Issuu on Google+


Improve your Firewall Auditing switches, routers and other infrastructure devices As a penetration tester you have to be an expert in multiple technologies. Typically you are auditing sys- this could mean manually reviewing the configuration files saved from a wide variety of devices. tems installed and maintained by experienced people, often protective of their own methods and technologies. On Device Auditing Scanners Nipper Studio any particular assessment testers may have to perform an analysis of Windows systems, UNIX systems, web applications, databases, wireless networking and a variety of network protocols and firewall devices. Any security issues identiPassword Encryption Settings fied within those technologies will then have to be explained in a way that both management and system Physical Port Audit maintainers can understand. The network scanning phase of a penetration assessment will quickly identify a number of security weaknesses and services running on the scanned systems. This enables a tester to quickly focus on potentially vulnerable systems and services using a variety of tools that are designed to probe and examine them in more detail e.g. web service query tools. However this is only part of the picture and a more thorough analysis of most systems will involve having administrative access in order to examine in detail how they have been configured. In the case of firewalls,

enquiries@titania.com T: +44 (0)845 652 0621

Network Address Translation Network Protocols Time Synchronization Warning Messages (Banners)

*

Network Administration Services

*

Network Service Analysis

*

Password Strength Assessment

*

Software Vulnerability Analysis

*

Network Filtering (ACL) Audit

*

Wireless Networking

* *

* Limitations and constraints will prevent a detailed audit


infrastructure devices, you can speed up the audit process without compromising the detail. You can customize the audit policy for your customer’s specific requirements (e.g. password policy), audit the device to that policy and then create the report detailing the issues identified. The reports can include device specific mitigation actions and be customized with your own companies styling. Each report can then be saved in a variety of formats for management of the issues.

Although various tools exist that can examine some elements of a configuration, the assessment would typically end up being a largely manual process. Nipper Studio is a tool that enables penetration testers, and non-security professionals, to quickly perform a detailed analysis of network infrastructure devices. Nipper Studio does this by examining the actual configuration of the device, enabling a much more comprehensive and precise audit than a scanner could ever achieve. With Nipper Studio penetration testers can be experts in every device that the software supports, giving them the ability to identify device, version and configuration specific issues without having to manually reference multiple sources of information. With support for around 100 firewalls, routers, switches and other

Ian has been working with leading global organizations and government agencies to help improve computer security for more than a decade. He has been accredited by CESG for his security and team leading expertise for over 5 years. In 2009 Ian Whiting founded Titania with the aim of producing security auditing software products that can be used by non-security specialists and provide the detailed analysis that traditionally only an experienced penetration tester could achieve. Today Titania’s products are used in over 40 countries by government and military agencies, financial institutions, telecommunications companies, national infrastructure organizations and auditing companies, to help them secure critical systems.

www.titania.com


W e b A p p

Editor’s note

Dear Readers!

It has been quite a while since the last Web App was released, and we have a small time slip with publishing it indeed, but we prefer delivering a good and quality content rather then focusing on doing it quicker. One way or another, the issue is finally out, so let’s have a closer look on what you can find inside! The very beginning of this month’s issue is opened with the ‘Tools’ section, consisting of two articles. First one, written by our new author, Remus Ho, describes not so popular device called Teensy. Teensy is a USB-based micro-controller development board, which can be programmed to emulate as any device and store programming code. In this article Remus describes how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system. The another article in the the above mentioned section is dedicated to the tool called Fimap. In his article, Sow Ching Shiong will show you how to exploit local file inclusion vulnerability using this software. For those interested in OWASP, I suggest taking look at page 18th. What you’ll be able to find there is an article about Vicnum – The Vulnerable Web Application for PenTesters. Vicnum consists of several links to programs that at first appear to be games but are really intentionally vulnerable web applications that demonstrate common web security problems such as cross site scripting, SQL injections, and session management issues. Jumping to page 24th, you’ll be able to find an article about setting up a computer hacking lab. This article is a first one from the series of four articles delivered by our new columnist Steve Weirckx, which will help you in creating your very own hacking environment. As author states, the main focus for this hacking lab will be on web applications and testing their security. Another article in Column section is delivered to us by Kevin G. Coleman, our new contributor as well. In his article, Kevin will try to convince you on how dangerous it might be to become a penetration tester and more specifically, he will talk about whether the tools used by ethical hackers and penetration testers can be recognized by the UN as an illegal weapon. Finally, in this Web App edition, you’ll be able to find a review of Nipper Studio – a great software delivered to us by Titania Software Ltd. Interested? Read more, and you’ll get convinced, how functional it is. For the closing of this month’s issue, we’ve traditionally placed another chapter of Cyber Styletto. If you’d like to read more about Yvonne’s adventures, do not miss this one!

