How to Become a Psychic CISO

Does John Powers have some sort of psychic connection to the spiritual realm?

Probably not, but he relies on a great security solution that provides him with unrivaled visibility into activity on his organization’s IT systems. That’s not channeling spirits from the netherworld, that’s simply having the right people, skills and solutions to be confident.

Our friends at Tripwire have released the second video in the hilarious “John Powers Supernatural CISO” series. This time John’s coworkers think his uncanny knowledge of the system network is coming from the spirit realm.

For more information, astral project over to the John Power’s site, or for live readings check out their Twitter feed.

Advertisements

To Russia with Love, Snowden either incredibly Naive or a Traitor

As the Edward Snowden drama continues to unfold, one thing is certain. He is either a traitor to the US, as many have suggested, or just incredibly naive.

After the NSA privacy whistle blower turned to China (of all places!) for assistance, it looks like he next accepted an offer of help from Russia! According to reports, Russia offered to fly Snowden from Moscow to possibly Cuba (again, wow, what a choice!) and eventually to Ecuador where he appealed for asylum.

“Snowden told Ecuadorian President Rafael Correa that it is “unlikely that I will have a fair trial or humane treatment” if handed over to U.S. officials to stand trial, according to a letter from Snowden read by Foreign Minister Ricardo Patino.”

According to CNN, he left Hong Kong Sunday on a plane to Moscow. He stayed the night at the Sheremetyevo airport and was supposed to be on a plane to Cuba today. Security was tight at the airport and as the plane filled up, there was no Snowden!

The Obama administration requested that Russia hold him and not allow him to leave the country.  But, come on, what are the chances the Russian intelligence agents are just going to let Snowden leave the country without a little intimate time first?

Does he think he will get fair and humane treatment from Russian intelligence if they think he has information that they want?

I mean didn’t he watch any of the old Rambo movies?

Snowden’s poor choices, going to China and then Russia for help really are beginning to paint a different picture about him other than hero. In fact it makes him look more and more like a traitor. And this will cost him a lot of public American support.

Chinese Hackers use NSA PRISM Monitoring for Malware Campaign

The interwebs were set afire with the news of the NSA monitoring program when whistle blower Edward Snowden released information on Prism. Well, never missing a good opportunity to exploit people, it seems Chinese hackers have jumped into the fray using the NSA monitoring scare as a source for a malicious e-mail campaign dubbed “CIA Prism Watchlist”.

When former NSA employee Edward Snowden exposed the US government’s large electronic monitoring program called “Prism“, some called him a hero, and others a traitor and a spy.

To me the jury is still out on him, yes what the government was doing was very wrong and violates constitutional rights. But Snowden turning to the Chinese for help has left many scratching their heads. If someone was looking for a country that supports and defends free speech, I don’t think China would be on the top ten of any list.

And again, though I don’t support what the government was doing, many people simply hand over personal and very intimate details about their lives to perfect strangers on a daily basis to feed our social media addiction.

Well, never one to miss an opportunity, it seems Chinese hackers are taking advantage of the government monitoring scare that has swept across the nation. According to The Register, the Chinese hacker group behind the NetTraveler attacks is using the opportunity to spread malicious e-mails titled “CIA’s Prism Watchlist”.

Attached to the badly worded e-mail is a Word Document named ‘Monitored List 1.doc’, “containing malware designed to exploit the same vulnerability (CVE-2012-0158).”

For more information, check out the 9bplus blog that originally discovered the e-mail in an VirusTotal upload.

Performing Automated Network Reconnaissance with Recon-NG

The Recon-NG Framework is a powerful tool that allows you to perform automated information gathering and network reconnaissance. Think of it as Metasploit for information collection.

Recon-NG automates a lot of the steps that are taken in the initial process of a penetration test. It has numerous features that allow you to collect user information for social engineering attacks, and network information for network mapping and much more.

You can automatically hit numerous websites to gather passive information on your target and even actively probe the target itself for data.

Anyone who is familiar with Metasploit will feel right at home as the interface was made to have the same look and feel. The command use and functions are very similar. Basically you can use Recon-NG to gather info on your target, then attack it with Metasploit.

INSTALLING RECON-NG

To install Recon-NG, simply download the program from the Recon-ng repository:

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

Then surf to the Recon-ng directory:

cd /recon_ng

and run the program:

./recon-ng.py

Screenshot from 2013-06-15 23_09_58

Typing ‘help’ will bring up a list of commands:

Screenshot from 2013-06-15 23_11_00

Now, like Metasploit, you can type ‘show modules’ to display a list of available modules.

Screenshot from 2013-06-15 23_12_11

Some of the modules are passive, they never touch the target network, while some directly probe and can even attack the system you are interested in.

One tactic used to passively probe network structure is to use the Google search engine to enumerate site sub-domains. You know that there will be a http://www.some_target_name.com but what other subdomains are out there?

You can do a Google search for subdomains using the site: and inurl: switches. Then remove sub-domains (-inurl) that you find so other subdomains will appear. This can take a while to do by hand and can require a lot of typing if the target has a large number of sub-domains.

Recon-NG will do this for you automatically and record what it finds in a database.

Just use the ‘recon/hosts/gather/http/web/google_site’ module. Then ‘show options’ to see what the module requires. This one only requires a target domain.

As in Metasploit just type ‘set domain targetname.com‘. Then just type ‘run‘ and the module will execute as seen below:

Screenshot from 2013-06-15 23_22_33

As you can see from the screenshot Recon-NG is enumerating the sub-domains for Microsoft. Within seconds, several of the sub-domains are listed.

All the data collected by Recon-NG is placed in a database. You can create a report to view the data collected. Just type in ‘back‘ to get out of the current module. and then ‘show modules‘ again. Simply use one of the report modules to automatically create a nice report of the data that you have obtained.

Here is a sample of the HTML report:

Screenshot from 2013-06-15 23_30_16

Sub-domain enumeration is only one module you can run, there are many others to choose from. There are also some that require a program API key like Twitter, Shodan, LinkedIn or Google. Using these you can get specific information from the corresponding sites about your targets.

For example you can search Twitter for tweets from your target or even check Shodan for open systems.

I have just briefly touched on some of the capabilities of Recon-NG. It is really an impressive tool that is well worth checking into.

For more information check out the Recon-NG Wiki page!