Hakin9 Exploiting Software July 2012 Issue is out!

Pentesting with Android – new Exploiting Software Hakin9 issue is out!

Are you curious how to turn your Wi-Fi smart phone or tablet into a pentesting tool? Check out the new issue of Exploiting Software Hakin9!

WHAT’S IN THIS ISSUE?

•    Searching For Exploits, SCAPY Fuzzing
•    Weak Wi-Fi Security, Evil Hotspots & Pentesting with Android
•    An In-Depth Analysis on Targeted Attacks
•    Automated security audit of a web application
•    Reverse Engineer Obfuscated
•    Cross Site Scripting(XSS)
•    Implementing Rsylog to forward log messages
•    They Are Offline But I Exploited Them

 

Weak Wi-Fi Security, Evil Hotspots and Pentesting with Android
By Dan Dieterle

Wireless networks and mobile Wi-Fi devices have saturated both the home front and business arena. The threats against Wi-Fi networks have been known for years, and though some effort has been made to lock down wireless networks, many are still wide open. In this article we will look at a few common Wi-Fi security misconceptions. We will also see how a penetration tester (or unfortunately, hackers) could set up a fake Access Point (AP) using a simple wireless card and redirect network users, capture authentication credentials and possibly gain full remote access to the client.

Finally we will look at the latest app for Android that allows you to turn your Wi-Fi smart phone or tablet into a pentesting tool. With it you can scan your network for open ports, check for vulnerabilities, perform exploits, Man-in-the-Middle (MitM) attacks and even sniff network traffic on both your Wi-Fi network and wired LAN.

Searching For Exploits, SCAPY Fuzzing
By Craig Wright

SCAPY is a series of python based scripts that are designed for network level packet manipulation. With it, we can sniff network traffic, interactively manipulate it, and fuzz services. More, SCAPY decodes the packets that it receives without interpreting them. The article is going into some of the fundamentals that you will need in order to understand the shellcode and exploit creation process, how to use Python as a launch platform for your shellcode and what the various system components are.

And much more…

For additional article information click here or…

Advertisements

Security Onion Intrusion Detection System Basic Setup Tutorial

Security Onion is one of my favorite tools. Doug Burks did an amazing job pulling many of the top open source Network Security Monitoring (NSM) and Intrusion Detection System (IDS) programs. You can run Security Onion in Live CD mode, or you can install it and run it off of your hard drive.

It’s based on Xubuntu 10.04 and contains a ton of programs including Snort, Suricata, Sguil, Squert, argus, Xplico, tcpreplay, scapy, hping, and many other security tools. Sounds complicated right? Well, Doug has done the hard work in pulling all these tools together into an easy to use Linux distribution.

Run this on a system that has two network cards and you have a complete NSM/IDS system. One NIC connects to your network or the internet side of your traffic and records and monitors every packet that comes in or goes out of your system. The second NIC connects to your LAN side and can be used to remotely view and monitor intrusion attempts and security threats.

The exceptional basic setup video above was created by Adrian Crenshaw aka “Irongeek”. Adrian has always done an amazing job passing on information on the latest security tools and techniques. Irongeek.com has a ton of videos and security how too’s, check it out!