Eclectic Security

Penetration test is an evaluation method to asses computers, systems or networks vulnerabilities and exploit them in order to  measure the impact of the flaws to the system under testing. Different testing frameworks and methodologies exist to help infosec people to choose the best strategy to conduct a successful penetration test. Here is a list of the most widely used methodologies. Enjoy !!!

ISSAF

The ISSAF is OISSG’s flagship project. It is an effort to develop an end-to-end framework for security assessment. The ISSAF aims to provide a single point of reference for professionals involved in security assessment; it reflects and addresses the practical issues of security assessment. The penetration testing framework.

OSSTMM – Open Source Security Testing Methodology Manual

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases. OSSTMM web page.

OWASP

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. OWASP web page.

Barley risotto with squids and asparagus.
Stewed wild herbs.
Oranges.

Credits: Ivana

Veal roll rost filled with wild herbs and ricotta cheese.
Onion omelette.
Mixed seasonal salad.

Credits: Ivana

Today we are back from Belgrade, where the spring edition of “nothing will happen” took place. A brief description of Nothing will happen: NWH is a series of gatherings of  hackers  from all over former Yugoslavia. The meetings are very informal and relaxed, non-attendance fee is required, but the informations that you  receive/exchange are invaluable. Despite the title of the event some stuff took place, like Queue – Gearman, Redis, CouchDB (Dobrica), Bitcoin (marcell), String searčing (Klemo), mk.hacklab (Damjan,Aleks). Belgrade is s a charming place especially during the night, streets are crowded and bars packed. If you are a geek, go for  a beer in the famous Belgrade “Silicon Valley” and you will see that it has nothing to do with the IT industry! -

Below you can find some photos of the event and the evening excursions.

Some other photos of the trip to Belgrade are available on Flickr by Mr Gzec

After the Smooth-Sec upgrade, nothing better than a good lunch.

Broccoli quiche.
Mashed peas.
Rucola salade with matured (24 mths) Parmigiano and balsamico di Modena.

Credits: Ivana

Since the release of Smooth-Sec this is the first time that we are upgrading  suricata . This release brings a lot of new features, improvements and a few fixes. If you want to know more about  the new IPS features in Suricata  1.1 beta 2 please refer to Eric Leblond blog post. Thanks to Victor Julien for all the efforts in the new release.

Please follow this simple steps to upgrade to the new suricata.

#stop suricata
/etc/init.d/suricata stop
#make a backup of the old suricata
cp -a  /etc/suricata/ /etc/suricata.1.1beta1
cd /root/
#get the new suricata and install it
git clone git://gitorious.org/smooth-sec/suricata-1-1beta2.git
cd suricata-1-1beta2/
cp suricata.yaml /etc/suricata
dpkg -i suricata_1.1beta2-1_i386.deb

run #suricata -V to check if the new version is installed, you must get this
output. This is Suricata version 1.1beta2 (rev )

/etc/init.d/suricata start

Below, you can find a brief summary of the new suricata functionalities.

New features

- New keyword support: http_raw_uri (including /I for pcre), ssl_state, ssl_version (#258, #259, #260, #262).
- Inline mode for the stream engine (#230, #248).
- New keyword support: nfq_set_mark
- Included an example decoder-events.rules file
- api for adding and selecting runmodes was added
- pcap logging / recording output was added
- basic SCTP protocol parsing was added
- more fine grained CPU affinity setting support was added

Improvements

- stream engine inspects stream in larger chunks
- fast_pattern support for http_method content modifier (#255)
- negation support for isdataat keyword (#257)
- configurable interval for stats.log updates (#247)
- new pf_ring runmode was added that scales better
- pcap live mode now handles the monitor interface going up and down
- several QA additions to “make check”
- NFQ (linux inline) mode was improved

Fixes

- Alerts classification fix (#275)
- compiles and runs on big-endian systems (#63)
- unified2 output works around barnyard2 issues with DLT_RAW + IPv6

Marinated bonito.
Chick peas and spinach salad.
Radicchio.

Credits: Ivana

Just a few hours ago a new version of The Social-Engineer Toolkit (SET) was released. This version is called “Artillery Edition”, and some major changes are, a completely custom interactive SET shell and RATTE a HTTP tunneling blowfish encrypted payload. Also a new attack vector including the wireless attack vector which will setup a rogue access point, spoof DNS, and launch the different SET attack vectors. If you are using SET from Backtrack, you can upgrade it following this few steps.

Log in to Backtrack:

#cd /pentest/exploits/SET/

#./set-update

Please wait until the update is finished, and run

#./set

Have fun!!!