The document provides an overview of free and open source network security tools including Kismet for wireless monitoring, OpenVAS for vulnerability scanning, Metasploit for exploitation, and Nmap for port scanning and service detection. It discusses how these tools can be used both offensively to detect issues and defensively to harden networks, and highlights advantages like cost but also challenges like potential instability. The presentation focuses on demonstrating these tools and educating administrators about network security risks and defenses.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
A supporting slide deck for SensePost's Defcon 22 talk. It contains more useful written information, that the picture heavy version we presented at the conference. You can see the conference video at https://www.youtube.com/watch?v=i2-jReLBSVk and can get the code at https://github.com/sensepost/mana
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
A supporting slide deck for SensePost's Defcon 22 talk. It contains more useful written information, that the picture heavy version we presented at the conference. You can see the conference video at https://www.youtube.com/watch?v=i2-jReLBSVk and can get the code at https://github.com/sensepost/mana
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
Wireless LANs are often the soft underbelly of an organization's network. Users and guests demand easy access, but corporate resources still need to be protected. An enterprise could break the bank with expensive tools and consultants trying to maintain compliance and minimize risk.
The good news is that there are lots of excellent, well-documented open source (i.e., free) tools available to test and monitor your wireless network. And they don't even require a tin-foil hat.
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
The purpose of this document
is not to show how to use Metasploit tool there are enormous amount of sources available to do that but to show you how to look deeper into the code and try to decipher how the various classes and modules hang
together to produce the various functions we love to use.
In doing so we will learn how the exploit framework could be structured, how the interaction between the
attacker and the exploited vulnerability could be
achieved and how the user can extend the functionality of Metasploit.
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different independent groups of threat actors on a very limited budget (read: virtually no budget whatsoever). I'll discuss discovering the groups using open source intelligence gathering and honeypots, monitoring attacks, collecting and analyzing malware artifacts to figure out what their capabilities are, and reverse engineering their malware to develop the capability to track their targets in real time. Finally, I'll chat about defensive strategies and provide recommendations for enterprise security analysts and other security researchers.
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
Wireless LANs are often the soft underbelly of an organization's network. Users and guests demand easy access, but corporate resources still need to be protected. An enterprise could break the bank with expensive tools and consultants trying to maintain compliance and minimize risk.
The good news is that there are lots of excellent, well-documented open source (i.e., free) tools available to test and monitor your wireless network. And they don't even require a tin-foil hat.
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
The purpose of this document
is not to show how to use Metasploit tool there are enormous amount of sources available to do that but to show you how to look deeper into the code and try to decipher how the various classes and modules hang
together to produce the various functions we love to use.
In doing so we will learn how the exploit framework could be structured, how the interaction between the
attacker and the exploited vulnerability could be
achieved and how the user can extend the functionality of Metasploit.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
Application Explosion How to Manage Productivity vs SecurityLumension
Windows users today are more application oriented than ever, but that hunger often leads them to unsafe choices. In this presentation you’ll learn about the attributes of both free and commercial application security tools. You’ll also learn the key steps you need to follow to effectively accommodate user application needs without giving malefactors a foot in the door to your enterprise.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Travis Cox from Inductive Automation will go over the important questions you should ask when planning an enterprise solution. His presentation will help you start and maintain a smoother development process that results in an open, interoperable, standards-based, and secure enterprise solution.
Travis Cox from Inductive Automation will go over the important questions you should ask when planning an enterprise solution. His presentation will help you start and maintain a smoother development process that results in an open, interoperable, standards-based, and secure enterprise solution.
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016Amazon Web Services
Amazon WorkSpaces provides businesses with secure, managed desktops in the Amazon cloud, and offers an enhanced security posture, the ability to support the needs of a modern mobile workforce, and the flexibility to scale globally. In this session, you’ll hear about how organizations can simplify end user computing by moving desktops to the cloud. The session will cover identity and access management, network access and design, integration with on-premises IT infrastructure, application delivery, and the end user experience. Generalized deployment model and office in the box with a deconstructed network. You will also hear first-hand from customers who have implemented WorkSpaces and best practices for deploying Amazon WorkSpaces at scale. Topics will include security and network access, identity and access management, application delivery, and end user experience.
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area the used operating systems are summarized with the term firmware. The devices by themself, so called embedded devices, are essential in the private, as well as in the industrial environment and in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection. With EMBA you always know which public exploits are available for the target firmware. Beside the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is an open-source firmware scanner, created by penetration testers for penetration testers.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://troopers.de/troopers22/agenda/tr22-1042-emba-open-source-firmware-security-testing/
Thick Client Penetration Testing
You will learn how to do pentesting of Thick client applications on a local and network level, You will also learn how to analyze the internal communication between web services & API.
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
Tom Eston has spent quite a bit of time evaluating mobile applications. In this presentation he will provide the audience with a high level understanding of what the risks are, how to evaluate mobile applications and provide examples of how things have been done wrong. Tom has used a variety of the top 25 applications downloaded from the Apple App Store and Google Play to provide real world examples of the problems applications face. Tom has mapped out how these applications are vulnerable to the OWASP Mobile Top 10 security issues.
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
4. Expectations
• General overview - Only have 60 minutes!
