Good news

Hi to all!

Today I’ve completed my personal 10 month security training schedule, and I gained my Offensive Security OSCP and OSCE certifications!

These months have been very fun and challenging, and now I feel more prepared than ever! I recommend these courses to anyone that would acquire some deep understanding of information security in his very practical aspects. Obviously, some prerequisites are necessary, but the most important is willingness.

Here some advice for anyone wants to start these courses:

  • For OSCP (PWK course) I recommend to read all the course materials first, then dive deep into the labs. Try to own all the machines, with and without Metasploit (even if its use is restricted into the exam, you should take advantage of the lab to learn it, because it will be your best friend in a future work in security). Research all topics in what you’ll find yourself weak. Try, try, try.
  • For OSCE (CTP course) I recommend to read all the course materials and do all the exercises. Then, read thru all the Corelan Exploit Writing tutorials (VERY recommended!) and perform all the guided exercises. Lastly, create a little lab (some Windows VMs and a Kali VM) and redo ALL the exercises in the course materials. If you have time, try to fuzz some applications and create exploits for the vulns you’ll find.

And remember, when things start go wrong and you feel tired, it’s time to TRY HARDER!

[HOWTO] Setup your debugging and reverse engineering environment with Python tools

Hi to all, today I’ll explain how to install some Python tools for debugging and reverse engineering under a Windows XP box.
These tools are:

  • Python 2.7 (obviously)
  • Immunity Debugger (great debugger completely scriptable in Python)
  • pefile (Python library for inspecting PE file format)
  • pydasm (Python library for disassembly binary code)
  • paimei (reverse engineering framework written in Python)
  • pydbg (pure-Python win32 debugger interface)

Python 2.7 and Immunity Debugger
We can start with the installation of Immunity Debugger. He will installs also the Python 2.7 interpreter on our system.
Download it from the Immunity website (or from here if you don’t want to register). Say Yes when he asks for the permission to install Python (you should install it in the default path specified by the installer).
When the installation is finished, then it’s important to add the Python path to your system PATH, so you can run it from anywhere in the system.

pefile
Download the latest version of pefile from here, unzip it in a folder and run within this folder the following command:

pydasm
Download pydasm from here, unzip it in a folder and run within this folder the following command:

paimei & pydbg
Download paimei from here and pydbg from here. Now unzip paimei, it will create a folder named paimei-master. Unzip pydbg, move all pydbg files under paimei-master\pydbg, open a cmd window within paimei-master and launch the command:

Now, go to C:\Python27\Lib\site-packages\pydbg and delete the pydasm.pyd file (it’s compiled for an older python version and it causes the pydbg library not to load)

Now all these tools are properly installed and ready to go.
Enjoy ūüėČ

How to repair the broken Freeradius-WPE default install on BackTrack 5 r2

Hi to all!

In my last hack lab I’ve played with some WPA-Enterprise hacking techniques. Then, I’ve see that the Freeradius-WPE default install in BackTrack 5 r2 don’t work out of the box (Segmentation fault problem). So, after some searching on Google, I’ve make this to work.

If you need to make Freeradius-WPE work on BackTrack 5 r2, follow this steps.

First, install the package libssl-dev:

Next, download the new Freeradius-WPE package:

Create your certs:

Now, Freeradius-WPE should work. Launch it with:

Feel free to leave a comment or to contact us. Any feedback will be appreciated!

How to create a fake AP on BackTrack 5 r2

Hi to all!

In my last MITM test I needed to create a fake AP that can relay all incoming traffic to a wireless interface connected to Internet.

I’ve some trouble doing this with brctl (because you cannot create a bridge with a wireless interface), so I have create a little laborous setup with the help of iptables. Obviously, you need two wireless card to follow this (one for the softAP – wlan1 in this tutorial –¬† and one connected to Internet – wlan0 in this tutorial).

First, you need to install a dhcp server:

Backup the default DHCP server configuration file:

Create a new DHCP server configuration file:

and add these lines into the file:

Then, start wlan1 in monitor mode:

Now, you have the interface mon0. So start your softAP (the -e option is used to specify the softAP ESSID, while the -c is used to specify the 802.11 channel):

This will create a new interface called at0. Setup this interface:

Now add a route for the traffic:

and setup new iptables rules:

Start the DHCP server on the at0 interface:

Now all the people that connect to your fake AP will be routed trasparently to the Internet.

