I was recently asked by Don over at EH-Net if I would be interested in reviewing a new book by Thomas Wilhelm of Heorot.net: ‘Professional Penetration Testing: Creating and operating a formal hacking lab’. Naturally I jumped at the opportunity.
I don’t want to discuss the book in too much detail here, as you can read the full review at Ethical Hacker here, but the book is a great addition to my home library. Don also worked his magic to convince the publisher to release a chapter from the book free of charge, chapter four covers the initial setup and configuration of hack lab environment, and can be downloaded from the review.
Hope the review is of use to someone out there, thanks to Thomas for writing the book in the first place and to Don for hooking me up with the review.
A colleague recently introduced me to scripting with Powershell. After seeing a couple of examples of it’s strength for handling legitimate administration tasks my devious side came into play and I started imaging havok in my head.
As a starting project for getting to grips with Powershell basics I thought I’d try a proof of concept to replicate Meterpreter’s ability to disable AV and other defence mechanisms within the getcountermeasure function. I love meterpreter, but sometimes you need to work with more primitive native tools, as Powershell is starting to be included by default within Windows systems it is now one of the ‘primitive’ tools. My theory was that this should give me a bit of a challange, without jumping in at the deep end.
Well I was wrong, I guess showing the strength of Powershell this proved not to be a challange at all. The code below reads a list of unwanted processes from a text file, and kills the processes. All in four lines of code (I’m told this could be shortened at the expense of readability)
#read list of AV processes to kill
$avprocs = Get-Content AVprocs.txt
#kill all unwanted processes
foreach( $procname in $avprocs)
Stop-Process -name $procname
The next time you pop a Windows box don’t dispare, there’s more power available than just batch scripts
P.S. Before anyone shouts about aiding skiddies, the above code could have some great legitimate uses as well; from automatically cleaning up infected systems to aiding productivity by adding doom.exe to the list of processes
The possibilities are endless, both good and bad.
After too long away from the project I have been trying to implement some additional functionality to my submissions2stats script for parsing Nepenthes log files. Something that I’ve had in mind for a while is utilising Whois data to better analyse the source of the malware submissions.
I had assumed that this would be relatively simple, after all the ability to port any required functionality is an integral part of geek humour. This wasn’t to be the case this time as I was unable to find anything this time around (although I didn’t discover giskismet until after I’d wrote my kistmet2gmapstatic scripts). To cover the functionality I have written a short python class that queries a 3rd party whois service for a provided IP address and provides metods to access the returned data.
Whois information for 126.96.36.199
Inetnum: 188.8.131.52 – 184.108.40.206
N.B. Text is tab delimeted in actual usage
I’ve started adding the class’ functionality into my submissions2stats script. So far things are progressing well and hopefully I should be able to have an updated script available shortly.
Tuesday night provided an interesting evening, and for more than just the somewhat non-geeky location at the Side Cinema. As usual I’ve been beaten to the punch for a review of the event; the offical review, and videos of the presentations can be found at supermondays.org.
David Coxon provided the opening presentation, discussing his project to create an ecommerce shop for the Baltic gallery. As I’d expected of David the talk was interesting, and given the time and budget available the outcome of the project is impressive. The full presentation can be seen here and slides here. David can provide a better insight into the project than I can, so I’ll just say nice work.
The second aspect of the night was a (surprisingly) lively debate on source control systems. Paul Callaghan started by outlining the problem with the ‘traditional’ method of version control with naming schemes for files and folders, before introducing a better system with the use of Git, a distributed version control system. Alex Kavanagh added an alternative solution, in the more commonplace Suberversion/SVN.
From what I could take from the discussions Subversion is more commonly favoured in the business world as it provides a centralised repository, allowing for better management (access control, backups etc.) but Git provides some (arguably) better features and is ‘cooler’ (apparently).
If you work on any project that creates a significant volume of code or documentation you should definitely consider a revision control system of some description. In my case I’m looking at Git for my next project, from Paul’s demo it seems like an easy learning curve into a new working paradigm.
Finally David Livingstone from the University of Northumbria’s School of Computing, Engineering and Information Sciences introduced the Raquel Database System. Raquel is being built as an alternative to existing database technologies, the developers are currently looking for additional testers and project members, if you have any interest in the project contact David at the university.
The night ended, as usual, at the bar. Again as usual this provided many interesting discussions with other group members, if you haven’t already been, or have been to a previous event but not recently, get yourself down to the next SuperMondays event.