Follow:

Latest articles in ‘Pentest’

  1. 'Pentest' topic logo

    macof.py is now available

    Published: Wed 25 October 2017 in Projects.

    macof.py is a MAC address table overflow utility.

    The traditional tool for MAC table overflow attacks is macof from the dsniff project. However I was not satisfied with this tool.

    In particular:

    • macof has no rate limit mechanism, it sends the packets as fast as the local CPU and the network adapter can support it.

      This leaves no room for a proper interception of users data.

    • Half of the packets generated by macof violates the Ethernet protocol by having the multicast bit set on the sender’s MAC address.

      As a result, these packets are considered corrupted and silently dropped by the first encountered switch.

      In other words, half of the packets generated by macof are generated for nothing.

    • macof constantly uses random MAC addresses for generated packets, meaning that a given source MAC address is rarely used more than once.

      This means that switches’ MAC table aging system …

    Continue
  2. ceh picture

    EC-Council CEH certification review

    Published: Wed 04 October 2017 in Opinions.
    Updated: Fri 06 October 2017 (Added a note about Metasploit)
    Facts, advices and personal impressions on the EC-Council CEH certification.

    The five Ws

    • What: The EC-Council Certified Ethical Hacker (CEH) is a technical certification on penetration testing.

      While being oriented toward technical people, the certification itself goes lightly on the practical side but insists instead on having a broad general culture. This certification covers definitions, concepts, tools, as well as a strong focus on ethic.

      This certification never go really deep in any subject, but instead attempts to cover the widest possible range of topics related to pentesting. Example of covered topics include cryptography, regulation and compliance, operating systems (client, server and mobile systems are all covered), networking (including wireless networking), procedures, code review, physical security, social engineering and, last but not least, ethic.

    • When: This certification has no prerequisite (a two years experience in IT security allows to avoid the training requirement, but subscribing to an approved training removes any experience prerequisite).

      It is suitable for anyone interested …

    Continue
  3. mainframe picture

    Introduction to z/OS and IBM mainframes world and security

    Published: Sun 01 October 2017 in Library.
    They run our economy and critical infrastructures all over the world, yet remain mostly unknown.

    Mainframes are often designated as “legacy platforms”. This triggers the mental image of those old 80’s era enormous bulky computers which can be found in any good computers museum and vintage videos, and leaves a mixed feeling about the place of such machines in todays computing world.

    However, nothing could be such wrong:

    1. A lot of the technologies which made today’s computing what it is actually owe to the mainframe world.

      Things like non-executable memory, process isolation, virtualization and symmetric multiprocessing to name just a few are all technologies that were first developed for mainframes environments, and only then ported onto other architectures.

    2. Today’s mainframes hardware has nothing in common with antique computers, they evolved as the rest of the computer world did.

      They are bulky but not as much as one may imagine, the size of a large fridge to give a rough idea. They remains …

    Continue
  4. cover picture

    Professional Penetration Testing (Thomas Wilhelm)

    Published: Sat 19 August 2017 in Library.
    Penetration testing not seen as a technical operation but as a business activity: what changes when a hobby becomes a real job?

    This book does not teach you penetration testing technically, it teaches you penetration testing professionally. Here, the pentest is not a technical exercise anymore, it becomes a paid service delivered to a customer to satisfy a business need. This requires more than throwing a bunch of tools and lines of code toward a target. This requires things like planning, methodology, quality and risks management, and communication. This is what this book is about.

    This book target mainly three kind of audiences:

    • People who are already familiar with the technical side of pentesting and are wondering if making it a career would be interesting for them (doing something as a hobby and as a job is not the same) and, if so, how to proceed and what to expect.

    • Pentesters already in the field but who would-like to have a broader view of their current job.

    • Project managers who are already …

    Continue
  5. 'Video' topic logo

    Why I teach people how to hack (Ýmir Vigfússon)

    Published: Thu 17 August 2017 in Library.
    Why learning to hack is a good thing, explained to the grown-up, serious people :).

    In this short TEDx talk, Ýmir Vigfússon tells us what it means to be a hacker, from the curious teenage who does not really have a “moral compass” (yet!) to the senior professional sharing his knowledge.

    He tells us what leads people in this direction, but above us he tells us how all these people, from the teenage to professional, do all benefit to the society as a whole.

    For those who may not know this text, this video has a strong feeling of the Hacker’s Manifesto, but now explained by a well-respected professional and assistant professor instead of a 11 years old teenager.

    Watch on YouTube

    Continue
  6. 'Virtualization' topic logo

    Where to find virtual machines and ISO files?

    Published: Mon 14 August 2017 in Cookbook.
    Updated: Thu 23 November 2017 (Add atrick for older Microsoft download URLs)
    The best places to find ISO images and ready-made virtual machines to feed your virtual lab.

    Free software

    Virtual machines

    Several websites offer a large selection of freely downloadable virtual machines with pre-configured free software, for instance:

    You can also check the marketplaces maintained by virtualization-related software, such as VMware and GNS3.

    ISO files

    Obviously the main place to get free software ISO files is from the projects website.

    However, FrozenCow maintains a centralized list of direct links to a fair number of Linux and BSD installation ISO files.

    Some projects host all previous versions of their system, but sometimes they are not easy to find. Search in priority on the master repository as these older versions may not be copied onto mirrors. Sometimes they are stored in a separate “archive” area. At last, WinWorld does a great job in collecting old systems installation medias, including discontinued Linux distributions.

    If you are not sure which Linux or BSD system to choose, DistroWatch might …

    Continue
  7. 'Virtualization' topic logo

    How to build a virtual pentest lab

    Published: Fri 11 August 2017 in Cookbook.
    Updated: Sat 19 August 2017
    A guide to choose the best hardware and software to match your needs at the lowest cost and efforts.

    Standalone virtual machines are both a cheaper and more practical solution to test systems as they doesn’t need to dedicate hardware and are easier to handle than physical installation (actions such as cloning, doing a snapshot or a rollback become trivial).

    Network virtualization goes a step further and apply the same system to a whole network, including workstations, servers, and all networking devices such as switches, routers and firewalls. A virtual network can be of any size and topology, and can mimic any real-life situation such as Active Directory domains, remote-access or site-to-site VPNs or test protocols of every network plane.

    Such virtual network can be either fully isolated or have one or several link to physical devices and networks, its all up to you to decide.

    Hardware

    Prerequisites

    The goal of a virtual lab is to be able to quickly setup the environment which will allow you to …

    Continue
  8. 'Gns3' topic logo

    How to run a CAM table overflow attack in GNS3

    Published: Sun 26 June 2016 in Cookbook.
    Updated: Sat 19 August 2017
    Background information on CAM table overflow attacks and concrete steps to reproduce them in a GNS3 lab.

    Knowing where difference with real gears lies

    For performance reasons, a lot of switch things are actually not part of the IOS code but are implemented in hardware. This includes the ARL, or Address Resolution Logic, which provides all the methods to add, remove and lookup entries in the MAC address table.

    Therefore, for the NM-16ESW module to work in GNS3, Dynamips had to reimplement all these normally hardware provided services, or at least push this far enough to allow an unmodified IOS to run on it correctly.

    The sad thing is indeed that this is unfinished work, as stated in this module’s source code header:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    /*
 * Cisco router simulation platform.
 * Copyright (c) 2006 Christophe Fillot (cf@utc.fr)
 *
 * NM-16ESW ethernet switch module (experimental!)
 *
 * It's an attempt of proof of concept, so not optimized at all at this …
    Continue

Popular tags see all

Website

Author

Follow