February 22, 2012

You are here: Home / Archives for Ethical Hacking

Rapid7 Introduces Metasploit Community Edition

October 19, 2011 By

(LiveHacking.Com) – To coincide with the second anniversary of Rapid7′s acquisition of the Metasploit project, it has announced that as of version 4.1 of Metaploit, there will now be a Metasploit Community Edition, a free commercial product that is available for both personal and professional use. Metasploit Community Edition includes the same network discovery, data import, and Nexpose integration as its Metasploit Pro counterpart.

Rapid7 are releasing the Metasploit Community Edition to address the growing gap between two types of users: The security researchers and developers who want a powerful platform to build custom tools and exploits using the console interface and the security and IT professionals that use the Metasploit Framework to conduct security assessments and verify vulnerabilities.

The free Community Edition provides a simple path for identifying targets, selecting an exploit, and launching it. Sessions can be managed through the user interface and have full access to the extensive post-exploit modules built into the Metasploit Framework.

“The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “With that in mind, we’ve combined the Metasploit Framework with Rapid7′s commercial development to bring together the best of both worlds – the collaboration of security researchers around the world with quality-tested and stable commercial features. The new Metasploit Community Edition will greatly help security professionals seeking to understand risk and improve their security programs without needing to increase budgets.”

Metasploit Community Edition is available today as part of the Metasploit 4.1 release.

Filed Under: Ethical Hacking, Penetration Test, Security, Tools Tagged With: , , ,

Hacker Halted Set as Venue For North American CyperLympics Competition

October 7, 2011 By

(LiveHacking.Com) - The Global CyberLympics got underway on September 18th with the European Championships held in Budapest. Now on October the 25th, the world’s first international team ethical hacking championship comes to North America as part of Hacker Halted Miami.

The games, which are officially endorsed by the U.N.‘s cybersecurity executing arm, will be made up of both offensive and defensive security challenges. Teams will vie for regional championships, followed by a global hacking championship final to determine the world’s best cybersecurity team. The EC-Council is sponsoring the events with over $400,000 worth of prizes.

The Deloitte Netherlands team won the grueling European Championships and they will now represent Europe in the world finals in 2012. The North America Championships, which has been slimmed down to one competition from two (East and West), will decide which team will represent the USA and Canada.

The Global CyberLympics is supported by the International Multilateral Partnership Against Cyber Threats (IMPACT), which is part of the International Telecommunications Union (ITU). The ITU is the United Nations specialized agency for information and communication technologies.

“The Global CyberLympics could help to foster a greater sense of partnership and cooperation between countries on the issue of cybersecurity,” said Mohd Noor Amin, Chairman of IMPACT when the competition was originally announced.

LiveHacking.Com is proud to be an official partner of the Global CyberLympics.

Filed Under: EC-Council, Ethical Hacking Tagged With: , , , , ,

New Service Brings Crowdsourcing to Penetration Testing

August 30, 2011 By

(LiveHacking.Com) - Crowdsourcing, a term first used back in 2006, has proved a popular way to outsource tasks to large groups or communities (i.e. “the crowd”), where small actions by large numbers can achieve quick results. This idea has now been adopted in the area of penetration testing. Hatforce.com is a new service which rewards ethical hackers for performing penetration tests for willing clients.

The idea is simple. A client signs up to the Hatforce.com web site and offers a financial reward, say $70, for every vulnerability found in their web site or software. Ethical hackers then sign up to Hatforce.com and sign a legal agreement giving them the authority to “hack” the clients resource. If any vulnerabilities are found then they are paid.

The idea of asking “the crowd” to engage in security related tasks was popularized by Google with its Chromium Security Awards scheme. Under Google’s scheme software developers are rewarded for finding security related bugs in Google’s Chrome browser and in the WebKit HTML and Javascript engine. To date Google has paid out hundreds of thousands of dollars in rewards and some people like Sergey Glazunov have become semi-famous for their consistent work in find security holes.

Filed Under: Ethical Hacking, Penetration Test Tagged With: , ,

Hacker Halted 2011 Lands in Miami for October Conference – LiveHacking.com Official Media Partner

August 16, 2011 By

(LiveHacking.Com) - The EC-Council has lined up the world’s top information security experts for Hacker Halted 2011. This year’s conference will take place from October 21-27 at the InterContinental Miami. LiveHacking.com is proud to be an official media partner of the 2011 conference.

The conference is split into two distinctive parts. From October 21 to October 24 is ‘Hacker Halted | Academy’, a series of technical training & certification classes led by world class instructors. Among the courses will be the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DoD Directive 8570.01M Change 2). Then from October 25 to October 27 is ‘Hacker Halted | Conference’. With a comprehensive agenda, and an international line up of speakers, the Hacker Halted Conference promises to be one of the best information security conferences this year.

