[et_pb_section fb_built=”1″ background_color=”#003c6b” _builder_version=”3.17.6″ background_image=”http:\/\/zed.inguardians.com\/wp-content\/uploads\/2019\/02\/golf_course_44.png”][et_pb_row _builder_version=”3.17.6″][et_pb_column type=”4_4″ _builder_version=”3.17.6″ parallax=”off” parallax_method=”on”][et_pb_text header_letter_spacing=”4px” _builder_version=”3.17.6″ header_font=”InG Med||||||||” header_text_color=”#ffffff”]<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ custom_padding_last_edited=”on|desktop” _builder_version=”3.17.6″ background_color=”#ededed” background_image=”http:\/\/zed.inguardians.com\/wp-content\/uploads\/2019\/02\/golf_course_44.png” custom_padding_tablet=”50px|0|50px|0″ padding_mobile=”off” parallax=”on” parallax_method=”off”][et_pb_row padding_mobile=”off” column_padding_mobile=”on” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ column_padding_mobile=”on” parallax=”off” parallax_method=”on”][et_pb_tabs _builder_version=”3.17.6″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_tab title=”Presentations ” _builder_version=”3.17.6″ tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]<\/p>\n
Bust-a-Kube CTF: Attacking a Multitenant Kubernetes Cluster <\/a>By Jay Beale <\/p>\n How Do We Stop the Next Worm From Costing Billions?<\/a> By Jay Beale <\/p>\n Data Theft In The 21st Century<\/strong> By Jay Beale<\/a><\/p>\n Pen Test Perfect Storm Trilogy \u2013 Part 1<\/a><\/strong><\/p>\n The Pen Testing Perfect Storm webcast series brings you a deluge of security assessment tactics and strategies from the combined forces of three penetration testing experts:<\/p>\n Kevin Johnson<\/strong>: web guru and senior security analyst This trio of experts will show you how to assess an organization\u2019s real business risks by taking a holistic, comprehensive look at your information security \u2013 just as determined and skilled attackers do in the wild. You\u2019ll learn techniques for safely replicating chains of threats that can pivot throughout your infrastructure, including:<\/p>\n Web<\/strong> \u2014 SQL injection, cross-site scripting, remote file inclusion, etc.<\/p>\n Wireless<\/strong> \u2014 wireless LAN discovery, crypto and protocol attacks, client duping, etc.<\/p>\n Network<\/strong> \u2014 port scanning, service compromise, client-side exploitation, etc.<\/p>\n This webcast series is ideal for anyone seeking to go beyond point-focused, \u201ctunnel-vision\u201d assessments to real-world penetration testing \u2013 mimicking the sophisticated, multi-staged threats that pose the most significant information security risks to organizations today.<\/p>\n Pen Test Perfect Storm Trilogy \u2013 Part 2!!!<\/a><\/strong><\/p>\n InGuardians is pleased to announce the release of the slides from Part 2 of the Pen Testing Perfect Storm webcast trilogy \u2013 featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson.Covering network, web app and wireless pen testing techniques, the second installment of Perfect Storm trilogy focuses on assessing the enterprise-wide fallout from a seemingly innocuous endpoint compromise \u2013 including how an exposed low-level Windows Vista box can quickly open the hatch to full-scale network subversion.During the webcast, you\u2019ll learn how to proactively test your network\u2019s vulnerability to sinking at the hands of a Client-Side Mutiny \u2013 and how to emulate what can happen after the initial compromise, including: discovering wireless devices from exploited hosts with Josh Wright\u2019s newly released VistaRFMON scanning and exploiting web applications with w3af exploiting systems with Metasploit\u2019s integrated pass-the-hash functionality Building on the premise that cyber threats don\u2019t exist in a vacuum, the Perfect Storm webcast series presents tips for replicating real-world attacks that traverse multiple layers of infrastructure using combined network, web app, and wireless attack techniques.<\/p>\n KillerBee: Practical ZigBee Exploitation Framework<\/a><\/strong><\/p>\n Josh Wright debuts KillerBee:<\/a> an attack framework designed to explore vulnerabilities in ZigBee and wireless sensor networks.In this presentation, Josh examines how ZigBee technology interacts with the kinetic world in scary ways, exploring vulnerabilities in the ZigBee protocol and opportunities to exploit these deficiencies.