Just a list I collected over time. Many are free or provide free issues.
Software Test & QA
http://www.softwaretestpro.com/Publication/p/STPM
(IN)Secure Magazine
http://www.net-security.org/insecuremag.php
Hack in the Box Magazine
http://magazine.hackinthebox.org/
IT Expert Magazine
http://www.itexpertmag.com/
Hakin9 Magazine
http://hakin9.org/
Datacenter Magazine
http://datacentermag.com/category/magazine/
Pentest Magazine
http://pentestmag.com/
Security Acts
http://www.securityacts.com/
Security Kaizen Magazine
http://www.bluekaizen.org/security-kaizen-magazine/
Testing Experience
http://www.testingexperience.com/
N2100 modules mirror
For some years now I am a happy owner of a Thecus N2100 NAS.
Although it is getting a bit slow compared to the newer generations of NAS devices, one of the things I like about it is the way you can customize it to your own needs by using modules. Over the last years a fairly active community developed many of these modules and discussed them on the Thecus user groups Thecus Usergroup Forum.
Unfortunately the community is declining and moving to newer devices and many of the modules can no longer be downloaded from the original locations. I therefor downloaded as many modules as possible while I could and I am providing a mirror for it on Google Docs. You can find my mirror to the N2100 modules here.
Although it is getting a bit slow compared to the newer generations of NAS devices, one of the things I like about it is the way you can customize it to your own needs by using modules. Over the last years a fairly active community developed many of these modules and discussed them on the Thecus user groups Thecus Usergroup Forum.
Unfortunately the community is declining and moving to newer devices and many of the modules can no longer be downloaded from the original locations. I therefor downloaded as many modules as possible while I could and I am providing a mirror for it on Google Docs. You can find my mirror to the N2100 modules here.
Ideal Skill Set For Web Application Security Testers
Today I saw an interesting post by Keatron Evans on the "Ideal Skill Set For the Penetration Testing". You can find his blog here.
While I think it is a good summary about the skill-set for pentesters, I think it is not the correct skill-set for web application security testers. So I have made a slightly modified version of it for (what I think to be) the basic skill-set of a web application security tester.
I tried to maintain the original list as much as possible and provide the webappsec analogies of the items. I also copy/pasted the good bits and the things I thought to be applicable in both lists.
1. Mastery of web and application servers. Each and every web and application server has its own configuration options, behaviour, quirks and file locations. Learn them and learn how to abuse or break them.
2 Good knowledge of the HTTP protocol. Understand and learn the header fields, how cookies work and the different request methods. Understand how HTTPS works. Get the basics of AJAX, JSON, serialized streams, etc.
3. If you don’t understand the things in item 2, then you can’t possibly understand how session management, CSRF or a (layer 7) MiTM attack actually works.
4. Learn the ins and outs of HTML, javascript, CSS. Learn the different encoding mechanisms, their uses and limitations. Also learn how each browser handles exceptions and strange input (see 6)
5. Learn the ins and outs of the mechanisms behind IDS and IPS. Learn how to pass data past them using basic encoding and other simple techniques. There’s no better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a WAF and start the process over again. Start experimenting with different encodings and obfuscation techniques and other attacks.
6. Know your browsers. Despite all the standards browsers tend to handle HTML, javascript and encodings in a (slightly) different way. Next to that, each browser has its own configuration options, behaviour, quirks and file locations.
7. Eventually learn a programming language. Focus on Java, Python and Ruby. Figure out something you want to automate, or think of something simple you’d like to create. For example, a simple fuzzer or request/response interceptor.
8, 9 and 10. Same as Keatron Evans' list.
While I think it is a good summary about the skill-set for pentesters, I think it is not the correct skill-set for web application security testers. So I have made a slightly modified version of it for (what I think to be) the basic skill-set of a web application security tester.
I tried to maintain the original list as much as possible and provide the webappsec analogies of the items. I also copy/pasted the good bits and the things I thought to be applicable in both lists.
1. Mastery of web and application servers. Each and every web and application server has its own configuration options, behaviour, quirks and file locations. Learn them and learn how to abuse or break them.
2 Good knowledge of the HTTP protocol. Understand and learn the header fields, how cookies work and the different request methods. Understand how HTTPS works. Get the basics of AJAX, JSON, serialized streams, etc.
3. If you don’t understand the things in item 2, then you can’t possibly understand how session management, CSRF or a (layer 7) MiTM attack actually works.
4. Learn the ins and outs of HTML, javascript, CSS. Learn the different encoding mechanisms, their uses and limitations. Also learn how each browser handles exceptions and strange input (see 6)
5. Learn the ins and outs of the mechanisms behind IDS and IPS. Learn how to pass data past them using basic encoding and other simple techniques. There’s no better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a WAF and start the process over again. Start experimenting with different encodings and obfuscation techniques and other attacks.
6. Know your browsers. Despite all the standards browsers tend to handle HTML, javascript and encodings in a (slightly) different way. Next to that, each browser has its own configuration options, behaviour, quirks and file locations.
7. Eventually learn a programming language. Focus on Java, Python and Ruby. Figure out something you want to automate, or think of something simple you’d like to create. For example, a simple fuzzer or request/response interceptor.
