Older Entries »

Digging tunnels with SSH

By gmoskov, on January 30th, 2011

SSH tunnels are an old trick, which is recently getting increasingly popular with all this content filtering happening at the corporate or even at the national level. This article demonstrates how to use SSH tunnels, bypass content filters and avoid port restrictions, even through HTTP proxy servers. . . . → Read More: Digging tunnels with SSH

Leave a comment   Client Security, Internal Network, Pentest Articles, Security Guides   , , , , , , , , , ,  

ARP spoofing attack and defense

By gmoskov, on December 11th, 2010

As described in Wikipedia, ARP spoofing (otherwise known as ARP poisoning or Arp Poison Routing – APR) is a Layer 2 attack that can be carried out in most internal networks and therefore is extremely dangerous. It’s main purpose is to sniff the communication of a client talking to a server, by intercepting or even modifying the traffic in order to decrypt the already encrypted traffic. This article will guide you through the process of understanding, demonstrating and protecting your network against this attack. . . . → Read More: ARP spoofing attack and defense

Leave a comment   Internal Network, Layer 2, Pentest Articles   , , , , , , , , , , ,  

Protect your Apache web server with mod_evasive

By gmoskov, on November 6th, 2010

Mod_evasive is an Apache module that is designed to limit the impact of different types of attacks (like DDoS, scripted or brute force) on your web site/server. When integrated with iptables, mod_evasive can stand up to even larger attacks. . . . → Read More: Protect your Apache web server with mod_evasive

Leave a comment   Security Guides, Web Server Security   , , , , , , , ,  

DHCP starvation - quick and dirty

By gmoskov, on October 2nd, 2010

The DHCP starvation attack is quite simple to implement and therefore quite dangerous, especially if it grows to a DHCP spoofing attack. It can be used to implement a Denial of Service (DoS) attack against the DHCP server on the local network, thus preventing legitimate clients from accessing network resources. In this article we will demonstrate how this attack can be deployed and later we will go through the steps necessary to mitigate it on Cisco equipment with the help of DHCP snooping. . . . → Read More: DHCP starvation – quick and dirty

Leave a comment   Internal Network, Layer 2, Pentest Articles   , , , ,  

IP over DNS

By gmoskov, on September 5th, 2010

Sometimes while you are performing a penetration test, you need to break out from a supposedly isolated network like an internal VLAN in a bank, or a process network full of SCADA equipment. Such networks should be completely isolated from the Internet, so there is no chance that someone who has network access can implant a backdoor and either sneak out information or allow access from the outside. This article demonstrates how the often overlooked DNS service can be used to build a covert channel and why when you configure an isolated network, you shouldn’t allow even name resolution of external hosts. To demonstrate this we will use the NSTX tunnel software to build a dns tunnel and bypass firewall. . . . → Read More: IP over DNS

One comment   Internal Network, Pentest Articles   , , , , , ,  

DTP - Share it

By gmoskov, on August 19th, 2010

The one thing that is always overlooked, when someone tries to secure a network, is the user side. It is rare to see a DMZ network, that is protected by a firewall from the users. The general idea is that if you are an internal user, you have legitimate access to the servers, so there is no need to protect them from you. In this article we will discuss a frequently overlooked feature of Cisco switches called DTP, we will explain why is it dangerous and what are the steps to disable it. . . . → Read More: DTP – Share it

Leave a comment   Internal Network, Layer 2, Pentest Articles   , , , , , , , , , ,  

GnuPG - quick console guide

By gmoskov, on July 23rd, 2010

This short gpg howto demonstrates how to use the Gnu Privacy Guard (GnuPG) tools on Unix/Linux systems. By following this guide you will understand how to generate a gpg key and you will go through the basics of public key encryption and digital signatures, and you would be able to work your way out to sending encrypted email attachments. . . . → Read More: GnuPG – quick console guide

Leave a comment   Client Security, Email Security, Security Guides   , , , , ,  

Wireless WEP (in)security

By gmoskov, on June 20th, 2010

Wireless security has been a great concern for the IT security professionals from at least a decade. It is difficult to protect something that you can’t see, that goes through walls and that everyone close enough can eavesdrop, especially when the only wifi security in place is the deprecated wireless encryption protocol WEP. In this article we will break the wireless security of a demo network and we will obtain the wep key. We will use arp injection in order to facilitate this so called wep crack and we will do that so fast, that from now on you will always have second thoughts about wifi security. . . . → Read More: Wireless WEP (in)security

Leave a comment   Internal Network, Pentest Articles, Wireless Security   , , , , ,  
 
  Older Entries »