<\/p>\n Client-side Vulnerability Assessment and IPS:<\/a> <\/b>ToorCon, ShmooCon and NAISG talk by Jay Beale<\/p>\n Ed Skoudis and Frank Kim release a great paper on application security.<\/strong><\/a><\/p>\n Increasingly, computer attackers are exploiting flaws in Web applications, exposing enterprises to significant threats, including Personally Identifiable Information breaches and uploads of malware onto vulnerable corporate Websites for distribution to customer browsers. Many of these Web application vulnerabilities are a direct result of improper input validation and output filtering, which leads to numerous kinds of attacks, including cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many others. This article describes some of the best defenses against such attacks, which every Web application developer should master.<\/p>\n Friendly Traitor: Our Software wants to kill us<\/a><\/strong><\/p>\n This presentation series covers flawed features in many applications and devices that we use every day. From Adobe Flash to Verizon’s MiFi devices, we have found features that can be abused in a trivial nature, yet often with disastrous results.<\/p>\n SANS SCADA Summit Presentations<\/strong><\/span><\/p>\n Matt Carpenter releases two presentations on SCADA!Matthew Carpenter recently participated in two keynote panels at the SANS SCADA Summit, where he gave a turbo-talk-style overview of hacking Advanced Metering Infrastructure (AMI) and the principles of penetration-testing in the AMI space. Click here for Slides for both presentations as well as a formal response to a question posed at the summit: “How do we fix it?”…<\/p>\n SANS SCADA Pentesting Presentation<\/a><\/p>\n SANS SCADA Hacking AMI Presentation<\/a><\/p>\n SANS SCADA Summit Keynote Q & A<\/a><\/p>\n Mike Poor’s webcast slides: Pillage the village!<\/a><\/strong><\/p>\n Mike Poor gives a Core sponsored webcast Titled: Pillage the Village. Pilfering & Plundering for better Penetration Tests. This one hour presentation covers using sniffers and pilfering techniques during a penetration test to gain further access. Sure, sniffing passwords off the wire is good… but how about stealing the RSA seed file? Pulling SSL certs and passphrases. “Sniffing” memory?<\/p>\n Smart Grid AMI Security Concerns<\/a><\/strong><\/p>\n Josh Wright and Matthew Carpenter release a presentation on Smart Grid Security<\/a>. Smart Grid and Advanced Metering Infrastructure technologies hold great promise for modernizing the power grid. However, they may also introduce security vulnerabilities with potentially significant ramifications ranging from billing fraud to widespread sabotage. In this presentation, Industrial Defender and InGuardians discuss security issues associated with various components of the Smart Grid. We will address attack vectors and scenarios, highlighting defensive strategies and tactics that organizations can apply to mitigate risks. We will also look at industry initiatives to help standardize secure and resilient deployments<\/p>\n Secrets of America\u2019s Top Pentesters<\/a><\/strong><\/p>\n Authored by Co-Founder and senior security analyst Ed Skoudis, this presentation covers some little-known but extremely helpful technical and procedural tips for maximizing the effectiveness of pen tests. These secrets can help testers save huge amounts of time, improve the likelihood of successful compromise, and lower the chance of negatively impacting target systems during a test. Based on experiences learned from in-the-trenches tests by a dozen pen testers over the past year, Ed examines crucial secrets associated with scanning, password attacks, exploitation, and many other aspects that readers will be able to apply immediately in their own penetration testing regimen.<\/p>\n <\/p>\n <\/p>\n [\/et_pb_tab][et_pb_tab title=”Tools” _builder_version=”3.17.6″ tab_font=”||||” tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_font=”||||” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]<\/p>\n InGuardians routinely creates tools in the course of action. We make many of these tools available for free, without warranty, to you. \ud83d\ude42 Enjoy!<\/p>\n Tool: WeaponizedFlash.as<\/strong> Find it on GitHub at: WeaponizedFlash<\/a><\/strong><\/p>\n Kevin Johnson and Mike Poor released this weaponized flash action script, as part of their “Friendly Traitor: Our software wants to kill us” <\/a>presentation series.