Thursday, 23 July 2015

Security Researcher at Pentester Academy



We've worked very hard to build a respected company in the information security training field and are proud to say we now serve thousands of professionals from over 90 countries! We are looking at expanding our research team, so here is the job description: 


We are looking for security researchers with specialization in at least one of the following areas:

  1. Network Pentesting
  2. Web Application Pentesting
  3. Mobile platform and application security 
  4. Assembly and Shellcoding
  5. Exploit Research
  6. Reverse Engineering
  7. Hardware hacking
  8. Wi-Fi security 
  9. ... and other relevant topics 
Your job will involve - 
  • researching on your area of interest full time 
  • publishing bleeding edge work online under your name
  • creating live demos of your work 
  • scripting proof of concept tools 
  • helping us build a knowledge base on the subject
  • speaking at security conferences where your research will be accepted 
  • basically live your research dream and help the company in the process
You will be working directly with Vivek Ramachandran.

Who should apply?

Here is the litmus test you should take - Apply ONLY if: 

  • you are obsessed about your field
  • understand that only results matter, hours put in don't
  • love researching and experimentation
  • hammer on a problem even after failing a hundred times
  • insane drive to succeed and take your work to the world stage 

Minimum requirements to apply:

We would only like to hire researchers with a proven track record. You at least have: 
  • spoken at good conferences worldwide
  • have written tools or products which are peer respected
  • authored books in your area of expertise
  • ... any other significant research achievements in your field   
Location:  Pune, India. Relocation expense and assistance will be provided. 

Pay:  8-20 Lakhs/year.  
Number of positions available:  5 

Contact:  Email details to vivek []  binarysecuritysolutions.com  . Please make sure you are as detailed in the description of your work as possible. What you don't write, we can never know. 






Saturday, 4 April 2015

Backtrack 5: Wireless Penetration Testing Beginner's Guide - Revised Edition




I still remember writing the "Backtrack 5: Wireless Penetration Testing" book - was super scared everyone would hate it and I'd be flamed. Now, almost 3.5 years after publication it's sold over 13,000 copies worldwide. I couldn't be happier.

Anyway, the reason for this post is something different. It came to my notice today that the revised edition of the book for Kali Linux was out last week. Since I am still retained as the primary author, I just wanted to post a few clarifications:


  1. Packt approached me to revise the book for Kali Linux but I refused
  2. I did not review the book before release or receive a pre-release copy hence I do not know what additions/modifications have been made.
  3. As I am still retained as the primary author, I think most of the changes might be screenshots using Kali. Again this needs to be verified.
  4. Full credit for any new additions or making the previous examples better should go to the co-author Cameron Bunchanan. I had no contribution to these in anyway

That's all folks! Thanks for supporting SecurityTube, Pentester Academy and me over the years! 











Saturday, 28 March 2015

Airodump-NG Scan Visualizer ver 1.0





We all love Airodump-NG! I am personally a fan of the entire Aircrack-NG tool suite and the fantastic work done by Mister_X over the years. As most of you know Airodump-NG can export the scan data as a CSV or a Kismet compatible Netxml file. The Airodump-NG Scan Visualizer takes this CSV file and allows you to filter and play around with this scan data in interesting ways.


Getting Started with the Airodump-NG Scan Visualizer

1) Start an Airodump-NG Scan with the "-w" option to write to file



2) Allow the Scan to run till you have enough data






3) Locate the XXX-YY.CSV file in the current directory






4) Upload the CSV file






5) Click on Analyze! 






Features:

1. Segregation of Access Points + Connected Clients  and Roaming Clients: 


2. Advanced String Filtering on ESSID, BSSID, Channel, Privacy, Cipher and Authentication:

Each of the above Filters has either of the 3 options:

"Starts with"




"Contains"


"Is"


We know a lot of times you will need to monitor multiple ESSIDs at the same time, hence we've allowed you to apply multiple filters per column which will be logically OR




There is no limit to the number of concurrent filters which you can apply to any column :)

3. Range Filters for Packets, Signal and Clients:

You can mention a Minimum and/or a Maximum range for each of them as shown below:


4. Filter Query shown live! 

As you apply filters to every column, see the filter expression change above the table so you can easily track what you have applied




5. Screenshots of both the Data Table and the Application screen

We know Pentesters need screenshots for writing reports so we made taking screenshots just a click away!


6. Search Roaming Clients by the ESSID they are probing for



7. Annotations:

Mark rows, columns, filters etc. on the screen with Annotations before taking screenshots to convey more information:



8. Graphs and Charts:






9. LIVE Mode - visualize data live from Airodump-NG! 

 

and many other cool features!  


Watch the Demos and Download Airodump-NG Scan Visualizer ver 1.0 





Monday, 16 March 2015

Pcap2XML/Sqlite - Convert 802.11 Packets to XML and SQLITE




This tool converts 802.11 packet traces (PCAP format) into an XML and SQLITE equivalent so you can now run XPATH/XQUERY/SQL queries on the packets.

Why do we need this?


Wireshark is great when it comes to capturing and filtering packet traces. However, it has no facility for macro level tasks. Here are some answers which Wireshark cannot give you out of the box:


  • Give me all device MAC addresses in the PCAP
  • Give me a unique list of all Access Point/Ad-Hoc networks in the PCAP
  • ... 
Of course, this is by design. Wireshark is a packet capture tool and not a data analysis platform. 


This is where Pcap2XMl/Sqlite comes in! We map every header field in an 802.11 packet to an XML and SQLITE Equivalent. Once we convert every packet into these formats, it is extremely easy to run analysis tools on them as you shall see in latter part of this post.

