Skip to content

System Identification and OS Fingerprinting Explained

March 17, 2013
By Tony in Other

No Comments

AdSec_LinkedIn***This is a guest post from Megan Horner at TrainACE. I don’t make a habit of allowing these too often, but I am a fan of the work Joe McCray is doing over at TrainACE and the exposure for the blog does not hurt, not to mention I’ve been very busy with planning efforts for http://bsidesorlando.org and have not had time lately to post much. (If you are interested, please go there for CFP or sponsorship opportunities – CFP closes March 22). In the meantime, please join me in welcoming Megan to sentinel24.com for this post.***

System Identification and OS Fingerprinting Explained

Many malicious exploits depend on knowing the target operating system and other specific information such as the kernel version. To stay ahead of black-hat attacks, ethical hackers use an approach called OS fingerprinting that detects the type of OS and often identifies other system information. Attackers use OS fingerprinting to learn how to best exploit a system while ethical hackers use the technique as part of penetration testing.

OS fingerprinting involves inducing a remote system to reveal its OS type and other identifying system information. As different operating systems have unique vulnerabilities, system information helps determine how best to exploit the network for an attack. Several common techniques use TCP/IP protocols to either query the target or passively sniff network data. Other approaches leverage the behavior of different services or network settings. Continued…

Vulnerability Management is a Lie

December 2, 2012
By Tony in Vulnerability Management

No Comments

Vulnerability Management is a Lie

Vulnerability Management is a space that encompasses a wide variety of products from vulnerability scanners to patch management products and configuration management suites. When I think of vulnerability management I’m talking about the whole lifecycle of a vulnerability from the time a vulnerability is discovered by a security researcher until I remediate it on my affected systems and everything that happens in between. Realistically as an internal security person this process starts with the advisory from your product vendor be it Microsoft, Adobe, HP or whoever or perhaps as a result from a security assessment. The problem is vulnerability management vendors have lied to you and their marketing has proliferated a number of issues that leads to absolute failure in this space. So lets take a look at that lifecycle, examine the phases and see how failure creeps in and what we can do to streamline this process. Continued…

JunOS VM for Pentest Lab

October 26, 2012
By Tony in Pentest

No Comments

I’m starting yet another series of posts here at Sentinel24.com focused on building out a Pentest Lab. Before we get started on that series, I wanted to touch on a few advanced components. The first of these is building a Juniper JunOS based firewall in VMware. This is nothing new and is well documented around the internet but I wanted to cover it here as well for completeness and identify any gotchas when building. I also think I’ve captured an excessive number of screenshots for the build so there should not be any questions about the process, even if my prose fails to capture the proper details. I do want to give credit to several other authors at the end of this post, please visit their sites and spread the love. Without their hard work none of this would be possible. Continued…

Tags: , , , , , , , ,

Avoiding Pen Test DOOM: Protecting Customer Data

October 26, 2012
By Tony in Pentest

No Comments

This was originally posted at the SANS Pentesting Blog on 9/24/12. (I am the author)

Avoiding Pen Test DOOM: Protecting Customer Data

It’s a good day. You’ve just received the P.O. for another large customer where you have been engaged to perform a penetration test for them. Fortunately for your customer, you are a professional and they can rely on your ethics and experience to deliver a quality product that creates significant value in their never-ending struggle to manage technology risk within their environment. They want you to simulate a real attacker which means you can harvest credit card numbers and sell them on carder forums, post their password hashes on Pastebin and tweet about how lamebrain they are. Right?  Continued…

Tags: , , , , , ,

7-Safe Certified Security Testing Professional Review

September 30, 2012
By Tony in Training

1 Comment

I attend so much bad security training, it’s a rare wonder when I come across such gems as 7Safe CSTP. 7-Safe is a UK based training provider that partners with Fishnet Security here in the US to provide their courses. They focus primarily on forensics and penetration testing training and services and are one of several training providers for the CREST line of pentesting certifications. Back in February of 2011 I won a contest from http://ethicalhacker.net for free security training from Fishnet. One of the allowed courses was the 7Safe CSTP. **Author’s note – Previously I stated 7Safe was an authorized training provider for CREST. This is not the case as CREST does not endorse any training providers in this way but 7Safe does provide training programs that prepare the student for CREST. I apologize for the confusion.** Continued…

Tags: , , , , , , ,