<\/a><\/p>\n Tool: ssh_decoder.rb <\/strong> Link: ssh_decoder.rb<\/a><\/strong><\/p>\n Josh Wright has an article on decrypting SSH sessions based on the 2008 Debian OpenSSH vulnerability, with helpful hints on how to do it, and some patches to publicly available tools to make them work even better.<\/p>\n Tool: wlan2eth<\/strong> Article Link: wlan2eth<\/a><\/strong><\/p>\n Wlan2eth is a simple tool to convert packet captures in 802.11 format to Ethernet format. Lots of tools can only understand Ethernet link types, so I wrote this tool to convert captures to a format that they can understand. For each packet in an input 802.11 capture file, wlan2eth examines header values to ensure it is a data frame, then it creates a new output packet with an appropriate Ethernet header (source and destination address and embedded protocol field are preserved from the 802.11\/802.2 header). Timestamps are also preserved from the original capture. This tool is really only useful for encrypted traffic, though you could use it with a tool such as airdecap-ng to decrypt an encrypted capture first, then convert the unencrypted output file to Ethernet format.<\/p>\n Tool: VistaRFMON<\/strong> GitHub Link: vistarfmon<\/a><\/strong><\/p>\n Monitor mode is a valued feature for both the wireless penetration tester and security analyst. It allows the penetration tester to disconnect from a network and capture all frames in the network with full IEEE 802.11 headers and associated detail. By cycling through multiple channels supported on the wireless adapter, it is possible to capture detailed information for wireless network discovery and analysis purposes. On Windows, this was previously limited to commercial drivers. vistarfmon uses Vista’s Wireless LAN API (wlanapi) to help the penetration tester leverage all the power of monitor mode.You can read more about vistarfmon in Josh Wright’s “Vista Wireless Power Tools for the Penetration Tester”<\/a> paper.<\/p>\n Tool: nm2lp (NetMon to LibPcap)<\/strong> GitHub Link: nm2lp<\/a><\/strong><\/p>\n While the NetMon UI has powerful features for analyzing packet captures, few attack tools include the ability to natively read from the NetMon stored capture file format. In order to leverage tools such as Aircrack-ng, coWPAtty and Cain for wireless analysis, the capture file format needs to be libpcap- compatible. Some tools such as Wireshark support reading and converting NetMon Ethernet captures, but do not correctly interpret NetMon wireless captures.Fortunately, the NetMon API allows developers to write custom applications and interpret data from NetMon stored captures. Combined with the ability to create a libpcap capture file, it is possible to convert the NetMon file to a libpcap file. nm2lp converts NetMon wireless captures to libpcap format, making them useful in these other tools.You can read more about nm2lp in Josh Wright’s “Vista Wireless Power Tools for the Penetration Tester”<\/a> paper.<\/p>\n External Tool: Microsoft’s Wlsample tool for Windows Vista<\/strong> GitHub Link: Wlsample<\/a><\/strong><\/p>\n Microsoft included a tool called “wlsample.exe” with the Windows Software Development Kit (SDK) for Windows Server 2008. This program allows a penetration tester to connect to a network without generating a saved profile. Microsoft has released source code for this tool and cleared it for public redistribution.Josh Wright references Wlsample in section 3.3 of his “Vista Wireless Power Tools for the Penetration Tester”<\/a> paper.<\/p>\n Project: YokosoURL: yokoso.inguardians.com<\/a><\/strong> Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.We will create JavaScript and Flash objects that are able to be delivered via XSS attacks. These code payloads will contain the fingerprinting information used to map out a network and the devices and software it contains.<\/p>\n Project: SamuraiURL: samurai.inguardians.com<\/a><\/strong> The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.<\/p>\n Project: ServifyThis<\/strong> GitHub URL: ServifyThis<\/a><\/strong> InGuardians’ ServifyThis program takes any Windows executable and converts it into a form suitable for use as a Windows service. Read more about this on the ServifyThis page<\/a>.<\/p>\n [\/et_pb_tab][et_pb_tab title=”Videos” _builder_version=”3.17.6″ tab_font=”||||” tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_font=”||||” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]<\/p>\n <\/p>\n InGuardians YouTube Channel<\/a> Interviews, presentations, tools and how-tos.