breach Investigations Report

As seen on SecurityBlog.VerizonBusiness.com

Summary:
The Verizon Business 2008 Data Breach Investigations Report contains first-hand information on actual security breaches rather than on network activity, attack signatures, vulnerabilities, public disclosures and media interpretation... At considerable investment in time and resources, Verizon Business began an initiative in 2007 to identify a comprehensive set of metrics to record during each data compromise investigation. As a result of this effort, we pursued a post-mortem examination of over 500 security breach and data compromise engagements between 2004 and 2007 which provided us with the vast amount of factual evidence used to compile this study. This data covers 230 million compromised records. Amongst these are roughly one-quarter of all publicly disclosed data breaches in both 2006 and 2007, including three of the five largest data breaches ever reported.

OWASP AppSec 2008 Conference

You're invited to two days of Seminars and hardcore hands-on training from the world's best application security technology minds at the upcoming OWASP USA, NYC AppSec 2008 Conference that will take place on September 22nd-25th in NYC.

This event will be the largest APPSEC focused conference in the world with capacity for 1000 attendees and speakers and trainers from around the world.

This event will also have a web application capture the flag event a “can you hack it” event with fame and fortune... hmmm.. ok maybe just prizes and cold beer but you'll have fun ;)

BackTrack 3 Final - Release Information

The announcement of the BackTrack 3 Final released was done yesterday exclusively on the pauldotcom.com

Muts, Martin and I have slaved for weeks and months, together with the help of many remote-exploit'ers to bring you this fine release. As usual, this version overshadows the previous ones with extra cool
things.

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego 2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3
for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

Tools
As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability
For the first time we distribute three different version of Backtrack 3
- CD version
- USB version
- VMWare version

BackTrack 3 final download page is here:
http://remote-exploit.org/backtrack_download.html

Final Requests
We request the community to not mirror or torrent this release, or otherwise distribute it online without our knowledge. We are trying to gather statistics about bt3 downloads. If you would like to mirror BT3 then please:

1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.

If you would like to add a link to BackTrack downloads to your
website, please use:

http://www.remote-exploit.org/backtrack_download.html as the download link.

Rants
Problems, fixes, bugs, opinions - should all end up in our Remote Exploit community forums, and our wiki:

http://forums.remote-exploit.org
http://wiki.remote-exploit.org

Over and out,

Max, Muts, MjM

Fresh New Face for Forensics Tool

Open-source Sleuth Kit gets a makeover Computer forensic examiners who've gotten their start using free, open source tools are already familiar with the powerful Sleuth Kit forensic package created by Brian Carrier. I came across it when my interest in incident response naturally progressed into wanting to know more about the attacker's tools and methodologies in cases I was investigating. A lot of IT professionals who get started with forensics see graphical forensic applications like Encase and Forensic Toolkit (FTK), and they get turned off when they see that the Sleuth Kit is a collection of command-line utilities. While there is a Web interface called Autopsy for the Sleuth Kit, it is slow and has a relatively limited feature set. Today, however, open source advocates and forensic examiners with limited budgets can rejoice: there is finally an intuitively designed, feature-rich -- and free -- interface to the Sleuth Kit called PTK developed by DFLabs and IRItaly. The beta version of PTK was released today, along with a Webinar that demonstrated the powerful capabilities of the new interface. Features of PTK include indexing, file analysis, dynamic timelines, file categorization, image gallery, keyword searching, bookmarking, multi-user case management, memory dump analysis, full auditing of all activity, and an attractive AJAX Web interface. These are all features that are present, or only recently added to, expensive commercial forensic packages from Guidance Software (Encase) and AccessData (FTK). PTK definitely has the potential of bringing open source computer forensic tools a bit more into the mainstream because of its ease of use, attractive interface, and the fact that it’s free. Its multi-user feature will be a huge bonus for forensics labs housing multiple forensic investigators. Multiuser functionality only recently became available with Encase Lab Edition, for instance. The beta release is now available at PTK's SourceForge site, so take it for a test drive and see what you think. Keep in mind that it is beta software, so there may be some bugs lurking around. And, as with other forensic tools, there still isn't a "Find Evidence" button to make our lives easier. John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

MoocherHunter� Tool released for Real-Time Geo-Locating of WiFi Hackers/Moochers

Singapore, May 20, 2008 -- ThinkSECURE Pte Ltd (www.securitystartshere.org) today announced the official public release of MoocherHunter™, ThinkSECURE's free-for-end-user-use real-time WiFi moocher/hacker tracking tool.

"We developed MoocherHunter™ with two key purposes in mind: first, to assist law-enforcement officers in hunting down unauthorized WiFi users in real time, and second, to enable any owner of an 802.11-based wireless access point to identify whether an unauthorized person is using their access point and give them that same capability to hunt down those unauthorized users," said Mr. Julian Ho, ThinkSECURE's co-founder.

Completely designed from the ground up with purely in-house code, MoocherHunter™ was first demonstrated to ASEAN, Interpol and S.E.Asian law-enforcement officers during a closed-door, invitation-only workshop hosted by the Singapore Police Force in early 2008.

During developmental field tests in March 2008, a single ThinkSECURE employee armed with MoocherHunter™ and a directional antenna was able to isolate and geographically locate, with an average accuracy of under 2 meters, the physical position of a wireless moocher associated with a test access point across different multi-storied-multi-tenanted residential and office environments within an average of 30 minutes of initial detection.

"With MoocherHunter™, the physical disconnect between the wireless network infrastructure and the wireless moocher or hacker, which has been used by various individuals as a shield to mask illicit activities involving wireless networks such as warez-downloading, illegal-file-sharing, seditious forum postings and so on, is no longer a defence," said Mr. Ho.