If you are too lazy to follow this tutorial, you can use a script I make to speed up fake AP creation.

Download it -> FakeAP.tar. Now decompress all the files in the same directory. Launch the script with:

When your test are done, destroy the AP with:

Feel free to leave a comment or to contact us. Any feedback will be appreciated!

TV interview (in italian) to an exponent of Anonymous

Yesterday in Italy an interview to an exponent of Anonymous was aired on TV.

These are some Q/A’s:

 

D: Cos’è Anonymous

R: Anonymous è un insieme di persone di qualsiasi tipo, età, natura e provenienza che lotta per un ideale, la libertà di espressione e la libertà di comunicazione. Non ha colore politico.

D: Qual è l’obiettivo di Anonymous

R: Garantire la libertà di informazione nei posti in cui sono i governi a limitarla.

D: Com’è organizzata?

R: Anonymous non √® organizzata. Non ha una struttura, non ha una gerarchia, non ha capi. Il segreto sta nel cercare di organizzare in piccole cellule un‚Äôattivit√†, un programma. Esistono dei gruppi di persone un po‚Äô pi√Ļ responsabili che cercano di coordinare le varie attivit√†.

 

You can watch the video HERE.

BackTrack 5 r2 released!

The last version of the popular linux distribution for pentesting is out!

http://www.backtrack-linux.org/

After months of development, bug fixes, upgrades, and the addition of 42 new tools, we are happy to announce the full release of BackTrack 5 R2 available for download now. Running our custom-built 3.2.6 kernel with the best wireless support available, this is our fastest and best release of BackTrack yet. In the past few weeks, we have had a flood of submissions to our BackTrack Redmine Tracker with submissions for many new tools and dozens of packages that needed to be updated and this has helped to make this one of the strongest releases we’ve ever had.

 

Once again, our good friends over at Paterva have created a special BackTrack edition of Maltego 3.1.0 for your data mining pleasure and we have also included their recently-released CaseFile tool to help you organize and collate data from numerous sources. If you have never used these tools before, you really need to…they will change the way your interact with data and conduct reconnaissance.

You will also find we have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades too numerous to mention.

In addition to the aforementioned updates and additions, we have also added the following new tools to BackTrack:

arduino   bluelog   bt-audit   dirb   dnschef   dpscan   easy-creds   extundelete   findmyhash   golismero   goofile   hashcat-gui   hash-identifier   hexorbase   horst   hotpatch   joomscan   killerbee   libhijack   magictree   nipper-ng   patator   pipal   pyrit   reaver   rebind   rec-studio   redfang   se-toolkit   sqlsus   sslyze   sucrack   thc-ssl-dos   tlssled   uniscan   vega   watobo   wce   wol-e   xspy

Download it HERE.

Thanks to all guys at Offensive Security!

Best Books Richard Bejtlich read in 2011

Richard Bejtlich is one of the most authoritative person in computer security field. You can follow his blog at TaoSecurity.

He is an acclamated reviewer of most books on the subject. This is his personal rank of the books he has read and reviewed in 2011:

 

  • 10. pfSense by Jim Pingle; Reed Media Services.

 

And, the winner is…

This is the last in a recent collection of reviews on “hacking” books. Jon Erickson’s Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.

H2E accomplishes a very difficult task. The book strives to take readers with little to no real “hacking” knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren’t as successful, e.g., “Gray Hat Hacking,” which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader’s sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.

The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.

Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it’s in society’s benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it’s economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build “good security jobs.” Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.

Hacking: The Art Of Exploitation, 2nd Edition is the book I currently read. I recommend it to all people that would gain some knowledge in the computer security field, in the right way: coding, coding, coding.

Enjoy it!

Finally here!!!

Hi to all!!!

Finally Security Addicted is here!!!

Security Addicted is the new resource for the Internet underground.

In the last years Internet has pervaded the real world and has changed our habits.

We dream to help people establish trust with all the opportunities that can be found on Internet.

Ok, now it’s time to start work.

Stay tuned on all the news! Subscribe to RSS, like our Facebook Page or follow us on Twitter!