• Focus will be on tools to help detect
problems with your network
• Two Hat Perspective
• If you can use the tool, think how it can
be used against you!
5. Approach
Tool will be described
• What the tool does
• How can you use it
• Advantages/disadvantages
6. Topics to be covered
Data Mining 1A
• Web 2.0
• Kismet
• OpenVAS
• Metasploit
7. More Topics
• NMap
• Web Vulnerability Scanners
• Pros and Cons of the free stuff
• The Future
9. Data Mining 1A
• Every network leaks or broadcasts
information
• What is allowable or acceptable by your
organization?
• This section will give examples of types of
information being broadcast - allowable and
sensitive
10. Classic Sources of Data
Leaks
• DNS & MX records
• Technical forums
• Job sites
11.
12. Google’s
Advanced Operators
• Reduce noise
• Help to refine search
• Operator:search term
• Tutorial to advanced operators
http://www.googletutor.com/google-manual/web-se
20. Text
Example of a technical google hack
revealing Nessus Scan Reports
21. Summary of Google
Hacking
• Use Google to peruse your servers for
sensitive information
• Clean up your mess like old scan reports
• Educate users about the danger of
broadcasting information
22. The Pros of Google
Hacking
• Find information you didn’t know was being
broadcast
• It’s cheap and works
23. The Cons of Google
Hacking
• Someone may have found the information
already
• You may not find everything
• Fear the Google cache!!!!!
24. References for Google
Hacking
• See Johnny Long’s book - Google Hacking for
Penetration Testers - ISBN-10 1597491764
• Any questions - just send me an email
25. Web 2.0
• Example: Twitter
• Technical
• Exploitation of code
• Passive enumeration
• Users careless of information being
broadcast
26. Solution
• Identify types of data not be broadcast
• Educate
• Users need to be made aware there are
people “watching.”
27. “Free” Tools
• Many released under GNU/GPL
• Range from simple to complex
• Many have great support and documentation
33. Cons of Kismet
• Interface
• May require significant configuration
• Incompatibilities
• Long term cost could be high due to time
spent configuring and tweaking apps
34. OpenVAS
Vulnerability Assessment
• Based upon Nessus 2.2
• Released under GNU/GPL
• openvas.org
40. Metasploit
• Security Framework identifies vulnerabilities
and exploits them
• Intended for penetration testing and
research
• Customizable
• metasploit.org
41. Metasploit
Text
Command line interface of Metasploit
45. Metasploit Advantages
• Growing community of users
• Growing documentation
• Runs well on most flavors of *nix
• Excellent tool to identify and exploit
vulnerability
46. Metasploit
Disadvantages
• Do not expect all exploits nor may be up to
date with latest exploits
• Lack of logging or reports
• Machine running Metasploit can be
compromised
• This is a very dangerous tool and may violate
policy at your institution. Use on test
network
47. NMap - Network Mapper
• Sends raw IP packets to specific host, or a
range of hosts
• Determines OS, version, open ports, identifies
potential vulnerability
• nmap.org
48. NMap
• Network administrators and other IT folk
responsible for network based assets
• Pen testers and other security folk
49. NMap
Loki:/Users/Doug root# nmap -sV 192.168.1.1-25
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-14 23:56 PDT
Interesting ports on 192.168.1.1:
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Cisco telnetd (IOS 6.X)
443/tcp open ssl/http Cisco PIX Device Manager
MAC Address: 00:08:21:3A:29:B2 (Cisco Systems)
Service Info: OS: IOS; Device: firewall
Interesting ports on 192.168.1.2:
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp tnftpd 20061217
22/tcp open ssh OpenSSH 5.1 (protocol 1.99)
548/tcp open afp Apple AFP (name: Feline; protocol 3.2; Mac OS X 10.4/10.5)
MAC Address: 00:0D:93:32:D0:26 (Apple Computer)
Service Info: Host: Feline.local
Interesting ports on 192.168.1.4:
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
5009/tcp open airport-admin Apple AirPort admin
MAC Address: 00:03:93:1F:01:65 (Apple Computer)
Interesting ports on 192.168.1.6:
Part of a Nmap scan report
50. Strengths of NMap
• Large base of support from user and
developer community
• Mature product
• Fast and versatile scanner
• Extremely stable. Install and go!
51. Weaknesses of NMap
• Some scans seem to be intrusive
• Some scans have crashed hosts being scanned
52. Web Vulnerability
Scanners
• GNU/GPL World
• Singular in purpose
• Paros
• Stagnant
• Nikto
53. Web Vulnerability
Scanners
Singular purpose tools usually check for a
single type of vulnerability (i.e. XSS, SQL
injection). You would have to have a lot of
different GNU/GPL tools to encompass all
possible vulnerabilities
54. Web Vulnerability
Scanners
Some projects become stagnant or die due to
core developers ability to devote time to
project
55. Advantages of the
“free” apps
• Initial cost is low
• Some projects have a community of support
• Documentation
• A potentially powerful tool rivaling
commercial tools
56. Advantages of “free”
apps
Use older hardware
• Great for that older machine collecting
dust
59. What to do?
• Define your needs
• Determine stability and viability of project
• Be willing to invest time
• Be diligent
60. The future
Greater and easier exploitation of Web 2.0
• You must educate your users about the
dangers
• Handhelds will be both targets and attackers