The “Cloud”

Yes, the cloud, the word that conjures up dreamy escapes to places unseen.   I was pushed to write this this morning after listening to an explanation today on the news that was off the wall IMHO.   A little about the cloud, the cloud is a server or satellite in some cases.  The cloud doesn’t make your life easier it just makes things more accessible if your not tech savvy or don’t really understand what it all means. My problem with the “CLOUD” is that I saw this trend back in the 90s  when Microsoft started writing half of its applications in the cloud on their servers so office would need internet access to fully be operational in all its glory. The cloud is used to keep your personal data off your devices and in someone else s hands basically, and hope they will give you access to what is already yours if you need it.  let me repeat that, The cloud is used to keep your personal data off your devices and in someone else s hands basically, and hope they will give you access to what is already yours if you need it.

 

Security consultative services 247

CJ Thompson

avatarpoint.com

Computer Technical Meltdowns.

I couldn’t help but think of when you have one of those “days” or “weeks” , we’ve all had them, some more frequently than others. While conversing with family members the other day I was surprise to learn a family member broke their phone and lost there ability to use face time all with the same day. while this is not considered to me a melt down to many other it might be life or death depending on the importance or frequency needed of communication. I would suggest for those computer technical moments have some good backup plans in place.  Skype is a good 2nd choice tool, remember Microsoft owns it.  Another secondary communication tool is goggle, any flavor of their apps will do. I’ve been on Sabbatical most of the year and plan to enlighten the conversation with greater stimulation over the next coming months.

 

C.J.T Principal Consultant

Avatarpoint

 

 

9 frequent methodologies hackers use.

I’ve listed 9 of the most frequent methods hackers use to gain control of computers.

 

1. Denial of service

Another form of attack is called a denial-of-service (DoS) attack. This type of attack causes your computer to crash or to become so busy processing data that you are unable to use it. It is important to note that in addition to being the target of a DoS attack, it is possible for your computer to be used as a participant in a denial-of-service attack on another system.

2. Back door and remote administration programs

On Windows computers, three tools commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven. These back door or remote administration programs, once installed, allow other people to access and control your computer.

3. Trojan horse programs

Trojan horse programs are a common way for intruders to trick you (sometimes referred to as “social engineering”) into installing “back door” programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus

4. Unprotected Windows shares

Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer’s owner, but it is also a threat to other sites on the Internet. The greater immediate risk to the Internet community is the potentially large number of computers attached to the Internet with unprotected Windows networking shares combined with distributed attack tools. Another threat includes malicious and destructive code, such as viruses or worms, which leverage unprotected Windows networking shares to propagate.There is great potential for the emergence of other intruder tools that leverage unprotected Windows networking shares on a widespread basis.

5. Cross-site scripting

A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.  You can potentially expose your web browser to malicious scripts by following links in web pages, email messages, or newsgroup postings without knowing what they link to using interactive forms on an untrustworthy site viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags.

6. Being an intermediary for another attack

Hackers will frequently use compromised computers as launching pads for attacking other systems. An example of this is how distributed denial-of-service (DDoS) tools are used. The intruders install an “agent” (frequently through a Trojan horse program) that runs on the compromised computer awaiting further instructions. Then, when a number of agents are running on different computers, a single “handler” can instruct all of them to launch a denial-of-service attack on another system. Thus, the end target of the attack is not your own computer, but someone else’s — your computer is just a convenient tool in a larger attack.

7. Packet sniffing

A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. With perhaps hundreds or thousands of passwords captured by the packet sniffer, intruders can launch widespread attacks on systems. Installing a packet sniffer does not necessarily require administrator-level access. Relative to DSL and traditional dial-up users, cable modem users have a higher risk of exposure to packet sniffers since entire neighborhoods of cable modem users are effectively part of the same LAN. A packet sniffer installed on any cable modem user’s computer in a neighborhood may be able to capture data transmitted by any other cable modem in the same neighborhood.

8Mobile code (Java/JavaScript/ActiveX)

There have been reports of problems with “mobile code” (e.g. Java, JavaScript, and ActiveX). These are programming languages that let web developers write code that is executed by your web browser. Although the code is generally useful, it can be used by intruders to gather information (such as which web sites you visit) or to run malicious code on your computer. It is possible to disable Java, JavaScript, and ActiveX in your web browser.

9Social Engineering 

Here we see a smorgasbord of different techniques being used.  Many old school ways of gathering Intel such as dumpster diving and phone freaking. What the hacker is looking for here is someone not on their guard or someone who can be manipulated by fear of losing their job to reveal a login or password, this is usually done by calling the target company and impersonating someone in the company.

 

Network Infrastructures

It’s no wonder why managers and company execs are realizing the importance of a well designed Network structure which has enterprise architecture as part if its conception and the security aspects that are involved in the processes. With the ever growing potential of threats from global communications lines we as a society now engage in on a daily basis of truly global communication whether we are aware of it or not. Calling your local credit card company can bounce you right off a satellite in the UK to India and back in a blink.  I would strongly advise a hardening of systems to begin with, and if you are not aware of the term please contact us our engagements are both in the public, and private sectors. We provide a free 1 hour consultation and can be available for further consultation or services. Don’t risk what you’ve build we can provide the solution. for further information email info@avatarpoint.com and leave the best time to contact you and we will do the rest.