Keynote speakers highlights at Hacker Halted 2011 include:

  • Bruce Schneier, Chief Security Technology Officer at BT, best-selling author of Applied Cryptography, developer of cryptographic algorithms, such as AES-finalist Twofish, and de facto spokesperson for the information security field
  • George Kurtz, Worldwide Chief Technology Officer and Executive Vice President of McAfee, former CEO of Foundstone, before it was acquired by McAfee, and co-author of Hacking Exposed: Network Security Secrets & Solutions.
  • Philippe Courtot, chairman and CEO of Qualys, former chairman and CEO of Signio (acquired by VeriSign), and former member of the Board of Trustees for The Internet Society.

Other speakers include Barnaby Jack, of the Black Hat 2010 ATM hacking demonstration fame and Moxie Marlinspike, Fellow at the Institute of Disruptive Studies, who has discovered numerous high profile security vulnerabilities, including flaws in SSL/TLS.

Filed Under: EC-Council, Ethical Hacking, Security Tagged With: , , ,

Global CyberLympics Starting in September – Endorsed by U.N.’s Cybersecurity Arm

August 5, 2011 By

(LiveHacking.Com) - The U.N.‘s cybersecurity executing arm has officially endorsed the EC-Council’s upcoming Global CyberLympics. This new Olympic style ethical hacking championship will start this September across six continents with the aim of fostering better cooperation and communication on cybersecurity issues on the international stage.

The games will be made up of  both offensive and defensive security challenges. Teams will vie for regional championships, followed by a global hacking championship final to determine the world’s best cybersecurity team. The EC-Council is sponsoring the events with over $400,000 worth of prizes.

The Global CyberLympics is supported by the International Multilateral Partnership Against Cyber Threats (IMPACT), which is part of the International Telecommunications Union (ITU). The ITU is the United Nations specialized agency for information and communication technologies.

“The Global CyberLympics could help to foster a greater sense of partnership and cooperation between countries on the issue of cybersecurity,” said Mohd Noor Amin, Chairman of IMPACT. “By sharing knowledge, training and resources, we can help to improve the level of cybersecurity in many countries and regions around the world.”

Regional championships will be held in various locations across different continents, and co-hosted with reputable IT/information security conferences and tradeshows, as follows:

  • North America (Eastern) | Hacker Halted USA – Miami, USA
  • North America (Western) | TakeDownCon – Las Vegas, USA
  • South America | H2HC – Sao Paolo, Brazil
  • Europe | Hacktivity – Budapest, Hungary
  • Middle East & India | GITEX – Dubai, UAE
  • Asia Pacific | Hacker Halted APAC – Kuala Lumpur, Malaysia
  • Africa | TakeDownCon – Johannesburg, South Africa

The EC-Council hope to hold the world final during the first quarter of 2012.

LiveHacking.Com is proud to be an official partner of the Global CyberLympics.

Filed Under: Ethical Hacking Tagged With: , , ,

TakeDownCon Dallas 2011 Information Security Conference Starts Today

May 18, 2011 By

TakeDownCon Dallas 2011 starts today. This 2 day conference, which is in its debut year, is designed for technical information security and IT professionals of all levels.

The first keynote will be given by Josh Shaul and Alex Rothacker on the Anatomy Of A Database Attack. Today’s web-accessible databases are especially susceptible to attacks, partially because of the appeal of their lucrative repositories of data, and partially because IP entry affords hackers a broader range of methods with which to invade and gain access to database information. In this presentation, the Josh and Alex will describe some of the sophisticated methods used in invading enterprise databases, as well as provide guidelines and best practices on security and compliance in a variety of database systems including Oracle, Microsoft SQL Server, IBM DB2, and Sybase.

Other first day presentations include:

A full schedule can be found here and the synopsis here.

TakeDownCon Dallas takes place at the InterContinental Dallas and is sponsored by Live Hacking, among others. Some of the supporting organizations of the event include the FBI InfraGard’s North Texas Chapter and NAISG’s Dallas Chapter.

LiveHacking.com will bring you news, interviews and photos from the event.

 

Filed Under: EC-Council, Ethical Hacking Tagged With: , , , ,

Metasploit Framework 3.7.0 Released

May 5, 2011 By

Two months after the release of the Metasploit Framework 3.6, the Metasploit team has announced the availability of Metasploit Framework 3.7.0. Since V3.6 the developers have focussed on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner.

Metasploit now ships with 685 exploit modules of which 35 are new, 355 auxiliary modules (15 new), and 39 post modules (17 new).