TOOLS

06

Pentesting With Teensy

12

Exploiting Local File Inclusion Vulnerability Using fimap

by Remus Ho

Teensy is a USB-based microcontroller development board, which can be programmed to emulate as any device and store programming code. It is about 3.0cm by 1.8cm in size and available in PJRC.com. It cost about US$16 and has the memory size of 32K byte. In this article, Remus will be showing how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system.

by Sow Ching Shiong

fimap is a python tool which can be used to find and exploit as well as google for local and remote file inclusion bugs in web application. It is available from: http://code.google.com/p/fimap/. Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitised, and allows directory traversal characters to be injected.

OWASP

18

Vicnum, a Vulnerable Web Application for Pentesters by Mordecai Kraushar

For those interested in Web application security OWASP (Open Web Application Security Project) is the organization to turn to with many projects intended to secure Web applications. One such OWASP project is Vicnum (https://www.owasp.org/index.php/ Category:OWASP_Vicnum_Project/) which consists of several links to programs that at first appear to be games but are really intentionally vulnerable web applications that demonstrate common web security problems such as cross site scripting, SQL injections, and session management issues.

We hope, you will find this issue of PenTest compelling and worthful. Thank you all for your great support and invaluable help. Enjoy reading! Maciej Kozuszek PenTest Magazine Team

07/2012(9)

Page 4

http://pentestmag.com


W e b A p p

CONTENTS

COLUMN

24

How To Set Up A Software Hacking Lab part 1 by Steven Wierckx

This is the first in a series of articles on how to set up a software hacking lab. In this first article, I will detail what I want to do in this hacking lab and what the targets are I would like to have ready for my penetration test. The main focus for this hacking lab will be on web applications and testing their security.

28

by Kevin G. Coleman

There is a growing concern about the development and proliferation of what has been referred to as Cyber Arms. In fact, in 2011 China and Russia submitted a recommendation to the United Nations about a Cyber Arms Treaty. This topic is not new to the United Nations; in fact it actually can be traced back in 2006 when the U.N. General Assembly requested that all countries submit their views on a binding conventional arms trade treaty.

REVIEW

30

Nipper Studio Review

by Jim Halfpenny There’s no shortage of vulnerability assessment tools out there and this time I’m looking at one that a little bit different. Nipper Studio from Titania offers a means to audit that often forgotten part of your network; the network itself. Routers, switches, firewalls and other network appliances are the fabric of your network and should definitely be in-scope for any rigorous information security program. I’ve given Nipper Studio a test drive to see how it performs and how it differs from other tools out there.

CYBER STYLETTO

34

TEAM

Security Testing Tool or Cyber Weapon

Chapter 8

by Mike Brennan and Richard Stiennon

Tonight’s sortie was an old – fashioned stakeout, Buck had said. If Yvonne had ever been on one, she would have understood his sentiment, but instead she was anxious, feeling exposed to dangers she never experienced working in her labs behind the protection of computer screens and miles, sometimes thousands of them, between her and her adversaries.

