In August 2012 I will be facilitating another SANS SEC 560 Network Penetration Testing and Ethical Hacking course.

In the SEC560 course, we address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them. Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

Registering for the course can be done via the following URL: http://www.sans.org/mentor/class/sec560-sydney-aug-2012-veugelen

10% Discount

I arranged a 10% discount for my blog readers.  Contact me to obtain the discount code.

Ernst & Young released its annual Global Information Security Survey.

Download PDF report

 Ernst & Young information security services

6 months, I made the switch to a macbook pro laptop, and I have to admit, I really love it.  The machine runs smoothly, the graphics look great, the multi-desktop environment is fantastic, and it run’s virtual machines very smoothly. Having said that, out of the box, Mac OS X is lacking several things in my opinion.  This post highlights some of those, and some solutions with how I fixed it.

#1 – TotalFinder: the file explorer with all the features Mac OS X Finder is missing

 The Finder application is Mac’s alternative for windows explorer.  Some core features it is missing: – Finder does not support keyboard shortcuts for cut-copy-paste – Finder doesn’t support tabbed browsing For less than $20, TotalFinder fixes all headaches you might have in relation to all file browsing related activities.

#2 – NTFS harddrives are only accessible in read-only mode

Imagine wanting to exchange files with a usb key between your mac system and a windows system.  Or writing files to your external harddrive that you share with your windows system. You got it, it won’t work out of the box.Interestingly, Mac OS X DOES support it, but it is disabled by default!

• SL-NTGS: This software will enable the Mac OS X build-in capability to read and write to NTFS disks.
• NTFS-3G is a third party NTFS driver for Mac that does the job as well.

#3 The Maximise button… it’s just not functioning by default!

Not too sure why at Mac they think that a click of the maximise button equals to stretching the window vertically to the maximum windows dimensions, but ignoring the horizontal dimension! To fix this, install the application RightZoom.  Nothing else to be done, it runs hidden in the background.

#4 Switching to applications using Command-tab doesn’t work for minimised applications

In Windows you can switch between all application windows with alt-tab.  In Mac, the alt-tab equivalent is command-tab. For some reason Apple decided to not allow users to switch to applications that are minimised using this way: you can see the application in the command-tab menu, but when you highlight it and release your key combination to switch to this application, Mac OS blindly ignores you. 2 workarounds:

• Once you have highlighted the application you want to switch to, release the Tab key and next hold down the Option key BEFORE you let go of the Command key. This will cause the top-most window of the new application to “unminimize” if it was previously minimized. I know, doesn’t really make much sense to have you go through so much effort to switch to an application hey?
• You can also press command+tab and before releasing the command key press the up or down button key. This will allow you to choose between the different minimized windows.
• ‘Slide with your 4 fingers upwards’  mouse gesture will show all application windows of your current workspace.
• You can install an alternative application such as Witch

#5 Tab key is not working on dialog boxes

I’m used to press the enter or escape key on dialog boxes. On Mac it’s not possible to control the buttons on dialogboxes with the keyboard by default.  To change this:

• Open system preferences
• Go to Mouse and Keyboard Settings
• Go to Keyboard Shortcuts
• select the option at the bottom to allow “All Controls”.

#6 – Apps don’t close when you press the close button

Same as on the iphone, on Mac OS X a click on the close button won’t shot down your application.

• Press the command-Q key combination to close the application
• Install RedQuits, an application that runs in the background. When clicking the close button your application WILL close now.

#7 – fn, control, option, command: is it really required to have 4 options keys?

With so many option keys, how difficult is it to remember a key combination. To take a print screen, was it alt-shift-3, or option-shift-3, or control-shift-3? Oh no, it was command-shift-3.  I tried to live with it, but if you want, you can change the keyboard key mappngs via:

• System preferences – keyboard – keyboard shortcuts

#8 – Return key renames a file instead of opening the file

On Mac you have to use the shortcut command-O to open a file.  If you want to change the mapping of the Return key to open files, install http://www.returnopen.com/.

List potentially to be continued.

OpenDLP is a free and open source, agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows, UNIX, MySQL, or MSSQL credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems, UNIX systems, MySQL databases, or MSSQL databases from a centralized web application. OpenDLP has two components:

• A web application to manage Windows agents and Windows/UNIX/database agentless scanners
• A Microsoft Windows agent used to perform accelerated scans of up to thousands of systems simultaneously

http://code.google.com/p/opendlp/

http://blog.rootshell.be/2010/04/30/keep-an-eye-on-your-data-using-opendlp/

Qualys has announced the development of IronBee, a new open source project to build a universal web application firewall sensor in the cloud through collective efforts of the community.