V3.7 also includes some new features:

  • Support for SMB signing, enabling pass-the-hash and stolen password attacks against Windows 2008 Server environments.
  • The Microsoft SQL Server mixin (and all modules) now supports NTLM authentication.
  • Data import backend has undergone a rewrite, speeding up most import tasks by a factor of four.
  • OS information is now normalized to make fingerprinting more accurate and easier to deal with.

Highlights from the new modules include:

  • Apple iOS Backup File Extraction: Extract sensitive data from iTunes backup files (location, call history, SMS content, pictures, etc).
  • Exploits for two different Adobe Flash vulnerabilities exploited in the wild.
  • Code execution modules for MySQL and PostgreSQL when a valid login is available.
  • Exploit for the Accellion File Transfer Appliance Default Encryption Key flaw found by Rapid7.
  • Over ten new exploits for HP Network Node Manager (plus an HP OpenView exploit).
  • Post-exploitation module for privilege escalation through the .NET Optimizer Service.
  • Post-exploitation modules for stealing stored WinSCP and VNC passwords.
Filed Under: Ethical Hacking, Penetration Test, Tools Tagged With: , ,

Live Hacking Penetration Testing DVD V1.3 Released

April 21, 2011 By

A new version of Live Hacking’s free Linux distribution designed for penetration testing and ethical hacking has been released. V1.3 has updated over 140 packages including Metasploit and Firefox.

New in this release is Metasploit Framework 3.6 which can be used to test your network using the framework’s internal database of known weaknesses and exploits. New to V3.6 are post-exploitation modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges. V3.6 also adds 15 new exploits making a total of 648 exploit modules, 342 auxiliary modules and 23 post modules.

The Live Hacking Linux distribution is a ‘Live DVD’ which boots directly from your DVD and doesn’t need to be installed on your computer. As well as the standard Linux networking tools the Live Hacking DVD has tools for DNS enumeration and reconnaissance as well as utilities for foot-printing, password cracking and network sniffing. It also has programs for spoofing and a set of wireless networking utilities.

Now that the pool of free IPv4 addresses has been depleted, the Live Hacking DVD includes the THC-IPV6 tool, a set of tools to attack the inherent protocol weaknesses of IPv6 and ICMP6.

Use this link to download the Live Hacking DVD V1.3.

Filed Under: Ethical Hacking, Live Hacking Tagged With: , , , , , ,

Information Security Conference TakeDownCon 2011

April 15, 2011 By

May 14th sees the start of TakeDownCon 2011 in Dallas. This is the debut year for this conference and it promises to become an essential conference for all those involved in information security. TakeDownCon is a highly technical conference, designed by the EC-Council, that focuses on technical research in cutting-edge exploits and vulnerabilities. It also includes 4 days of training, including the EC-Council’s Certified Ethical Hacker (CEH) – an accepted certification by the U.S. Department of Defense (DoD) Directive 8570, and 2 days of keynotes, demonstrations and presentations.

The first keynote will be given by Barnaby Jack, who most recently gained widespread media attention for demonstrating, at BlackHat 2010, the exploitation of vulnerabilities within Automated Teller Machines (ATMs). Other speakers include Josh Shaul, Joe McCray, Alex Rothacker, and Jeremiah Talamantes, on topics including database attacks, automated malware analysis and smart phone security models.

TakeDownCon Dallas takes place on May 14-19 at the InterContinental Dallas and is sponsored by Live Hacking, among others. Some of the supporting organizations of the event include the FBI InfraGard’s North Texas Chapter and NAISG’s Dallas Chapter.

The conference program can be seen here and the session synopses here. LiveHacking.com will bring you news, interviews and photos from the event.

Filed Under: EC-Council, Ethical Hacking Tagged With: , ,

Amazon EC2 Used to Hack Wi-Fi – WPA Now Redundant?

January 11, 2011 By

Wi-FiGerman researcher Thomas Roth has announced that he has successfully been able to break into a Wi-Fi network encrypted with the Wi-Fi Protected Access (WPA) protocols in under 6 minutes by using Amazon EC2 cloud computing.

Roth uses a brute force approach to try to gain entry to the network. Using Amazon’s cloud based computing, which can be used for just 28 cents per minute, his technique is to try and decrypt WPA by forceable trying up to 400,000 password per second. This means that in 6 minutes Roth’s software tries 144,000,000 password.

When speaking to Reuters Roth said “People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so. But it is easy to brute force them.”

Roth will present his software to the public and teach people how to use it later this month at the Black Hat hacking conference in Washington, D.C.

Amazon have been quick to point out that using Amazon Web Services (AWS) and its Elastic Compute Cloud (EC2) computing service violates their terms and conditions (and is illegal in many places around the world) without the permission of the Wi-Fi network owner.

Filed Under: Amazon, Ethical Hacking, Wire-less Tagged With: , ,
« Older Posts