Editor: Maciej Kozuszek maciej.kozuszek@software.com.pl Betatesters: Scott Christie, Dennis Distler, Johan Snyman, Daniel Wood Senior Consultant/Publisher: Paweł Marciniak CEO: Ewa Dudzic ewa.dudzic@software.com.pl Art Director: Ireneusz Pogroszewski ireneusz.pogroszewski@software.com.pl DTP: Ireneusz Pogroszewski Production Director: Andrzej Kuca andrzej.kuca@software.com.pl Marketing Director: Ewa Dudzic ewa.dudzic@software.com.pl Publisher: Software Press Sp. z o.o. SK 02-682 Warszawa, ul. Bokserska 1 Phone: 1 917 338 3631 www.pentestmag.com Whilst every effort has been made to ensure the high quality of the magazine, the editors make no warranty, express or implied, concerning the results of content usage. All trade marks presented in the magazine were used only for informative purposes. All rights to trade marks presented in the magazine are reserved by the companies which own them. program To create graphs and diagrams we used by

Mathematical formulas created by Design Science MathType™

DISCLAIMER!

The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the presented techniques or consequent data loss.

07/2012(9)

Page 5

http://pentestmag.com


W e b A p p

TOOLS

Pentesting with Teensy Windows autorun feature is disabled by default these days. Is it still possible to launch code automatically from a USB drive? What if there is a USB drive that could execute code automatically when plugged in and yet not able to be identify as USB drive by the system?

U

SB drives are commonly used in pen-testing as part of the social engineering technique. You normally “trojanized� the USB drives by creating an autorun.inf file that will run a list of commands such as copying document files, collecting system information and sending them back to the pen-tester via email or mapped drive when the drive is plug into the system. These drives are then passed among the employees to share music or document files. They are also been randomly drop around the office compound, hoping that employees pick up and used them on their office computers. But since Microsoft release the patch KB967715, which disable autorun features for USB drive in windows XP and have built future windows version such as Windows 7 with autorun for USB drive disabled by default, this social engineering methods seems to obsolete.

and has the memory size of 32K byte. It requires a Mini-B USB cable to connect to a machine (Figures 1). In this article, I will be showing how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system. HID are actually devices such as keyboard and mouse. By emulating as HID, the system will execute any commands and codes in the USB device thinking that they are coming from a keyboard.

Setup Teensy

As Teensy is a microcontroller development board, you will need to install Arduino software in order to

Teensy USB board

This social engineering method is still possible with the autorun feature been disabled, the device is called Teensy. Teensy is a USB-based microcontroller development board, which can be programmed to emulate as any device and store programming code. It is about 3.0cm by 1.8cm in size and available in PJRC.com. It cost about US$16 07/2012(9)

Figure 1. Teensy

Page 6

http://pentestmag.com


Global I.T. Security Training & Consulting

In February 2002, Mile2 was established in response to the critical need for an international team of IT security training experts to mitigate threats to national and corporate security far beyond USA borders in the aftermath of 9/11.

IS YOUR NETWORK SECURE?

www.mile2.com TM

mile2 Boot Camps

A Network breach... Could cost your Job! Available Training Formats

C)PTETM C)PTCTM C)SCETM C)WSETM C)WNA/PTM

F2F CBT LOT KIT LHE

Classroom Based Training Self Paced CBT Live Online Training Study Kits & Exams Live Hacking Labs (War-Room)

Worldwide Locations

CISSPTM C)ISSO C)SLO ISCAP

GENERAL SECURITY TRAINING CISSP & Exam Prep Certified Information Systems Security Officer Certified Security Leadership Officer Info. Sys. Certification & Accred. Professional

1. 2. 3. 4. 5.