Digitally Enhanced Human Intergration providers.

I find it increasingly interesting the human integration of man and machine, were the Borgs  really our future?   I think the move has been a slow one though, first we had to use big rooms to use them, then they became a personal thing we could use in our home, then transformed to  a connected everywhere i breath sort of thing, then to I need to take it everywhere i go Tablet-city , and currently wearable and implantable beyond civilian eyes.

Internal Penetration Testing Plan

  • The steps in an effective Internal penetration testing approach.

 

“1. Map the network

2. Scan the network for live hosts.

3. Port-scan individual machines

4. Try to gain access using known vulnerabilities.

5. Attempt to establish null sessions

6. Enumerate users/identify domains on the network.

7. Sniff the network using Wireshark

8. Sniff POP3/FTP telnet passwords.

9. Sniff email messages.

10. Attempt replay attacks

11. Attempt ARP poisoning.

12. Attempt MAC flooding.

13. Conduct man in the middle attacks.

14. Attempt DNS poisoning.

15. Try logging into a console machine.

16. Boot the PC using an alternative OS and steal the SAM file.

17. Bypass the OS to obtain information.

18. Reset the administrator password.

19. Attempt to plant a software key logger to steal passwords.

20. Attempt to plant a hardware key logger to steal passwords.

21. Attempt to plant spyware on the target machine.

22. Attempt to plant a Trojan on the target machine.

23. Attempt to bypass antivirus software installed on target machine.

24. Attempt to send a virus using the target machine.

25. Attempt to plant root kits on the target machine.

26. Hide sensitive data on the target machine.

27. Hide hacking tools and other data on the target machine.

28. Use various steganography techniques to hide files on the target machine.

29. Escalate user privileges.

30. Capture POP3 traffic

31. Capture SMTP traffic.

32. Capture IMAP email traffic.

33. Capture the communications between FTP client and FTP server.

34. Capture HTTP traffic.

35. Capture RDP traffic.

36. Capture VOIP traffic.

37. Run Wireshark with the filter -ip.src==ip_address.

38 Run Wireshark with the filter -ip.dst==ip_address.

39. Run Wireshark with the filter -tcp.dstport==port_no.

40. Run Wireshark with the filter -ip.addr==ip_address.

41. Spoof the MAC address

42. Poison the victims IE proxy server.

43. Attempt session hijacking on telnet traffic.

44. Attempt session hijacking on FTP traffic.

45. Attempt session hijacking on HTTP traffic.

46. Document everything”

 

  • The potential resources available to support Internal penetration testing.

Wireshark, Core Impact, Metasploit, Canvas, Internet scanner, NetRecon, Cybercop, Nessus, Cisco

secure scanner and Retina are the most useful tools as recommend by EC-Council Press (2007).

 

 

  • The phases involved with Internal penetration testing.

According to the National Institute of standards and technology (NIST) publication SP800-115 Planning, Discovery, Attack and Reporting are the phases of the penetration testing methodology,  I have not found a variance of sequence whether the testing is external or internal.

 

  • The factors that influence the sequencing and selection of particular Internal penetration testing activities.

The level of access granted by the client has a factor in the penetration testing as well as the budget allocated for the testing, dependent upon some of the initial testing results and the clients request many different factors can determine sequencing and selection of activities.

 

 

.

 

 

Reference:

EC-Council Press (2007 ). Penetration Testing Procedures and Methodologies: Course Technology, Cengage Learning, Clifton Park, NY.

 

Retrieved from the internet on 2/24/13

csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

Footprinting & Social Engineering

  • The steps to be included in an effective foot-printing approach.

 

- “Find Companies’ external and internal URLs.

-  Perform whois lookup for personal details.

-  Extract DNS information.

-  Mirror the entire website and lookup names.

-  Extract archives of the website.

-  Google search for company’s news and press releases.

-  Use people search for personal information of employees.

-  Find the physical location of the web server using the tool neo tracer.

- Analyze company’s infrastructure details from job posting.

- Track the email using “readnotify.com””

I would also include the 34 steps in information gathering as described by EC-Council press (2007)it is most useful in foot-printing. The use of social engineering in foot-printing can also be very useful and productive.

 

  • The potential resources available to support foot-printing and social engineering.

There are a great number of tools that can support foot-printing such as IP to Country, Anacubis and nslookup. Additional many websites like dnsstuff.com, ARIN, and Neotrace to name a few.

Social engineering methodologies can use human base such as impersonation or third person approach or it may be computer base like clicking on an email or responding to a website questionnaire popup to implement a social engineering campaign.

 

  • The role Google can play in identifying potential information useful in subsequent phases of penetration testing.

Google can provide target information on the company or organizations infrastructure and press releases that have been made, other useful information can be interview with employees of the company that can reveal names and titles for social engineering projects. Google can also be used in depth by using “intitle.index of” to map the target company or organization and using the advanced search options for Google can focus the options results for the tester.

 

  • The areas within the organization that present useful targets for social engineering efforts.

Some of the areas of targets are “receptionists and help-desk personnel, Technical support executives and vendors of the target organization employees.”

 

 

.

 

 

 

 

 

 

Reference:

EC-Council Press (2007 ). Penetration Testing Procedures and Methodologies: Course Technology, Cengage Learning, Clifton Park, NY.