Today I delivered the first of a trilogy of webcasts promoting my new course with the SANS Institute “Mobile Device Security and Ethical Hacking” (Security 575). In the presentation we look at the threat of lost or stolen mobile devices, examining how an attacker can use backup tools to extract data from mobile devices, bypass PIN authentication on Apple iOS and BlackBerry devices, and how to mitigate the impact of lost devices. Check it out!
A special thanks to Horst Karin for posting a great review of my new book, Hacking Exposed Wireless 2nd Edition on the ISACA website.
If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting WiFi as well as ZigBee, Bluetooth and DECT technology in the approachable and understandable Hacking Exposed style.
Be sure to check out our companion website to grab the online content and associated files for download.
Judy Novak, one of my early mentors and good friends, has posted an excellent article at packetstan.com on manipulating IPS/IDS with TCP checksum forgeries. She also details the effect of this crafty manipulation to Snort with great examples you can use on your own IPS/IDS.
Check out her article, and also check out the Scapy class she wrote for the SANS Institute. If you want to be a packet ninja, mastering Scapy with Judy will get you there fast.
Brad brought the FreeRADIUS-WPE patch up to date for FreeRADIUS 2.1.7, which I’ve posted in the Offensive Section. This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it.
Code is posted on the FreeRADIUS-WPE page. If you missed it, you can check out our slides from ShmooCon 2008, or the video.
As the author and lead instructor for the SANS Ethical Hacking Wireless course, I teach at several conferences a year and at customer’s sites. Between September 2nd and November 18th, I’ll also be teaching the Ethical Hacking Wireless course through the SANS vLive program. Instead of 6 8-hour days of hardcore wireless security training, we break the course up into 12 sections; 3 hours a night once a week for 12 weeks.
The vLive program is great because you get the benefits of live instructor-lead training but in smaller, more manageable chunks. You also save your employer on travel costs. Best yet? Wireless hacking in your PJ’s on your couch.
The vLive offering is an upgrade over the old @Home system SANS has used before. You still get the demonstrations, exploits and attacks with slides and instructor Q+A, just like at a live conference. Miss a class? No problem! You’ll be able to catch the archived session at any point during the 12-week period.
To celebrate the new system, SANS is offering a 20% discount for a limited time. Visit the SANS website to sign up for SANS Ethical Hacking Wireless with vLive. The 20% discount is available until July 31, so sign-up soon.
As always, please send me a note with any questions. Thanks!
A few minutes ago I submitted what is hopefully the last set of edits for a new day of training material I wrote titled “Fuzzing for Bug Discovery”. This hands-on day of material joins Steve Sims’ Developing Exploits for Penetration Testers and Security Researchers course.
If you haven’t already checked out Steve’s course, I highly recommend it. In just a few days, he has been turning students into exploit developers, using hands-on labs to reinforce focused training materials. The new day of fuzzing material also gives students training on the tools and techniques for software fault testing using canned and custom fuzzing tools. A quick sampling of topics includes:
- Why fuzzing is needed for security, and how it can be used by Quality Assurance teams, software developers, vendors and penetration testers
- Building your attack plan, sources for data collection, testing and monitoring techniques and tools
- Fuzzing techniques including static test case development, randomized fuzzing, mutation and intelligent mutation fuzzing
- Fuzzing opportunities and common software developer mistakes to target
- Effective fuzzing through code coverage analysis using available source or closed binaries
- In-depth coverage on building custom fuzzers with Sulley
If I had to pick, I’d say the best part of the new day are the lab exercises. In the labs, you’ll use a variety of tools including Taof, Gcov/Lcov, Paimei with Pstalker, IDA Pro with the idapython plugin, the Sulley fuzzing framework and a bunch more. In the labs, you’ll definitely find interesting and useful bugs that, at the end of Steve’s course, you’ll be writing exploits for.
Steve is teaching his Developing Exploits for Penetration Testers and Security Researchers course in several upcoming conferences:
As always, I’m more than happy to any answer questions about this day of material. I’ll also try to answer questions about the entire course, though I may defer you to Steve. In the meantime, check out the description and sample topics. Also, my thanks to Steve for the chance to contribute to his awesome course.
Over the last several months I had the pleasure of working with Ed Skoudis and Kevin Johnson in presenting a trilogy of webcasts titled the Pen Test Perfect Storm where we talk about techniques to combine network, web app and wireless pen testing. By combining these components of classic pen-tests, we are able to more effectively test the network for threats and dig deeper into an organization. Check out the slides and links to the webcast archives here:
Special thanks to Ed and Kevin for the chance to work with them on this series. Please drop me a note with any questions.
If you haven’t met Zoher Anis at a SANS conference or other popular venue, please make an effort to do so as soon as possible. Zoher is one of the most awesome guys I know, and humbles me with his new presentation “Why Joshua Wright loves Windows Vista ? And why you should be glad you’re not running it.”
Zoher came up to me at the SANS 2009 Orlando conference and showed me a slide deck he made for a private audience about some of the awesome wireless stuff Microsoft added to Windows Vista. In it, he applies a lot of the Vista wireless hacks I wrote about in Vista Wireless Power Tools (for the penetration tester), and adds his own excellent Vista hacks in the process.
After I begged and pleaded, he allowed me to distribute a sanitized version on my site. For your enjoyment. Thanks Zoher!