PENETRATION TESTING (AKA ETHICAL HACKING) Other New Courses!! ITIL Foundations v.3 & v.4 Certified Penetration Testing Engineer CompTIA Security+, Network+ Certified Penetration Testing Consultant ISC2 CISSP & CAP SECURE CODING TRAINING SANS GSLC GIAC Sec. Leadership Course Certified Secure Coding Engineer SANS 440 Top 20 Security Controls SANS GCIH GIAC Cert Incident Handler WIRELESS SECURITY TRAINING Certified Wireless Security Engineer Certified Wireless Network Associate / Professional

DR/BCP

DR&BCP TRAINING Disaster Recovery & Business Continuity Planning

C)SVMETM

VIRTUALIZATION BEST PRACTICES Certified Secure Virtual Machine Engineer

C)DFETM

DIGITAL FORENSICS Certified Digital Forensics Examiner

(ISC)2 & CISSP are service marks of the IISSCC. Inc. Security+ is a trade mark of CompTIA. ITIL is a trade mark of OGC.GSLC & GCIH are trademarks of GIAC.

INFORMATION ASSURANCE SERVICES

We practice what we teach.....

Other Mile2 services available Globally: 1. Penetration Testing 2. Vulnerability Assessments 3. Forensics Analysis & Expert Witnesses 4. PCI Compliance 5. Disaster Recovery & Business Continuity

1-800-81-MILE2 +1-813-920-6799

11928 Sheldon Rd Tampa, FL 33626


W e b A p p

TOOLS

Exploiting Local File Inclusion Vulnerability Using fimap

Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitised, and allows directory traversal characters to be injected.

A

typical example of a PHP script vulnerable to LFI is as follows: Listing 1. A legitimate request made to the script could look like this: Listing 2. This is of little use to a potential attacker, who is more likely to be interested in the files outside the pages/ directory. To do this, an attacker could use LFI. The simplest example would be: Listing 3. Source: http://hakipedia.com/index.php/Local_ File_Inclusion. In this article, the author will show you how to exploit LFI vulnerability using fimap.

we will use the vulnerable PHP code listed in Listing 1. Save the vulnerable PHP code as index.php in your testing web server (e.g. /var/www/index.php). Listing 1. Example of vulnerable application in PHP code <?php $file = $_GET[‘file’]; if(isset($file)) { include(“pages/$file”); } else

fimap – LFI Exploitation Tool

fimap is a python tool which can be used to find and exploit as well as google for local and remote file inclusion bugs in web application. It is available from: http://code.google.com/p/fimap/. Once you have installed fimap, you can view the usage of it by running this command in a *NIX terminal: ./fimap.py –h. Below are some basic commands: (Listing 4)

{

include(“index.php”); } ?>

Listing 2. Example of directory traversal attack http://www.example.com/index.php?file=contactus.php

Listing 3. Example of LFI attack

A Simple Proof of Concept

To start off though, let us do exactly what an attacker would do, which is to identify a vulnerability. We will assume that the attacker has already identified a vulnerable parameter on a page. For this example, 07/2012(9)

Page 12

http://example.com/index.php?file=../../../../ etc/passwd

http://pentestmag.com


Now Hiring Teamwork Innovation Quality Integrity Passion

Sense of Security

Compliance, Protection and

Sense of Security is an Australian based information security and risk management consulting practice. From our offices in Sydney and Melbourne we deliver industry leading services and research to our clients locally, nationally and internationally. Since our inception in 2002, our company has performed tremendously well. We thrive on team work, service excellence and leadership through research and innovation. We are seeking talented people to join our team. If you are an experienced security consultant with a thorough understanding of Networking, Operation Systems and Application Security, please apply with a resume to careers@senseofsecurity.com.au and quote reference PTM-TS-12.

info@senseofsecurity.com.au www.senseofsecurity.com.au


W e b A p p

OWASP

Vicnum A Vulnerable Web Application for Pentesters For those interested in Web application security OWASP (Open Web Application Security Project ) is the organization to turn to with many projects intended to secure Web applications. One such OWASP project is Vicnum (https://www.owasp.org/ index.php/Category:OWASP_Vicnum_Project/) which consists of several links to programs that at first appear to be games but are really intentionally vulnerable web applications that demonstrate common web security problems such as cross site scripting, SQL injections, and session management issues.