Where can this tool be used?

This tool can be used anywhere there is a need to analyze individual packets. However, we had the following purposes in mind:


  • Teaching Wi-Fi security using Packet Analysis
  • Deriving Macro-Stats on a PCAP file as discussed in the previous section
  • Writing a simple Wi-Fi IDS :) 
  • ...


How does the tool work?

Below is an example of the tool running on a 50MB 802.11 packet trace and creating an XML and SQLITE file:


Examples of Analysis

As you can see in the previous section, the tool has created sample.db and sample.xml.

Let us look at sample.db using Sqlite Browser:

Table containing all the packets:



Simple filter for Beacon Frames:



Macro Stats - Get All Distinct Device MAC Addresses in the PCAP




Macro Stats - Select All Distinct MACs sending Beacon Frames



Macro Stats - Select All Distinct MACs receiving Data Frames


Macro Stats - Get the Average Frame Length



Macro Stats - Get the inter-packet time delta! 





... there are tons of such examples possible as you can see. 


Can you outline some of the other interesting features?


  • Ability to select only a packet range or selected packets
  • Ability to monitor a PCAP file live for new packets
  • Automatic update checker for newer versions
  • ...
We highly recommend you check out the video tutorials we are making on this tool. 


How are the 802.11 headers mapped to XML and SQLITE?


In version 1.0, we are only mapping the 802.11 MAC Header for all frames (Management, Data and Control).

Here is the XML Schema:


Here is the SQLITE DB Schema:



Future versions will have all frames mapped apart from the Data frame payloads.

I need an output in other formats e.g. CSV, JSON, MySQL etc.

 

We chose XML and SQLITE because one could easily write simple tools in Python or other languages to convert this to other formats. At this time, we have no plans to support any other format.

What is the feature roadmap?


  • Parse and map all Management Packets (April 2015)
  • Parse and map all Control Packets (May 2015)
  • Parse and map some fields from Data Packet (May 2015)
  • Integrate with Graphs and Charting tools (June 2015)
  • Allow reverse conversion from XML, SQLITE to PCAP (July 2015) 
  • Integrate and test with PCAP to Air tools for Packet replay  (July 2015) 
  • ...


Is the tool open source? 


The tool will always be free to use but currently the source code is not public. We might change this later once we feel the tool is stable enough for collaborating. The tool is digitally signed with our certificate for authenticity.

Where can I Download this? are there any Tutorials/Documentation?





Thursday, 24 July 2014

Call for Volunteers - SecurityTube DEFCON 22 Booth




We have some really exciting news to share! We will be putting up a booth in the DEFCON 22 Vendor Area next month. We plan to give out some free stuff and hope to meet SecurityTube Users and our Students.

With close to 13,000+ hackers expected at DEFCON 22, we know we need help in managing our booth and I thought its best to ask help from the community. So this is our official Call for Volunteers!


The Vendor Booth area will be running between 10AM-7PM on Friday, Saturday and Sunday (8th-10th Aug) and we are looking for volunteers to help us for 5 hour slots. You are allowed to select multiple slots.

What do Volunteers get?


To show our appreciation, for every 5 hour slot that you volunteer, you get the following:

  • $250 worth of courseware which you can select from SecurityTube Training
  • $177 worth of Pentester Academy subscription (3 months) 
  • $125 worth of goodies - $100 exam voucher + ALFA Wireless Card 
  • SecurityTube Official T-Shirt 
  • Lunch or Dinner is on us!  (depending on your slot)
We'd probably estimate a total of $600+ in giveaways for 5 hours of volunteering. Not bad :)

Please note that you will have to manage your own travel, accommodation and entry into DEFCON.

What work can you expect?

  • Giving out a ton of FREE stuff to conference attendees coming to our booth
  • Giving out our Flyers
  • We would expect you to wear the SecurityTube T-Shirt while at the booth 

Who is Volunteer #1? 

Vivek Ramachandran, chief trainer at SecurityTube Training and Pentester Academy will be at the booth most of the time (if not all the time).

How do you apply?

Please fill this form and we will be in touch. We understand that most of us prefer to be anonymous online but you'll have to trust us with some information about yourself, if you want us to trust you with our booth :) 













Tuesday, 22 July 2014

File Upload Vulnerability







File Upload Vulnerability is an extremely interesting topic with various twists and turns such as - Content-Type Checks, Bypassing Blacklists, Double Extensions, Defeating Getimagesize() checks, Null byte injection, getting a Meterpreter on the box via File Uploads etc.


We just wanted to share one of the interesting videos on this topic - "Defeating Getimagesize() Checks in File Uploads


Defeating Getimagesize() Checks in File Uploads

In the above video, we go step by step and uncover how we can embed a webshell into an image and have it executed by the remote server, even if it uses APIs like Getimagesize() to verify the presence of an image.

Here are other videos in the series, available only to Pentester Academy subscribers:


File Upload Vulnerability Basics


 








Happy Uploading!






Tuesday, 8 July 2014

Google XSS Game: Challenge Accepted!






Google put out an XSS Game not so long ago and we decided to take a shot at it. We've created our own XSS lab for Pentester Academy and it was really fun to see that these challenges were way easier to solve than those in our lab! 

So, take a shot at the Google XSS Game - Links to the individual challenge solutions are provided below to help you get started. 




Google XSS Challenge 1 Free


 






These videos are a part of Web Application Security Course at Pentester Academy. We are hosting interesting Web Application Security Challenges in this section for our students to try out. 

We also have many more interesting courses related to various other topics in the InfoSec domain. To know more, please visit: http://PentesterAcademy.com/topics