Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 271 for Thursday December 22nd, 2011.
- Our final CyberSecurityWorld webcast for 2011 is next Wednesday December 28th - get ready for Late Breaking Computer Attack Vectors Webcast - The Year In Review w/ Larry
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year (discount code may be in our future):
- Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. We are working on our top ten cigars released in 2011. We've been painstakingly smoking cigars, enjoyed with fresh coffee and single malt scotch in my nice warm workshop. Its a hard job but someone has to do it, and we're, ya know, toughing through it.
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
- BSides, BSides, BSides everywhere
Guest Interview: Jason Fossen
6:00 PM ET
Jason Fossen is a principal security consultant at Enclave Consulting, a published author, and a frequent public speaker on Microsoft security issues. He posts his thoughts on Windows Security on the SANS Windows Security Blog.
Stories are typically not all that great this time of year, so I prepared a segment for our listeners
Paul's Top Ten Tips For Penetration Testers - 2011 Edition
- Know a Scripting Language - I don't care if its Perl, Ruby, Python, or LUA. Learn one, it comes in handy. Use it on pen tests too. You will find weird conditions, write a script to exploit
- Get good with a web application pen testing toolset - Doesn't matter if you write it yourself or use Burp, but get good with a toolset. You may be doing just a test of one web application. Or, you may be doing some other testing and believe me, you want to spend time with anything that could possibly be a web application.
- Keep current with the Metasploit Framework - There are so many tools that are part of Metasploit, and I don't do this as often as I should. Download the latest, review the release notes, and play around with the tools within.
- Spend some time with S.E.T - Hands down the best toolset for client-side testing. Know it, use it, love it and then give Dave hugs.
- Generate your own payloads and test them - Get your hands on some anti-virus software, install it on Windows VMs and test your payloads. Don't use Virus Total, they report the payload to anti-virus companies.
- Maintain your own password lists - There are lots of lists out there, but they need to be tuned for the job. Create your own scripts and lists for each job, it helps increase your chances for success.
- Use Automated tools - Look, tools that can automatically check for thousands of vulnerabilities save you time. People say they run them, but not the way you run them. Use them, it saves time.
- Don't Use Automated tools - Don't rely on automated tools to do your job. They are not human, and most of you are in fact human. Fire up a browser and explore. Look for those logic flaws, exploit the human, that's what you are getting paid for.
- Know the value of your services - Be able to correctly convey the benefits of penetration testing to your company and/or customers.
- Learn a happy dance and stick with it - Most importantly, learn a dance. When you experience success on a penetration test, do the dance. After you've been pen testing for a while, you should be good at the dance. Demo!
- The future of SSL? - [Larry] - The "inventor" of SSL claims that due to the flexibility of SSL, additional authentication mechanisms can be used and bolted on. I'd argue the same way we went from SSL 1.0 to 3.0 then to TLS. Light on details, but seems like there may be hope? I still think we need to develop a new method now, as SSL is flawed based on the current trust mechanism.
- Metasploit TFTP - [Larry] - ok, maybe we bashed Metasploit a little last week (and maybe HD can come on to discuss?) but how about some praise? A new TFTP client installed, which drew my attention to the TFTP server functionality - this is great for using with RW SNMP community strings to pull running config from Cisco devices, which may reveal TTY passwords and enable passwords stored as a 7 (not 5 even though we could brute force md5 or use rainbowtables) that might have some reuse :-)
- EFF advise on how to keep data secure at border crossings - [Larry] - Solid advice, and some of it good procedure for keeping our date secure in general. Some general advice includes doing encrypted off-site backups with encrypted stream to offsite location, as well as full disk encryption.