T

hese games written primarily in PHP are especially useful to IT auditors developing web pentesting skills and setting up 'Capture the Flag' type events. Besides downloading the software from SourceForge (http://sourceforge.net/ projects/vicnum/) it is frequently possible to view the application and play the games at http://vicnum.ciphertechs.com. For pentesters interested in attacking many different vulnerable Web applications check out the OWASP Broken Web Application project at https://www.owasp.org/index.php/ OWASP_Broken_Web_Applications_Project. This project which was recently updated for the Black Hat conference contains many open source vulnerable web applications in addition to Vicnum. Some of these applications such as Vicnum appear to be regular web applications but are intentionally bad, others are well known applications or web frameworks that were commonly deployed and then later found to be vulnerable. Vicnum applications can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed to evaluate a web security scanner or a web application firewall, you might want to control a target web application to see what the scanner can find and what the firewall can protect. Recently a major vulnerability was found on the Yahoo Voice application in 07/2012(9)

which approximately 450,000 user accounts and passwords were disclosed due to a Union SQL injection vulnerability. Pentesters who wish to study how such an exploit can succeed can hone their SQL UNION injection techniques on the “Union Challenge” within the latest version of Vicnum. In this article we will focus on the Union SQL vulnerability which affected Yahoo Voice and see how this attack can be recreated in the Union Challenge component of Vicnum. Note that Vicnum applications are intentionally vulnerable and certain common sense measures should be taken when working with such applications. For example don’t use their tables on a production database and don’t copy n paste from their source code. As is the case with other intentionally vulnerable web applications a proper testing environment should be set up segregating the testing environment from a production environment. And of course don’t scan these intentionally vulnerable applications over a production corporate network without first having received permission.

Vicnum the Game

Most Vicnum applications are actually games that are similar to many games commonly played to kill time such and may have names such as

Page18

http://pentestmag.com


W e b A p p

COLUMN

How To Set Up A Software Hacking Lab part 1

This is the first in a series of articles on how to set up a software hacking lab. In this first article, I will detail what I want to do in this hacking lab and what the targets are I would like to have ready for my penetration test. The main focus for this hacking lab will be on web applications and testing their security.

W

hat do we want to achieve with a web application hacking lab? In my case I wanted a place to train my skills and to test for vulnerabilities in web application software. There are other considerations such as securing this lab from the outside world. In order of importance, this is the list of requirements I set for my hacking lab: • Multiple systems to work from (as an attacker) • Multiple targets to attack ranging from easy to hard • The lab should be safe from attacks from the outside world • It should be easy to maintain (both in updating systems as in adding/removing them) The choice of systems to attack and to work from will be focused on web applications, but of course, the web server is usually in scope for this type of penetration test. Since we will be hosting a multitude of vulnerable systems we want to make sure that we do not open things up to the outside world, after all we do not want to be hacked ourselves. Also, we want to be able to easily add and remove systems from our lab. When we look at all these requirements we can clearly see that installing a number of servers hosting all these systems in my living room or study 07/2012(9)

would not be the most practical solution, not to mention the difficulty of selling this to my wife ;-) We can however also go the virtual route and have all systems hosted on a powerful computer using multiple virtual machines. Since you will not be running all these systems at once any recent PC or laptop can be used, I have run om my (windows) laptop dual core with 3Gb RAM an Ubuntu Web server, an installation of Samurai WTF and BackTrack at the same time without many problems. As an added benefit to using virtual systems we add some security to our lab, as long as the vulnerable systems are not running they cannot be hacked. For better security it would be a matter of discipline to disconnect from all networks before starting any vulnerable systems, if an attacker wanted to get in he would then first need to penetrate the host system and plant some virus/backdoor for the vulnerable virtual system. This is highly unlikely, after all if the host system is already penetrated the attacker will probably already have full control of your system so attacking the virtual systems makes little sense.

Hacking lab setup

Now that we have decided to go with virtual machines we need to decide on the hardware and software for our host of the hacking lab.