8, 9 and 10. Same as Keatron Evans' list.
Booting your Dual-boot OS in a virtual machine
In my previous post I showed how to boot from a USB device in a virtual machine by directly connecting a physical disk from the host to the VM. Just to see how far you can go with that I tried to boot my dual-boot OS in the same way.
Note: directly accessing your boot-disk from a VM can seriously mess up things. You are warned :)
Note: simultaneously running your host OS in a virtual machine is most definitely going to result in disaster; I strongly advise not to do that.
The process is basically the same as for attaching your USB stick, but this time you have to select PhysicalDrive0 in QEMU or VMWare player.
In VMWare player you have the option to select the partions the VM is allowed to access. The bootsector/MBR is always accessible, so you can use this option to prevent the VM from accessing your host OS. On my disk I have Samurai WTF installed next to my windows OS. I have 2 NTFS partions, 1 FAT32 partition and 2 ext partitions. In this example I booted in windows and want to have the VM boot the dual-boot linux so I only selected the ext partitions in the VM properties:
Booting the VM first shows the bootloader
And after selecting the Linux option it will boot without problems.
Attempting to boot from a partion not selected in the VM properties will result in an error, so you can use this option to prevent accidentally selecting the wrong OS:
Note: directly accessing your boot-disk from a VM can seriously mess up things. You are warned :)
Note: simultaneously running your host OS in a virtual machine is most definitely going to result in disaster; I strongly advise not to do that.
The process is basically the same as for attaching your USB stick, but this time you have to select PhysicalDrive0 in QEMU or VMWare player.
In VMWare player you have the option to select the partions the VM is allowed to access. The bootsector/MBR is always accessible, so you can use this option to prevent the VM from accessing your host OS. On my disk I have Samurai WTF installed next to my windows OS. I have 2 NTFS partions, 1 FAT32 partition and 2 ext partitions. In this example I booted in windows and want to have the VM boot the dual-boot linux so I only selected the ext partitions in the VM properties:
Booting the VM first shows the bootloader
And after selecting the Linux option it will boot without problems.
Attempting to boot from a partion not selected in the VM properties will result in an error, so you can use this option to prevent accidentally selecting the wrong OS:
Booting from USB flashdrive in virtual machine
The last weeks I have been playing a bit with bootable USB flashdrives and bootloaders/managers. One of the annoyances in doing that is testing if your changes work. The easiest way is to do this in a virtual machine of course, but not all virtual machine solutions support booting from a USB device. Many solutions found on the internet suggest booting an iso with a bootmanager (like plop) first, but there is a more direct solution in VMWare player and QEMU (maybe also in other products). A big advantage of this method is that directly accessing the disc is a lot faster than by using the USB stack of the virtual player.
Both VMWare player and QEMU support booting from "Physical Drives", which basically is nothing more that booting from a disk that is already present in the host.
When you are using QEMU with QEMU Manager the option can be found on the Drives tab:
The booting device of the host is typically PhysicalDrive0. Your USB devices should be PhysicalDrive1 or higher. Make sure you select the right one.
In VMWare the option is not directly available when creating a new VM. First you have to create a virtual hd of any size and finish the VM. After that edit the properties and delete the created HD. Now add a new hard disk and select the option "use a physical disk (for advanced users)":
Just as in QEMU the booting device of the host is typically PhysicalDrive0. Your USB devices should be PhysicalDrive1 or higher. Make sure you select the right one.
There is also a selection for using the whole drive or individual partitions, but for USB flashdrives you can leave this on "use entire disk" (as partitions on USB flashdrives are hardly supported and unusual).
A screenshot of a proof-of-concept running the miniXP from Hiren's BootCD in VMWare player. In this case the USB flashdrive was formatted as FAT32, but for me it also worked when it was formatted as NTFS. I used grub4dos as the bootloader/manager.
and the properties of the virtual machine in VMWare Player:
Update: to prevent the VM from hijacking the USB flashdrive remove the "USB controller" from the VM properties.
Both VMWare player and QEMU support booting from "Physical Drives", which basically is nothing more that booting from a disk that is already present in the host.
When you are using QEMU with QEMU Manager the option can be found on the Drives tab:
The booting device of the host is typically PhysicalDrive0. Your USB devices should be PhysicalDrive1 or higher. Make sure you select the right one.
In VMWare the option is not directly available when creating a new VM. First you have to create a virtual hd of any size and finish the VM. After that edit the properties and delete the created HD. Now add a new hard disk and select the option "use a physical disk (for advanced users)":
Just as in QEMU the booting device of the host is typically PhysicalDrive0. Your USB devices should be PhysicalDrive1 or higher. Make sure you select the right one.
There is also a selection for using the whole drive or individual partitions, but for USB flashdrives you can leave this on "use entire disk" (as partitions on USB flashdrives are hardly supported and unusual).
A screenshot of a proof-of-concept running the miniXP from Hiren's BootCD in VMWare player. In this case the USB flashdrive was formatted as FAT32, but for me it also worked when it was formatted as NTFS. I used grub4dos as the bootloader/manager.
and the properties of the virtual machine in VMWare Player:
Update: to prevent the VM from hijacking the USB flashdrive remove the "USB controller" from the VM properties.
Subscribe to:
Posts (Atom)