Hackin9 article: Windows Phone 8 apps pentesting essentials

The latest hackin9 magazine features an article I wrote providing an introduction on the Windows Phone 8 operating system security features and how to conduct penetration tests of Windows Phone 8 applications.

Untitled

 

Hakin9_EXTRA_02_2013 Wouter Veugelen article

English version of Mimikatz: Mimikatz-en.exe

An English translation of the Mimikatz tool was released Thom Hastings.  The published downloads do however not include the compiled executable files, and should be compiled manually with Visual Studio 2010.  I have compiled Mimikatz-en.exe and made available for download here (password www.voipsec.eu).

A summary of Windows password dumping tools available including download links:

  • Cachedump: Cachedump obtains NTLM credentials from the Windows Credentials Cache
  • Pwdump: Extracts password hashes from local SAM and Active Directory. Relies on DLL injection into LSASS.
  • Fgdump: Similar to pwdump, extracts password hashes from local SAM and Active Directoryalso disables AV and dumps last last 10 logon details from registry.
  • Meterpreter ‘run hashdump’: extracts password hashes from the registry.
  • WCE: Extracts usernames and password hashes from memory.
  • Gsecdump: Obtains password hashes from local SAM and Active Directory
  • Meterpreter ‘hashdump’: Extracts password hashes from memory.
  • Mimikatz: Amongst other features, mimicatz extracts usernames and cleartext password hashes from memory. Note that the official Mimikatz release is in French.  An English translation was released Thom Hastings here.  My compiled mimikatz-en.exe can be downloaded here (password www.voipsec.eu).

mimikatz-en-Win32_pwd_protected

 

Windows Phone 8 Device Security and Ethical Hacking

Last week I gave a presentation at SANS Secure Canberra 2013 about Windows Phone 8:

Microsoft released its latest operating system for mobile devices, Windows Phone 8, late 2012 and organisations start deploying more mobile apps for the latest Microsoft platform. Consequently, security professionals need to understand how this platform and its applications are secured and how they can be assessed for security vulnerabilities.

In this presentation an overview will be provided of the security features of the operating system as well as instructions on how to configure a test environment to assess applications for security vulnerabilities and an initial analysis of potential future jailbreaking methods.

Contact me if you would like to obtain a copy of the presentation at first name.lastname@gmail.com

Wouter Veugelen

Kali Linux – BackTrack Linux’s successor

Offensive Security release a new distribution for penetration testers earlier this week.  Kali Linux is now based on Debian kernel and includes fully revised OS with new tools and file structure.

 

http://www.kali.org/downloads/

Qubes OS

Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. Qubes Release 1 has been released in September 2012. Qubes Release 2 is currently in the works, and Beta 1 has already been released.

http://qubes-os.org/

SANS Network Penetration Testing and Ethical Hacking (SEC560) – August 2012 @ Sydney

In August 2012 I will be facilitating another SANS SEC 560 Network Penetration Testing and Ethical Hacking course.

In the SEC560 course, we address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them. Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

Registering for the course can be done via the following URL: http://www.sans.org/mentor/class/sec560-sydney-aug-2012-veugelen

10% Discount

I arranged a 10% discount for my blog readers.  Contact me to obtain the discount code.

Ernst & Young’s 2011 Global Information Security Survey

Ernst & Young released its annual Global Information Security Survey.

Download PDF report

 Ernst & Young information security services

Top Mac OS X annoyances and how to fix them

6 months, I made the switch to a macbook pro laptop, and I have to admit, I really love it.  The machine runs smoothly, the graphics look great, the multi-desktop environment is fantastic, and it run’s virtual machines very smoothly. Having said that, out of the box, Mac OS X is lacking several things in my opinion.  This post highlights some of those, and some solutions with how I fixed it.

#1 – TotalFinder: the file explorer with all the features Mac OS X Finder is missing

 The Finder application is Mac’s alternative for windows explorer.  Some core features it is missing: – Finder does not support keyboard shortcuts for cut-copy-paste – Finder doesn’t support tabbed browsing For less than $20, TotalFinder fixes all headaches you might have in relation to all file browsing related activities.

#2 – NTFS harddrives are only accessible in read-only mode

Imagine wanting to exchange files with a usb key between your mac system and a windows system.  Or writing files to your external harddrive that you share with your windows system. You got it, it won’t work out of the box.Interestingly, Mac OS X DOES support it, but it is disabled by default!

  • SL-NTGS: This software will enable the Mac OS X build-in capability to read and write to NTFS disks.
  • NTFS-3G is a third party NTFS driver for Mac that does the job as well.

#3 The Maximise button… it’s just not functioning by default!

Not too sure why at Mac they think that a click of the maximise button equals to stretching the window vertically to the maximum windows dimensions, but ignoring the horizontal dimension! To fix this, install the application RightZoom.  Nothing else to be done, it runs hidden in the background.