Page24

http://pentestmag.com


W e b A p p

COLUMN

Security Testing Tool or Cyber Weapon There is a growing concern about the development and proliferation of what has been referred to as Cyber Arms. In fact, in 2011 China and Russia submitted a recommendation to the United Nations about a Cyber Arms Treaty. This topic is not new to the United Nations; in fact it actually can be traced back in 2006 when the U.N. General Assembly requested that all countries submit their views on a binding conventional arms trade treaty.

C

urrently, the UN is working on a global treaty that would regulate the international arms trade covering all conventional weapons that would promote transparency and accountability in the arms trade. An international legal definition of conventional arms really does not exist. The closest thing we could find states that conventional arms are all weapons that are not chemical, biological or nuclear in nature. Given that broad definition, cyber weapons would have to fall under the conventional arms heading even though cyber weapons are not specifically addressed. There is another big issue with this movement by the UN. There are 193countries that are members of the United Nations. There are 231 countries connected to the Internet. I guess the 38 countries that are not members will become sanctuaries for cyber arms developers and distributors. Recently the European Union contributed and further confused this already complex issue by their actions to control cyber weapons that negatively impact security testing tools. It states that the production or sale of devices such as computer programs designed for cyber attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offenses. If convicted, a cyber 07/2012(9)

attacker would face at least two years in prison and at least five years under aggravating circumstances (example the use of a tool specifically designed to for large-scale attacks), or attacks that cause considerable damage (disrupting critical infrastructure). Many software and systems testing tools can be considered dual-use technology. While they are used to legitimately test software and systems, they can also be used to attack those same software and systems. Pentesting is a technique used in evaluating the security of a web sites, computer system, networks and connected devices by simulating a cyber attack. In the hands of an attacker this would be an automated cyber attack platform. Now consider system capacity (load) testing tools. They automate the generation of a massive number of transactions used to assess and verify the capacity of a computer, server, network or entire system. A distributed denial of service (DDoS) also generates a massive number of transactions used to overwhelm the capacity of a computer, server, network or

Page28

http://pentestmag.com


Nipper Studio Review There’s no shortage of vulnerability assessment tools out there and this time I’m looking at one that is a little bit different. Nipper Studio from Titania offers a means to audit that often forgotten part of your network; the network itself. Routers, switches, firewalls and other network appliances are the fabric of your network and should definitely be in-scope for any rigorous information security program. I’ve given Nipper Studio a test drive to see how it performs and how it differs from other tools out there. Firstly it’s worth pointing out that Nipper Studio is not a traditional vulnerability scanner that trawls your network looking for weak spots. Instead you feed Nipper Studio the configuration files from your network devices and it audits them, producing a detailed report. This offline auditing means no traffic is generated by the audit and there’s no need to plug anything into your network, a definite plus for those working in high-security environments. Working from the inside out provides a totally different insight compared to traditional network-based scanners. Nipper Studio offers good cross-platform support with packages available for Fedora, OpenSuSE, CentOS and Ubuntu flavours of Linux as well as Windows and Mac OS X. I’ve been testing out the version for Ubuntu, which is supplied as .deb packages for 32-bit and 64-bit systems. There is a good range of supported devices with all the usual players such as Cisco, Juniper and Checkpoint represented as well as some of the rising stars like SonicWALL on the list. As well as a GUI tool for generating reports Nipper Studio includes a command line version, very useful for scripting and automating audits.

Some of the wide range of network devices supported are shown above


CYBER CRIME LAWYERS

Pannone are one of the first UK firms to recognise the need for specialist cyber crime advice. We can both defend and prosecute matters on behalf of private individuals and corporate bodies. We are able to examine material or secure evidence in-situ and will then represent your needs at every step of the way.  Our team has a wealth of experience in this growing area and are able to give discrete, specialist advice.