<\/p>\n Security Weekly Episode #400<\/a> Mike Poor talks about Intrusion Detection, Incident Response and more.<\/p>\n Security Weekly Episode #454<\/a> InGuardians talk about perimeter protection.<\/p>\n Security Weekly Episode #436<\/a> Passwords cracking with Larry Pesce.<\/p>\n <\/p>\n <\/p>\n <\/p>\n [\/et_pb_tab][et_pb_tab title=”Podcasts” _builder_version=”3.17.6″ tab_font=”||||” tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_font=”||||” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]<\/p>\n Brakeing Down Security 2016-026<\/a> Jarrod Frates talks about pentest, security assessment and more.<\/p>\n Brakeing Down Podcast 2016-029<\/a> Adam Crompton and Tyler Robinson talk about things a company should do to protect themselves against data exfil.<\/p>\n Brakeing Down Security 2017 – 023<\/a> Jay Beale talks about his Linux class at Black Hat.<\/p>\n Brakeing Down Security 2017 – 042 <\/a>Jay Beale talks about HushCon and shares some recent news<\/p>\n Brakeing Down Security 2018 – 040<\/a> Jarrod Frates continues talks about what to expect before, during and after the pentest.<\/p>\n Brakeing Down Security 2018 – 014 <\/a>Jay Beale on container security – Docker, Kubernetes and more.<\/p>\n Brakeing Down Security 2018-009<\/a> Jay Beale on mentorship and the apprenticeship and why ‘hitting the ground running’ isn’t the sign of an immature organization.<\/p>\n Security Weekly Episode #264 Part 1<\/a> Mike Poor talks about IDS, “smart firewalls” and more. <\/p>\n [\/et_pb_tab][et_pb_tab title=”Other publications” _builder_version=”3.17.6″ tab_font=”||||” tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_font=”||||” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]<\/p>\n Vista Wireless Power Tools for the Penetration Tester<\/a><\/span><\/strong><\/p>\n By Josh Wright.This paper is designed to illustrate the Vista tools useful for wireless penetration testing, the format of which is designed to be easy to read and utilize as a learning tool. Designed after the timeless work of “Unix Power Tools” by Sherry Powers, et al, this paper presents several “article-ettes” describing the requirements, Vista features and solutions for challenges faced by a penetration tester attacking wireless networks.This paper also presents two new tools, vistarfmon and nm2lp, both available on the InGuardians Tools page<\/a>.<\/p>\n IDS Deployment on Switched Networks Using Taps<\/a><\/strong><\/span><\/p>\n By Brian Liang and Jimmy Alderson. This How-to Guide demonstrates how to scale IDS on a large network or ambiguous perimeter using network taps, comparing this to prior methods using network hubs and switch spanning ports.<\/p>\n Research<\/strong><\/p>\n Network Early Warning Systems:<\/a> <\/b>SANSFIRE Keynote on Early Warning Systems by Mike Poor<\/p>\n Complex Signatures:<\/a> <\/b>Correlating System and Application Logs with Traffic Traces and IDS Alerts by Mike Poor<\/p>\n Packet Craft for Defense in Depth:<\/a> <\/strong>Learning to use packet crafting tools to test our defenses by Mike Poor<\/p>\n Snort GUIs:<\/a><\/strong> Exploring the ins and outs of Snort front ends by Mike Poor<\/p>\n Load Balancing IDS:<\/a> <\/strong>By Brian Laing and Jimmy Alderson<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/strong><\/p>\n [\/et_pb_tab][et_pb_tab title=”Books” _builder_version=”3.17.6″ tab_font=”||||” tab_line_height=”2em” tab_line_height_tablet=”2em” tab_line_height_phone=”2em” body_font=”||||” body_line_height=”2em” body_line_height_tablet=”2em” body_line_height_phone=”2em”]Nessus Network Auditing<\/a> by Jimmy Alderson, Jay Beale, et al<\/p>\n Ethereal Packet Sniffing<\/a> by Jay Beale, et al<\/p>\n Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications<\/a> by Jay Beale, et al<\/p>\n Red Hat Linux Internet Server<\/a> by Jay Beale, et al<\/p>\n Stealing The Network: How to Own a Continent<\/a> by Jay Beale, et al<\/p>\n Stealing The Network: How to Own an Identity<\/a> by Jay Beale, et al<\/p>\n Unix Unleashed by Jay Beale, et al<\/p>\n Snort 2.1<\/a> by Mike Poor, Jay Beale, et al<\/p>\n Counter Hack by Ed Skoudis<\/p>\n Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses <\/a>by Ed Skoudis and Tom Liston<\/p>\n Malware: Fighting Malicious Code <\/a>by Ed Skoudis and Lenny Zeltser<\/p>\n
Josh Wright<\/strong>: wireless wizard and senior security researcher
Ed Skoudis<\/strong>: network security penetration tester<\/p>\n