Official website: https://www.ironbee.com/

Download: https://github.com/ironbee/ironbee/

Starting November 2011 I will be hosting and teaching the SANS SEC 560 Network Penetration Testing and Ethical Hacking course at the Ernst & Young Sydney facilities. Beware that this is the only time this SANS course will be taught in Sydney in 2011! SANS will be coming to Sydney in November with a range a different courses, however the SEC560 class is not one of them.

In the SEC560 course, we address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.

Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

Registering for the course can be done via the following URL: http://www.sans.org/mentor/details.php?nid=24964

10% Discount

I arranged a 10% discount for my blog readers.  Use the discount code Mentor10 when registering for the course!

Information Security Forum (ISF) released the 2011 version of Standard of Good Practices for Information Security .

The 2011 Standard represents a major advance from the previous version, and is the most business-focused, practical and comprehensive guide available for identifying and managing information security risks in your organisation. This edition features significant enhancements to existing content, including 35 new topics – such as information security strategy, cloud computing, consumer devices, virtual servers, digital rights management and data storage.

The 2011 Standard is now also closely aligned to commonly-adopted information security-related standards, including ISO, COBIT, NIST, PCI DSS and ITIL. Not only does this help you comply with the world’s recognised information security standards more efficiently, it also supplements these standards with real-world, business-focused guidance that helps you meet the challenge of ever-changing information security risks.

ISF Standard of Good Practice for Information Security download (ISF members only)

With Google recently releasing Google Authenticator, allowing multi-factor authentication for your Google account, I was interested to see this 2-factor authentication mechanism being implemented for third parties.  Today I found a WordPress plugin, that allows you to increase authentication requirements for your blog’s user accounts via Google Authenticator:

http://wordpress.org/extend/plugins/google-authenticator/

CHmag is a free Indian hacking magazine. Download the latest issue from their website:

http://chmag.in/

Prey is software that can be used to track your laptop. The software has capabilities of sending out GPS location, webcam images, active user information, wifi network information, active applications, active user information, running applications of your missing device

http://preyproject.com/

I will be mentoring the SANS SEC 560 Network Penetration Testing and Ethical Hacking course in Sydney starting the 2nd of June.

I’ve uploaded my presentation recently given at the Girl Geek Sydney event: Countering Cyber Attacks.

The Open Source Security Testing Methodology Manual 3.0 has been publicly released. OSSTMM covers security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics required to define and build the best possible security over Physical, Data Network, Wireless, Telecommunications, and Human channels.

Download

Ernst & Young published its 13th annual Global Information Security Survey results:

Survey summary: Survey respondents recognize the risks associated with current technology trends and are taking the necessary steps to protect their information. However, keeping pace with emerging threats and risks due to a more connected, virtual business environment is a challenge.

Official press release

Ernst & Young GISS 2010 website

Ernst & Young GISS 2010 report download (PDF)

Boxee is a media center software and/or hardware solution that allows you to place music, video’s and online content.

Boxee supports a wide range of multimedia formats and includes features such as playlists, audio visualizations, slideshows, weather forecasts reporting, and an expanding array of third-party plugins. As a media center, Boxee can play most audio and video file formats, as well as display images from many sources, including CD/DVD-ROM drives, USB flash drives, the Internet, and local area network shares.

Through the processing power of modern PC hardware, Boxee is able to decode high-definition video up to 1080p. Boxee is able to use Nvidia’s VDPAU on Linux-based operating-systems, and DXVA (DirectX Video Acceleration) on Windows Vista and newer Microsoft operating-systems to utilize GPU accelerated video decoding to assist with process of video decoding of high-definition videos.

With its Python plugin system, Boxee includes incorporated addon features such as Apple movie trailer support and subtitle downloading, on-demand video streaming services Netflix and VUDU, as well as online internet content channels like Jamendo, Last.fm, NPR, SHOUTcast internet audio plugins, ABC, BBC iPlayer, Blip.TV, CNET, CNN, CBS, Comedy Central, Joost, MTV Music (music videos), MySpaceTV, Revision3, YouTube, The WB Television Network internet video plugins, and Flickr and PicasaWeb picture viewing plugins. All are available as media sources available alongside the local library. Some of these are specialized connections to services (e.g., YouTube), while the rest are a preselected list of podcast channels for streaming using generic RSS web feeds (e.g., BBC News). Boxee also supported NBC Universal’s Hulu quite early on, but in February 2009, was asked by Hulu to remove the service at the request of Hulu’s content partners. Boxee later reinstated the feature using Hulu’s RSS feeds, but Hulu once again blocked access. – Wikipedia

The software is available for free on the Boxee website:

http://www.boxee.tv/

D-Link a Boxee hardware box to connect directly to your tv without a need for a computer:

http://www.dlink.com/boxee/