Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #21  
Old 5 November 2014, 17:35
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Quote:
Originally Posted by BOFH View Post
Seconded. I highly recommend a book called "Violent Python." I'm not much of a programmer, but I've had to learn some python to make things happen here and there...that book has been invaluable.
Violent Python is good, but it definitely doesn't teach Python. If you are not familiar with scripting, the book may appear terrible to you. Also, I believe the author is a member here, if not a lurker

As for lists of tools; I believe the admins want to shy away from that. Besides, a decent amount of tools I use are either modified, or created. A lot of IDS/IPS have signatures for finding canned tools.

If you pick up The Hacker's Playbook from Amazon, it will walk you though the process of setting up your machine with the requisite tools, and generally how to use them.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #22  
Old 5 November 2014, 17:52
Magyc Magyc is offline
Nerd Alert!
 
Join Date: Apr 2009
Location: Northern Virginia
Posts: 383
Quote:
Originally Posted by CV View Post
A lot of IDS/IPS have signatures for finding canned tools.
True. I was getting at more of the process of running through a (simulated) attack. If you're doing this as an all day every day job, you're either custom scripting like CV or using a very expensive tool that provides regular updates to bypass common or detected signatures.

Anyway, understood regarding the board management and listing tools thing.
__________________
-----------------------------------------------------
"The greatest trick the Devil ever pulled was convincing the world he didn't exist."
Reply With Quote
  #23  
Old 6 November 2014, 21:32
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
I just took part 1 of the Certified Penetration Tester (CPT) from IACRB. You have 90 minutes for 50 questions. Aced it. If you have the CEH already, this can be a little trickier, but not inherently more difficult (but could be--not sure how everyone's background plays into it).

Part 2 is a take-home lab where you need to enumerate multiple token values. You have 60 days to complete it, write a PTR, and submit the results for full certification.

No idea how valuable the certification is to organizations--but it's another merit badge for the resume.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #24  
Old 7 November 2014, 10:59
SatcomNCO SatcomNCO is offline
Confirmed User
 
Join Date: Mar 2009
Location: Deutschland
Posts: 129
Great share. I'll be checking out a lot of these courses.
Reply With Quote
  #25  
Old 7 November 2014, 14:13
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Learning is Easy

Here's my lunch-break addition for the thread...

Vulnerability assessments and penetration testing are skills that can be learned with little to no buy-in. Meaning, the tools required are generally free, or have a free version. Couple this with the fact that you can run virtual computers (VMs) at home, and you can really get up to speed if you are dedicated.

Certification versus Functional Knowledge

I covered this before, but it's worth restating that if you obtain a certification such as CEH, it doesn't mean you're a hacker or pentester. It means you likely have a solid baseline amount of knowledge that can then be molded and specialized. In other cases, you may just be a wiz at taking tests (in the later, it's easy for someone to decern). This is not to poo-poo certifications, but know that the real world functions completely different.

Functional knowledge is where you're going to really kick ass. By setting up VMs and playing around with various tools, you'll be able to master specific areas and provide real-value to any organization you work for.

I recommend taking a look the OSI model (For the majority of this entire thread, I am making the assumption that you (the reader) has a modicum of knowledge related to networking technologies.).

Each layer of the model contains threats, vulnerabilities, and exploits that you can play around with to your hearts desire (in your virtual environment).

Virtualization Software
There are paid options out there, such as VMware, that work great, but as you're likely wanting to get in cheap, check this link out for options. Honestly, Oracle's VirtualBox (in the link as well) is the best option in my opinion.

http://en.wikipedia.org/wiki/Categor...ation_software

Go set up several virtual machines. All you need is an .ICO of the operating system you are wanting to run. You can even pick up free evaluation software for major distros like Windows.

If you are feeling chippy, or already have the know-how, I recommend setting up a couple web-servers, database servers, and/or replicate an actual network entironment. The closer you can get it to a production environment, the better. If you can't do all of this, don't sweat it. It's not required.

Virtualization also gives you a slight advantage if you're concerned about privacy issues (which you should be, in general). Check out the pinned topic on data security and privacy here in the Tech forum. There's a lot of good info, and Poly has given out solid advice as well.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #26  
Old 7 November 2014, 17:30
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
(I meant .ISO not .ICO for the format of OS installs)
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #27  
Old 7 November 2014, 17:33
Magyc Magyc is offline
Nerd Alert!
 
Join Date: Apr 2009
Location: Northern Virginia
Posts: 383
Quote:
Originally Posted by CV View Post
If you are feeling chippy, or already have the know-how, I recommend setting up a couple web-servers, database servers, and/or replicate an actual network entironment. The closer you can get it to a production environment, the better. If you can't do all of this, don't sweat it. It's not required.

OWASP has WebGoat which sets up a web service for you to attack (as well as a lot of documentation and tools).

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
__________________
-----------------------------------------------------
"The greatest trick the Devil ever pulled was convincing the world he didn't exist."
Reply With Quote
  #28  
Old 10 November 2014, 14:27
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Quote:
Originally Posted by Magyc View Post
OWASP has WebGoat which sets up a web service for you to attack (as well as a lot of documentation and tools).