#4 Switching to applications using Command-tab doesn’t work for minimised applications

In Windows you can switch between all application windows with alt-tab.  In Mac, the alt-tab equivalent is command-tab. For some reason Apple decided to not allow users to switch to applications that are minimised using this way: you can see the application in the command-tab menu, but when you highlight it and release your key combination to switch to this application, Mac OS blindly ignores you. 2 workarounds:

  • Once you have highlighted the application you want to switch to, release the Tab key and next hold down the Option key BEFORE you let go of the Command key. This will cause the top-most window of the new application to “unminimize” if it was previously minimized. I know, doesn’t really make much sense to have you go through so much effort to switch to an application hey?
  • You can also press command+tab and before releasing the command key press the up or down button key. This will allow you to choose between the different minimized windows.
  • ‘Slide with your 4 fingers upwards’  mouse gesture will show all application windows of your current workspace.
  • You can install an alternative application such as Witch

#5 Tab key is not working on dialog boxes

I’m used to press the enter or escape key on dialog boxes. On Mac it’s not possible to control the buttons on dialogboxes with the keyboard by default.  To change this:

  • Open system preferences
  • Go to Mouse and Keyboard Settings
  • Go to Keyboard Shortcuts
  • select the option at the bottom to allow “All Controls”.

#6 – Apps don’t close when you press the close button

Same as on the iphone, on Mac OS X a click on the close button won’t shot down your application.

  • Press the command-Q key combination to close the application
  • Install RedQuits, an application that runs in the background. When clicking the close button your application WILL close now.

#7 – fn, control, option, command: is it really required to have 4 options keys?

With so many option keys, how difficult is it to remember a key combination. To take a print screen, was it alt-shift-3, or option-shift-3, or control-shift-3? Oh no, it was command-shift-3.  I tried to live with it, but if you want, you can change the keyboard key mappngs via:

  • System preferences – keyboard – keyboard shortcuts

#8 – Return key renames a file instead of opening the file

On Mac you have to use the shortcut command-O to open a file.  If you want to change the mapping of the Return key to open files, install http://www.returnopen.com/.

List potentially to be continued.

OpenDLP: Open Source Data Loss Prevention

OpenDLP is a free and open source, agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows, UNIX, MySQL, or MSSQL credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems, UNIX systems, MySQL databases, or MSSQL databases from a centralized web application. OpenDLP has two components:

  • A web application to manage Windows agents and Windows/UNIX/database agentless scanners
  • A Microsoft Windows agent used to perform accelerated scans of up to thousands of systems simultaneously

http://code.google.com/p/opendlp/

http://blog.rootshell.be/2010/04/30/keep-an-eye-on-your-data-using-opendlp/

Ironbee: Open Source Web Application Firewall

Qualys has announced the development of IronBee, a new open source project to build a universal web application firewall sensor in the cloud through collective efforts of the community.

Official website: https://www.ironbee.com/

Download: https://github.com/ironbee/ironbee/

  

SANS Network Penetration Testing and Ethical Hacking (SEC560) – November 2011 @ Sydney

Starting November 2011 I will be hosting and teaching the SANS SEC 560 Network Penetration Testing and Ethical Hacking course at the Ernst & Young Sydney facilities. Beware that this is the only time this SANS course will be taught in Sydney in 2011! SANS will be coming to Sydney in November with a range a different courses, however the SEC560 class is not one of them.

In the SEC560 course, we address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.

Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

Registering for the course can be done via the following URL: http://www.sans.org/mentor/details.php?nid=24964

10% Discount

I arranged a 10% discount for my blog readers.  Use the discount code Mentor10 when registering for the course!

 

Information Security Forum (ISF) Standard of Good Practice for Information Security 2011

Information Security Forum (ISF) released the 2011 version of Standard of Good Practices for Information Security .

The 2011 Standard represents a major advance from the previous version, and is the most business-focused, practical and comprehensive guide available for identifying and managing information security risks in your organisation. This edition features significant enhancements to existing content, including 35 new topics – such as information security strategy, cloud computing, consumer devices, virtual servers, digital rights management and data storage.

The 2011 Standard is now also closely aligned to commonly-adopted information security-related standards, including ISO, COBIT, NIST, PCI DSS and ITIL. Not only does this help you comply with the world’s recognised information security standards more efficiently, it also supplements these standards with real-world, business-focused guidance that helps you meet the challenge of ever-changing information security risks.

 

ISF Standard of Good Practice for Information Security download (ISF members only)

 

WordPress 2-factor authentication via Google Authenticator

With Google recently releasing Google Authenticator, allowing multi-factor authentication for your Google account, I was interested to see this 2-factor authentication mechanism being implemented for third parties.  Today I found a WordPress plugin, that allows you to increase authentication requirements for your blog’s user accounts via Google Authenticator:

http://wordpress.org/extend/plugins/google-authenticator/

ClubHack magazine (CHmag)

CHmag is a free Indian hacking magazine. Download the latest issue from their website:

http://chmag.in/

Prey: Open source anti-theft solution for laptops & phones

Prey is software that can be used to track your laptop. The software has capabilities of sending out GPS location, webcam images, active user information, wifi network information, active applications, active user information, running applications of your missing device

http://preyproject.com/