Please contact David Cook on

0161 909 3000

for a discussion in confidence or email david.cook@pannone.co.uk

www.pannone.com


W e b A p p

CYBER STYLETTO

Cyber Styletto 3 a.m., Christmas Morning, Hong Kong International Airport

TA

onight’s sortie was an old – fashioned stakeout, Buck had said. If Yvonne had ever been malicious computer network attack on a traffic on one, she would have understood his senmanagement system in California causes the deaths of timent, eight butinnocent instead she was feeling people. Yvonne Tran, aanxious, former black hat computerexnow working a contractor for a government posed tohacker dangers she asnever experienced workagency called CyberCom, is called in to investigate. ing in her labs behind the protection of computer Her handler and former lover, Rohan Stokes, and screens and miles, sometimes of them, executives at Network thousands Systems, the California manufacturer that designed the computer server, between her and her adversaries. have no idea how the system could have been commandeered so completely, or how many other critical systems have been infiltrated. Tran and her team – composed of former military Special Forces and civilian computer experts - must pinpoint the location where the probe originated, and stop the perpetrators before they launch a much bigger attack on Christmas Day aimed at killing thousands of Americans.

“The way it ought to be,” he said, “No fancy technology, just hardware and guts.” The team had removed their molar implants to keep from being tracked by Shi’s men. They would operate tonight in true secret, using nothing that emitted a signal, nothing that could be monitored or traced. All movements would be synchronized. Communication would be by sight alone. The others on Buck’s team were wary. They were used to their devices. “Trust me,” Buck said. “This is the way we used to do it. It’ll be more fun than any job you’ve ever About the Authors been on.” Richard Stiennon, Chief Research Analyst at ITHarvest, is a world renowned expert on cyber

security and author of “Surviving Cyberwar.” U.S. $13.37 Yvonne wasn’t so sure. For the first time in her Mike Brennan, Editor & Publisher of MITechNews. cyber career shesecurity wasforhacking Com, has covered cyber more than a in person – infiltratdecade. ingGian anDeTorre operation like a human version of the virusis the pen name of an award winning writer and literary critic whose work has esfiction she unleashed on bad guys, dressed in a gray been published in the U.S. and around the world. Cathay Computer Works jumpsuit instead of one of her thousand dollar outfits, and wearing a simple pair of tennis shoes – no stilettos tonight. She was crouched behind a beam on a catwalk, waiting for a signal from Woody that the way was clear and she could advance a few more feet towards the rogue servers stored below on the warehouse floor.

threshold of danger, the hang gliding and base jumping – all those risks were mitigated by the right equipment and dozens of safety procedures. They were exhilarating, yes, but nothing like facing real, live people, who might, by the way, try to kill her.

She remembered what she’d said to Stokes about his being a desk jockey. Despite the wars she fought in cyber space, she had to admit she’d been one too. The driving and flying she did at the

Stokes had worked for years in the field before he settled into a plush leather chair. And he didn’t flinch when the team asked him to run the diversion that would keep the Chinese security forces

07/2012(9)

Page34

http://pentestmag.com


In the upcoming issue of the W e b A p p Configuring Machine For Pentesting: • Backtrack • Pentest with Android + Browsers • Burp Suite • Metasploit 4.0 task-specialized vulnarablity scanners

+ extra content about IAST Available to download on September 27th

If you would like to contact PenTest Magazine team, just send an email to en@pentestmag.com. We will reply a.s.a.p. PenTest Magazine has a rights to change the content of the next Magazine Edition.


Keep up to date on the latest developments in the world of digital forensics Read Feature Articles on:

/ Training and Certfication / Management issues / Tools and Techniques / eDiscovery/eInvestigation / Incident Response/First Response / Hardware and Software / Network Forensics / Cyber Forensics / and much more...

Apple Autopsy:

/ A Digital Forensics look at all things Apple

From the Lab:

/ In depth technical articles on products and techniques

Legal Section:

/ In-depth articles on legal matters affecting Digital Forensics along with the latest legal news from around the world

Visit digitalforensicsmagazine.com

for the latest news and views from the digitalforensic community with special articles for registered users.

NEXT ISSUE OUT SOON SUBSCRIBE NOW Prospective authors should contact editorial@digitalforensicsmagazine.com for information on submissions.


PenTest Web App July 2012