Navy Developing Robots to Fight Pirates

The Navy is developing a series of sensors and software to allow robotic helicopters to detect suspicious boats according to a FoxNews article:

The Navy turned to a combination of different sensing technologies to address this. Called the Multi-Mode Sensor Seeker, or MMSS, an unmanned helicopter uses high-definition cameras, mid-wave infrared sensors and laser-radar (LADAR) to find the boat. 

Seaborne piracy is still a huge problem, especially near places like Somalia. It is a long and tedious procedure to scan unending open water for suspicious vessels, one that drones and robotics could handle very well if programmed correctly. Drones can help detect the questionable ships and then human operators can verify friend or foe designation and task armed forces to the area.

The Navy will test this technology this summer against test targets off the California coast. Until it is available, there is always the tried and true method of fighting piracy:

Book Review – Metasploit: The Penetration Tester’s Guide

Want a great book on Backtrack 5 and the Metasploit Framework? Look no further than “Metasploit: The Penetration Tester’s Guide” written by the all star cast of David Kennedy (One of my favorite security speakers and creator of the Social Engineering Toolkit), Jim O’Gorman (instructor at Offensive-Security), Devon Kearns (a BackTrack Linux developer), and Mati Aharoni (created BackTrack and founder of Offensive-Security).

Arguably my favorite book for 2012, this is the most complete and comprehensive instruction book for Metasploit that I have seen so far. The authors walk you step by step, command by command through using the Metasploit Framework as a penetration tester. You move quickly from the basics of Penetration testing through using the platform to perform the different phases of intelligence gathering and exploitation.

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network.

The book also covers building your own Metasploit modules and creating your own exploits.

I love the book because the authors give you a short overview of the topic, then jump right into hands on – showing you the commands to use, and then dissecting the output and explaining step by step what is happening and what was accomplished.

Excellent book for anyone interested in a hands on approach to computer security, the Metaslpoit pro who wants a great reference book and those new to Metasploit that want a step by step instruction manual.

Metasploit: The Penetration Tester’s Guide – Check it out!

Anti – Android Network Toolkit and 7″ Tablet make a $99 Pentesting Platform

Every once in a while you run into a product that just makes you sit back and say – “Wow!”

I just picked up a 7″ Polaroid tablet for $99 and was stunned at how good it works. The screen quality, how smooth it ran and how responsive it was. In some functions it works better than my trusty iPad that cost a whole lot more.

Well, I wanted to see how well the Android Tablet could work as a pentesting platform and found “Anti” the Android Network Toolkit by zImperium. I was stunned.

I just used the “Free” version, and within seconds I was looking at a network map of all the machines on my network. Anti runs nmap scans, including an intrusive scan to detect device Operating Systems and vulnerabilities. Once the scan is done, it can take a while, you can click on individual systems and are presented with a tool option menu. These options include:

Attack, DoS, Cracker, Replace Image, Spy, Man in the Middle

Some of the more advanced tools require you to purchase “Anti credits” to run them. But with the free version, you can view available networks, and run scans against them.

I ran it on my wireless network and was able to view a wired system. For a short period of time, I could see a text list of what websites the computer was visiting, and even images from the visited websites. The options even included “View Passwords”, but this did not seem to be enabled in the free version. Obviously it was working in some sort of Man-in-the-Middle mode to be able grab the information off of a wired lan system connected to a switch. Very interesting.

And this was just the free version, the paid versions reportedly includes remote exploit capability.

Anti also includes a reporting feature so you can keep a track of vulnerable systems found during your pentest. Using Anti on a cheap $99 Android tablet really opens up a lot of possibilities for pentesters.