Security Trap: Many New Security “Training” Courses are covering Outdated Material

Instructor

Over the last week or so I have been reading through a lot of security “training” material that either has been recently published or was being submitted for publishing. The problem is, a lot of the material was very old and not necessarily even relevant anymore.

Most Anti-Virus programs catch new threats by installing an updated virus signature so it can recognize the new threat. They “learn” to detect the newer threats. Granted many “new viruses” are just re-hashed code that has been modified so it’s signature changes. But there are completely new creatures out there that haven’t been seen before.

If the anti-virus engine didn’t evolve, it would never be able to stop (or detect) the never threats.

I find it concerning that of all the “new” security articles and training material that I have read in the last two weeks, one of the most advanced techniques I read about was from a security book written in 2004!

The example talked about a new attack that the author detected hitting Air Force systems. The attack was actually pretty impressive, the attacker used several machines and each machine was programmed to attack a certain system but intermittently and only for a brief amount of time.

The individual attacker systems would only run one small attack per day and then it wouldn’t attack the system again for a week or so. The next attacker system would do the same thing. It would attack a different part of the target system. Then like the first, it wouldn’t attack again for a long time. These systems attacked one after the other, a sort of distributed botnet of attacking systems each hitting only once for a brief amount of time.

It was very difficult for the system analysts to detect this attack. They had to focus on the attacked system, not the attackers, to find a pattern. Because they had full data capture of all their network traffic, they were able to find and track the attacks against the target network. But the pattern only showed up over weeks and months of network security monitoring – analyzing captured packets for patterns.

Pretty advanced stuff!

The problem is that this attack was recorded as happening in 1999

Hacker groups are very good at sharing attack techniques with others in their groups. They share training and tools fairly rapidly on hidden websites and secure forums. Granted security groups that are meeting once a month are doing a good job at getting security techniques disseminated, but there is still a long way to go to get the good guys up to speed and on the same page.

Also be aware when looking into purchasing security training material. Check into the company and the instructors. You may be getting recycled material that may no longer be relevant.

Advertisements

Password Dump Tool Spreadsheet

Every wanted a list of the most commonly used password dump tools compared by capabilities? Then look no further, Bernardo Damele has created a comparison list of 46 Password recovery tools!

The Google Docs spreadsheet list includes the tool name and 24 comparative features  including if it has a GUI, local or remote, what OS it works against, and where it can obtain information from.

Pretty good list, though I don’t agree with all of it. Some tools are listed as local only and can be used remotely. Though technically the capability may not be built into the app, they can be used in conjunction with other apps to work remotely with no problems.

Mimikatz comes to mind immediately. It works great remotely, but to be fair, you do need a remote shell opened first.

Great job!

 

Iranian Military C&C Allegedly Hacked and Launched Rockets at Tehran

Hamas-rocket-threat-Fajr-5-640x640

***UPDATE*** 2/9/13 – Cyber War Zone has confirmed that their article was just a scenario, and DID NOT really happen.

Unknown hackers have infiltrated Iranian Command and Control systems and successfully launched multiple Fajr-5 missiles at the Iran capitol, Tehran according to a Cyber War Zone post:

“Unknown hackers achieved to break in to the C&C center of the Iranian forces. The still unknown hackers initiated an missile attack on the Iranian main capital Tehran. The Iranian army responded fast and intercepted the missiles before they could hit Tehran.”

If this report is accurate, this is HUGE news for the cyberwar field. Most cyber attacks are irritating, but mostly harmless. The ability to hack into a foreign country’s military command, re-task rockets to target a local city and then launch them is down right scary.

The graphic above from the Official Israeli Defense Force Blog, shows that the Fajr-5 rocket has a range of up to 75 Kilometers. And according to Aviation Week the rocket carries a 200 pound warhead that is designed to create massive damage:

“Both Fajr-3 and Fajr-5 carry a 90-kg high explosive warhead with massive fragmentation sheets made of steel balls that create extensive collateral damage. Analyses of such attacks from 2006 to this year indicate these rockets could be equipped with a delay fuse to improve building penetration.”

The article also states that due to it’s increased size compared to earlier Iranian rockets, this one is easier to intercept in mid-air, which may explain how Iran was able to down them before they stuck Tehran.

I could not find any additional information on this incident other than the Cyber War Zone post. Any other sources that I have found talking about it simply referred back to CBZ. So I am not 100% sure that this is legit.

But if it is, this is HUGE news.

Iran offers Proof (or Propaganda?) that they Decoded Video from Downed Stealth Drone

Late Wednesday night Iranian TV aired footage that they claimed was decoded from the US RQ-170 Stealth drone that was recovered by Iranians in 2011.

It appears that there are two videos floating around that claim to be the “decoded” video. The one above seems a bit more legit. The second video shows short random clips of buildings taken from above, and stealth drones taking off and sitting at an air base.

This doesn’t really prove anything, as anyone could take aerial footage and claim it was taken from a certain plane or drone.

The second video is a bit more interesting though. It shows several clips of an RQ-170 at an airbase and what seems to be recordings of surveillance.  Also, footage at the end of the  allegedly shows the recovery of the downed RQ-170.

The funny thing is that late in 2011 a video aired on Iranian TV claiming it showed the RQ-170 being brought down by Iran’s Cyber War unit. The video shows a nice clean landing on a runway:

But now they release a video that shows the RQ-170 being picked up by a helicopter in a remote location in the desert?

There are just to many inconsistencies with their claims. Come to find out that the third video isn’t even an RQ-170, it is stock video footage of a Lockheed Martin Polecat UAV!

And by the way, have you seen Iran’s new Stealth Fighter?

Tremble in your boots America and Israel, this baby can compete with the F-35 and the F-22. Or so they would like you to believe. Aviation experts are already tearing it apart and claiming, hands down, that it is a fake. And the video footage of the test flight – it’s an RC plane…

I would take any “video evidence” from Iran with a grain of salt, they are obviously pumping out some serious propaganda.