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Good call. Solid option for those who go ahead and set up an environment to learn on.

To add value, here's a great article on how to get up and running:
http://resources.infosecinstitute.com/hacking-lab/
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #29  
Old 14 November 2014, 15:03
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Just to make sure I reiterate and highlight: learn about the OWASP Top 10. If you can identify each by understanding them, you're more than halfway to a solid career in information security. I can't think of any infosec career that wouldn't benefit from having solid web application KSAs (knowledge, skill, and ability).
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #30  
Old 14 November 2014, 15:26
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
It’s Friday, and I have some free time. A quick note: if you are not a strong writer, or really hate writing, then a job in penetration testing will not be the most enjoyable of careers. You’re going to want to have a solid grasp of the English language, and the ability to write effectively, for a variety of readers. I mention this because it’s a constant. Think deployment: 99% boring shit followed by 1% of adrenaline pumping action. You’ll always remember the 1% and tend to forget the rest.

Alas, I wanted to touch on a topic that is a bit more advanced, but relates heavily to offensive capabilities.

Do you ever wonder why when an application crashes on your computer it immediately wants to know if you are willing to send a report to the developer? It’s because that’s where the glorious gold of chocolaty chewy nougat exists for exploitation. In hacking, getting applications to toss errors is the heart of trade-craft. It gives us all we need to find avenues of exploitation, and is referred to as Fuzzing.

As explained, fuzzing is doing weird things to get a system, application, or asset to throw errors. Specifically, it is feeding it arbitrary data in order to get it to die/crash/bork. Furthermore, there are different flavors of fuzzing—but that’s a rabbit hole that I don’t want to jump down yet. As always, if you have questions, feel free to ask. What you need to know is that fuzzing causes crashes > crashes give details > details open up avenues for exploitation.

My next post will talk about protocols. These are rules everyone follows. If they don’t follow them, they can’t play. If they can’t play, they’re irrelevant on the Information Super-Highway. Thusly, knowing protocols is a key factor that many ignore in this field. It all ties back to fuzzing.

Enjoy your weekend.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo

Last edited by CV; 14 November 2014 at 15:51.
Reply With Quote
  #31  
Old 14 November 2014, 15:51
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,230
Quote:
Originally Posted by CV View Post
Itís Friday, and I have some free time. A quick note: if you are not a strong writer, or really hate writing, then a job in penetration testing will not be the most enjoyable of careers.

Same goes for intrusion analysis or malware/forensics. If you can't write a basic report, I'll fire you in a heartbeat, no matter how much of a tech genius you are.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
  #32  
Old 14 November 2014, 21:22
malventano malventano is offline
Confirmed User
 
Join Date: Mar 2014
Location: Florence, KY
Posts: 53
Quote:
Originally Posted by BOFH View Post
Same goes for intrusion analysis or malware/forensics. If you can't write a basic report, I'll fire you in a heartbeat, no matter how much of a tech genius you are.
In a previous Malware lab that I supervised, we had one particular genius that couldn't write his way out of a paper bag. This was a joint command, so firing wasn't really an option, and it would have been a shame to just piss away a good reverser. I ended up pairing other members with him in rotation. It turned out that the guy could rip through a binary about as fast as the teammate could write. End result: The lab as a whole got to watch this guy first hand and gain valuable knowledge and techniques, and production actually increased, as the team actually produced at a rate faster than any two individuals had prior. We eventually shifted to more team work, with occasional sync meetings where we would go around the room and do quick group brainstorms on how to get past particular issues. Playing the reversing / anti-reversing cat and mouse game always helps with a bigger collective group, as you're increasing your chances that someone knows the answer, or at least a piece of the puzzle. The key is spreading the knowledge in a way that is not counter to production, as you can't spend all day training. Either way, solo seemed to generally not be the way to go, not in a reversing shop at least.
Reply With Quote
  #33  
Old 20 November 2014, 14:27
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Hereís another lunch-time installment

Technical cyber exploitation is not just about hacking into computers and servers. One misconception about the field is that you need to be a mountain-dew chugging, basement-dwelling, pocket-protecting stereotypical nerd. Nothing could be further from the truth. In fact, especially as it relates to this community, there are many very cool ways that special operations utilizes Cyber capabilities and integrates it into the entire command and control structure (C2IS, C3, C4ISR, C4ISTAR, etcÖ)

Because most of us are intimately familiar with DOD terms, Iíll keep it in this realm and mostly vanilla. In DOD, the parent of Penetration Testing is Cyber Electromagnetic Activities (CEMA). Under CEMA lies Cyberspace Operations, Electronic Warfare, and Spectrum Management Operations (CO, EW, and SMO).

If you want to learn more of how this is organized at the DOD level, thereís a Joint Publication out there specifically about the topic, as well as a newer field manual (I forget the publication number).

NOTE: For those of you currently supporting SOC capabilities and mission sets, thereís an EXCELLENT course that I would have loved to attend, aptly named the Technical Exploitation Course (TEC) (not tactical). There is a requirement for SOF tactical experience (any branch), and I have no idea if civilians could ever attend. If you cannot attend that course, the NFSTC at Fort Bragg is chalk-full of other goody classes. Donít let the opportunity go by if you can attend this school and have read this far into my thread.