"Our approach in designing MoocherHunter™ rectifies the weaknesses inherent in previous attempts to address geo-location of unauthorized wireless users which relied on static-positioned access points or expensive commercial handheld PDA devices with ineffective non-directional antennae. MoocherHunter™ is available as part of our free-to-use OSWA-Assistant™ wireless auditing and penetration-testing toolkit which can be used on a user's existing laptop...and free is always a good value proposition," Mr. Ho added.

MoocherHunter™ is available in the latest release of the OSWA-Assistant™, ThinkSECURE Pte Ltd's free-for-download wireless auditing and penetration-testing liveCD toolkit. The toolkit can be downloaded from http://oswa-assistant.securitystartshere.org .

For more details or if you are are a law-enforcement official or anyone who wants formal training on how to effectively deploy and use MoocherHunter™, please visit http://moocherhunter.securitystartshere.org .

The Academy Security Video Update

Hey everybody, This week we created a bunch of new videos for you. We would like to thank Core Security for contributing a handful of very useful Core Impact training videos as well. Check them out!

Don't forget to join The Academy LinkedIn Group http://www.linkedin.com/e/gis/71823/29A0DF7FB943

New videos are posted to the 'Featured Videos' section of the website.

Find our new videos at: www.theacademy.ca

Content Filtering
Installing Websense Security Suite 6.3 Firewalls
Firewalls
Check Point NGX R65 SecurePlatform Standalone Installation
Network Tools
NetFort LANGuardian Installation VA/Penetration Testing
VA/Penetration Testing
Core Security Introduction to the Dashboard & Workspace
Core Security Information Gathering & Intro to Attack and Penetration
Core Security Advanced Attack and Penetration Part I
Core Security Advanced Attack and Penetration Part II Thank you all for your on-going support and recommendations.
The Academy
www.theacademy.ca

This update has been brought to you by Check Point Software Technologies & OSSEC.

The Academy.ca has new videos available

Hey everybody,

This week has been really busy both from a personal and business perspective. We spent a ton of time at SANS Toronto 2008 participating in panel discussions and giving SANS@Night talks.

Video production suffered due to our hectic schedules, but we still managed to get three videos uploaded for you.

We added a new category for SIM products as well.

We want to thank Q1 Labs and SecurityNexus for becoming the latest sponsors of The Academy and as always, don't forget to join The Academy LinkedIn Group at:

http://www.linkedin.com/e/gis/71823/29A0DF7FB943

New videos are posted to the 'Featured Videos' section of the website.

Find our new videos at: www.theacademy.ca
Firewalls
Configuring a Site-to-Site VPN Tunnel with Cisco PIX

Security Information Management (SIM) NEW CATEGORY!!!
Exporting Windows Event Logs Using the Adaptive Log Exporter

VA/Penetration Testing
Creating Favorites with Shavlik NetChk Protect

Thank you all for your on-going support and recommendations.

Peter Giannoulis
The Academy
www.theacademy.ca

This update has been brought to you by Check Point Software Technologies & OSSEC.

Hack In The Box (HITB) Malaysia -- Call for papers

Hello from Malaysia!

The Call for Papers (CFP) for the 6th Hack In The Box Security Conference in Malaysia (27th - 30th October 2008) is now open.

We've got some really cool stuff lined up this year including an open-hack competition for charity, a third track in the conference (hitb-labs), 4 keynote speakers + 30 international experts, the usual team based capture the flag competition, a new wireless (bluetooth, rfid, 802.11) village and lock picking village!

Summaries not exceeding 1250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the programme.

Submissions are due no later than 30th of June 2008

TOPICS

Topics of interest include, but are not limited to the following:

# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# Analysis of network and security vulnerabilities
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# File system security

PLEASE NOTE:

We do not accept product or vendor related pitches. If your talk involves an advertisement for a new product or service your company is offering, please do not submit.

Your submission should include:

# Name, title, address, email and phone/contact number
# Short biography, qualification, occupation, achievement and
affiliations (limit 250 words).
# Summary or abstract for your presentation (limit 1250 words)
# Technical requirements (video, internet, wireless, audio, etc.)

Each non-resident speaker will receive accommodation for 2 nights/3 days. For each non-resident speaker, HITB will cover travel expenses up to USD 1,000.00.

HITBSecConf2008 - Malaysia - Sponsorship Options

For an opportunity to position your company as a major supporter of this event, we have several sponsorship packages which offers an extensive variety of direct and exclusive mechanisms for pre-event exposure and
direct business generation during the event. If you are interested in further details regarding sponsorship of HITBSecConf2008 - Malaysia, please contact us.

===

On a related note, the keynote presentation videos from HITBSecConf2008 - Dubai is also now available for download from here:

Day 1 Keynote: http://materials.hitbsecconf.org/hitbsecconf2008dubai/videos/Keynote-1.mov
Day 2 Keynote: http://materials.hitbsecconf.org/hitbsecconf2008dubai/videos/Keynote-2.mov

See you guys in October!

The HITB Team.

Pangolin Sql Injection tool version 1.2.5.604 has been released

Hi, all: I’m glad to tell you that Pangolin, the wonderful Sql injection tool, has been updated to version 1.2.5.604. You can download it from here: http://www.nosec.org/web/pangolin
Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations: * MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser... * MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc. And supports: * HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management
etc. What's the differents to the others? * Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points? So, whatever, just check it out, and then enjoy your feeling ;)

Illegal Credit Card Skimming Device

As seen on Redbox.com
A tester has to remember that logical access is NOT always the easiest way to gather credit card numbers.

SUMMARY
Skimming involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. These devices are used to illegally read or store personal credit card information.

This article provides pictures of approved credit card readers and of skimmer devices. This is the first time I have seen a company take an active stance in educating their customers regarding this threat.

For the full article:
http://www.redbox.com/creditcardsecurity/