Setting up a Network Pentest and Web Pentest Lab by Security Aegis

Network Pentest Lab

Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds are still wired to play there. Maybe that’s why we love offsec, let’s get to the point though… We made a lab.

We wanted to address pentest labs. In this post in particular, Network pentest labs (webapp will be a separate post, challenge sites will be as well)

We used an existing set of hack challenge ISO’s, sandbox VM’s, vulnerable software, and vulnerable OS’s to create a 6 target lab that can be expanded upon.

Props to @_laz3r_ for the video and research he did for the project. No longer an intern, that didn’t last long did it? ;P

READ MORE

Pentest Labs: Web Application Edition

Over the last week, we busted out our red plastic shovel and our bucket shaped like a castle to dig a little bit deeper into our sandbox. Recently, we addressed the flexibility and overall necessity of a virtual lab for network pentesting, practice, and testing.

Today, we plan to expand upon that to encompass Web App. Our setup includes 7 target sites hosted on 4 VM’s. It’s important to note, that we only showcase the tip of the iceberg. The possibility of expansion is limited only by your imagination.

This lab takes substantially more prep and organization than our network lab did, as each target site has different requirements. We hosted most of our targets on XP Pro SP3 boxes, though many should work on Vista or maybe even Win7 RC.

READ MORE

10 Everyday Items Hackers Are Targeting Right Now

"Just when you thought it was safe to use your computer, hackers have figured out how to attack everyday items. Your printer, your cellphone -- even the blender in your kitchen -- can be hacked and used against you.

And in the not-too-distant future, as the medical field makes advances with machine-to-human interfaces, even your own body and brain could be at risk.

Here are 10 everyday items that are open to fresh attacks from criminals.

1. Your Car

2. That New GPS Gizmo

3. Your Cellphone

4. The Front-Door Security System

5. Your Blender. Yes, Your Blender

6. Your Printer

7. Your New Digital Camera

8. The Power Sockets in Your Walls

9. The Human Body

10. Even the Human Brain "

Read More

10,000 XP machines attacked through 0-day flaw

"

Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)

mmpc

30 Jun 2010 1:35 PM

We've been monitoring for active attacks on the Windows Help and Support Center vulnerability (CVE-2010-1885) since the advisory was released on June 10th. At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged. Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution. If you have not yet considered the countermeasures listed in the Microsoft Security Advisory (2219475), you should consider them.

As of today, over 10,000 distinct computers have reported seeing this attack at least one time. Here are some details on the attacks we're seeing.

Geolocation

• The largest targets in terms of attack volume have been the United States, Russia, Portugal, Germany, and Brazil.
• A regional saturation rate, the number of attacked computers per a population of monitored systems (counted using a unique identifier), shows a slightly different picture. In this aspect, Portugal has seen a much higher concentration of attacks - more than ten times the world-wide average per computer. Russia is second at eight times the world-wide rate.

"

Read More