In short, here's a quick breakdown:

Cyberspace Operations: Exploitation, defense, and network operations related to information systems and assets.

Electronic Warfare: Anything related to the capture or disruption of electromagnetic radio waves (communications).

Spectrum Management Operations: Boring policy-based garbage that really has little to do with this topic on a technical level.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #34  
Old 20 November 2014, 14:56
bigsapper's Avatar
bigsapper bigsapper is offline
Authorized Personnel
 
Join Date: Dec 2003
Location: Plano, TX
Posts: 685
Awesome thread! Thanks for sharing.
Reply With Quote
  #35  
Old 20 November 2014, 16:01
HighDragLowSpeed's Avatar
HighDragLowSpeed HighDragLowSpeed is offline
Been There Done That
 
Join Date: Dec 2006
Location: Only Place For Me
Posts: 5,103
Quote:
Originally Posted by CV View Post
Alas, I wanted to touch on a topic that is a bit more advanced, but relates heavily to offensive capabilities.

What you need to know is that fuzzing causes crashes > crashes give details > details open up avenues for exploitation.
"Bit more advanced" is an understatement.

Most offensive work isn't for the reasonably technical or the faint of heart. Certs will mean nothing and often be scoffed at. You'll be in a dev world and you can make yourself look stupid really fast. Even if you are a dev, your java or .NET prowess will mean nothing without C or (preferably) assembly skills behind it.

Joey Ramone once stated that lack of skill dictates economy of style. How do you know if this career field may be for you?

If you've been in a non-dev tech role for more than 2-3 years and haven't yet mastered the most basic low level concepts like being able to explain heap and stack (right now without looking it up), this probably isn't your line of work...even with more training. Whatever level of tech curiosity you may think that you have likely isn't deep enough to make you successful here. Otherwise, you would have learned that stuff by now.

If you are already a dev but think that, if Machiavelli could have built a compiler, he'd have developed the C language, then this line of work likely isn't for you either. There are places where pointers are still relevant. This is one.

if you are a student or a non-dev that meets the first criteria, you'll need to get some low level dev background. I believe that you'd be best served by learning assembly (but I'm just some random guy on the internet). Assembly is good differentiator because you'll learn how low level commands into the chip work (above all, don't panic!). Also, if assembly doesn't appeal to you, then this field likely won't either (for a number of reasons) or you'll completely suck. Instead of sucking at work, it'd be spend time sucking cock with all of the rest of, I mean, enjoying another IT security career field that is more policy or configuration oriented.

Offensive work is not just the flip side of defensive work. To be successful, you'll need to have a different skillset and mindset.
__________________
"I know of no country in which there is so little independence of mind and real freedom of discussion as in America." - de Tocqueville, 19th century

God made machine language; all the rest is the work of man.

Last edited by HighDragLowSpeed; 20 November 2014 at 16:15.
Reply With Quote
  #36  
Old 21 November 2014, 15:34
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Thumbs up

Quote:
Originally Posted by HighDragLowSpeed View Post
Offensive work is not just the flip side of defensive work. To be successful, you'll need to have a different skillset and mindset.
Solid and accurate. Thanks HDLS.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #37  
Old 1 December 2014, 07:35
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
To bounce off of what HDLS is speaking to, anyone that has been following this thread is going to want to take the concepts discussed and use their Google-Fu to learn more. TTPs won't be discussed here. Think of this thread as a sign-post to point you in the right direction.

More this week as time permits.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #38  
Old 1 December 2014, 12:46
MountainBum's Avatar
MountainBum MountainBum is offline
Vivat Fraternitatis
 
Join Date: Apr 2004
Location: OCONUS
Posts: 840
FYI, SANS Institute just approved GI Bill for their Masters and Certificate programs. As you guys know, their GIAC certs are highly sought after in the field (at least that's been my experience.) Got this in my email last week:

Quote:
======================================
SANS Graduate Programs: GI Bill Approved!
======================================

The SANS Technology Institute is honored to announce that US veterans
can now use GI Bill-related education benefits to earn an elite SANS
master's degree or graduate certificate. Veterans can now access SANS'
top courses and instructors, research security topics that matter,
network with infosec peers, and earn 5-6 GIAC certifications even before
they graduate.

Cyber education and skills development is an ideal use of veterans
education benefits. Veterans continue to serve on the front lines of our
national and corporate defenses, and we are proud to support their
ongoing professional development.

Interested US veterans should secure their VA eligibility forms now and
submit their graduate application materials in December in order to be
selected for the first cohort of 2015. Veterans can start their
programs in live classes starting as soon as February 23-28 in Maryland,
or online from anywhere once they matriculate. Learn more at
http://www.sans.edu/info/172207
Reply With Quote
  #39  
Old 1 December 2014, 14:38
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Wow, that is money right there. Good looking out.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #40  
Old 1 December 2014, 16:39
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,230
I should actually take the time to read all the emails I get from SANS. That's good stuff!
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 08:02.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Socnet.com All Rights Reserved
SOCNET