Articles/White Papers
Friendly Traitor: Our Software wants to kill us
This presentation series covers flawed features in many applications and devices that we use every day. From Adobe Flash to Verizon's MiFi devices, we have found features that can be abused in a trivial nature, yet often with disastrous results.
Friendly Traitor: Our Software wants to kill us
Advanced Metering Infrastructure Attack Methodology
This paper describes an attack framework designed by InGuardians to evaluate the security of AMI technology. Intended for use by vendors creating AMI products and customers testing their technology, this framework seeks to provide guidance to engineers charged with assessing and attacking the security of AMI technology. Developed in conjunction with the AMI-SEC Task Force (part of the UCA International Users Group), this methodology represents the standard security analysis framework for AMI technology and related systems.
Advanced Metering Infrastructure Attack Methodology
Josh Wright debuts KillerBee: an attack framework designed to explore vulnerabilities in ZigBee and wireless sensor networks.
In this presentation, Josh examines how ZigBee technology interacts with the kinetic world in scary ways, exploring vulnerabilities in the ZigBee protocol and opportunities to exploit these deficiencies.
KillerBee: Practical ZigBee Exploitation Framework
Josh Wright and Matthew Carpenter release a presentation on Smart Grid Security
Smart Grid and Advanced Metering Infrastructure technologies hold great promise for modernizing the power grid. However, they may also introduce security vulnerabilities with potentially significant ramifications ranging from billing fraud to widespread sabotage. In this presentation, Industrial Defender and InGuardians discuss security issues associated with various components of the Smart Grid. We will address attack vectors and scenarios, highlighting defensive strategies and tactics that organizations can apply to mitigate risks. We will also look at industry initiatives to help standardize secure and resilient deployments
Smart Grid AMI Security Concerns
Matt Carpenter releases two presentations on SCADA!
Matthew Carpenter recently participated in two keynote panels at the SANS SCADA Summit, where he gave a turbo-talk-style overview of hacking Advanced Metering Infrastructure (AMI) and the principles of penetration-testing in the AMI space. Click here for Slides for both presentations as well as a formal response to a question posed at the summit: "How do we fix it?"...
SANS SCADA Pentesting Presentation
SANS SCADA Hacking AMI Presentation
SANS SCADA Summit Keynote Q & A
Ed Skoudis and Frank Kim release a great paper on application security.
Increasingly, computer attackers are exploiting flaws in Web applications, exposing enterprises to significant threats, including Personally Identifiable Information breaches and uploads of malware onto vulnerable corporate Websites for distribution to customer browsers. Many of these Web application vulnerabilities are a direct result of improper input validation and output filtering, which leads to numerous kinds of attacks, including cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many others. This article describes some of the best defenses against such attacks, which every Web application developer should master.
Mike Poor's webcast slides: Pillage the village!
Mike Poor gives a Core sponsored webcast Titled: Pillage the Village. Pilfering & Plundering for better Penetration Tests. This one hour presentation covers using sniffers and pilfering techniques during a penetration test to gain further access. Sure, sniffing passwords off the wire is good... but how about stealing the RSA seed file? Pulling SSL certs and passphrases. "Sniffing" memory?
Ed Skoudis releases 3 new awesome cheat sheets!
Ed Skoudis releases 3 new cheat sheets for the most useful Windows command-line tools, Netcat, and other useful attack tools (Metasploit, Fgdump, and Hping). Get 'em while their hot!
Windows Command Line Tools
Super Netcat Cheat Sheet
Useful Attack Tools
Josh Wright releases article: Decrypting Debian-Vulnerable SSH Traffic
Intro: My favorite security flaw from 2008 is the Debian OpenSSL vulnerability. Lots of analysis work has been done to understand the ramifications of this flaw, interesting because the effect of the flaw lasts long after vulnerable systems have been patched. Full recovery requires that all keys generated on a vulnerable system be replaced.
Pen Test Perfect Storm Trilogy - Part 2!!!
InGuardians is pleased to announce the release of the slides from Part 2 of the Pen Testing Perfect Storm webcast trilogy - featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson.
Covering network, web app and wireless pen testing techniques, the second installment of Perfect Storm trilogy focuses on assessing the enterprise-wide fallout from a seemingly innocuous endpoint compromise - including how an exposed low-level Windows Vista box can quickly open the hatch to full-scale network subversion.
During the webcast, you'll learn how to proactively test your network's vulnerability to sinking at the hands of a Client-Side Mutiny - and how to emulate what can happen after the initial compromise, including: discovering wireless devices from exploited hosts with Josh Wright's newly released VistaRFMON scanning and exploiting web applications with w3af exploiting systems with Metasploit's integrated pass-the-hash functionality Building on the premise that cyberthreats don't exist in a vacuum, the Perfect Storm webcast series presents tips for replicating real-world attacks that traverse multiple layers of infrastructure using combined network, web app, and wireless attack techniques.
Pen Test Perfect Storm Trilogy - Part 1
The Pen Testing Perfect Storm webcast series brings you a deluge of security assessment tactics and strategies from the combined forces of three penetration testing experts:

Kevin Johnson: web guru and senior security analyst
Josh Wright: wireless wizard and senior security researcher
Ed Skoudis: network security penetration tester

This trio of experts will show you how to assess an organization's real business risks by taking a holistic, comprehensive look at your information security - just as determined and skilled attackers do in the wild. You'll learn techniques for safely replicating chains of threats that can pivot throughout your infrastructure, including:

Web -- SQL injection, cross-site scripting, remote file inclusion, etc.

Wireless -- wireless LAN discovery, crypto and protocol attacks, client duping, etc.

Network -- port scanning, service compromise, client-side exploitation, etc.

This webcast series is ideal for anyone seeking to go beyond point-focused, "tunnel-vision" assessments to real-world penetration testing - mimicking the sophisticated, multi-staged threats that pose the most significant information security risks to organizations today. Download the slides from the first installment of this webcast trilogy here: Pen Test Perfect Storm Trilogy - Part 1!!!
Secrets of America's Top Pentesters
Ed Skoudis
Authored by Co-Founder and senior security analyst Ed Skoudis, this presentation covers some little-known but extremely helpful technical and procedural tips for maximizing the effectiveness of pen tests. These secrets can help testers save huge amounts of time, improve the likelihood of successful compromise, and lower the chance of negatively impacting target systems during a test. Based on experiences learned from in-the-trenches tests by a dozen pen testers over the past year, Ed examines crucial secrets associated with scanning, password attacks, exploitation, and many other aspects that readers will be able to apply immediately in their own penetration testing regimen.
Vista Wireless Power Tools for the Penetration Tester
Josh Wright
This paper is designed to illustrate the Vista tools useful for wireless penetration testing, the format of which is designed to be easy to read and utilize as a learning tool. Designed after the timeless work of "Unix Power Tools" by Sherry Powers, et al, this paper presents several "article-ettes" describing the requirements, Vista features and solutions for challenges faced by a penetration tester attacking wireless networks.
This paper also presents two new tools, vistarfmon and nm2lp, both available on the InGuardians Tools page.
IDS Deployment on Switched Networks Using Taps:
Brian Liang and Jimmy Alderson
This How-to Guide demonstrates how to scale IDS on a large network or ambiguous perimeter using network taps, comparing this to prior methods using network hubs and switch spanning ports.