Ethical Hacking and Penetration Testing

Discussion on ethical hacking and penetration testing subjects.

InfoSec Institute's most popular information security and hacking training goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises . While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.

Some of the instructor-led hands-on hacking lab exercises in this security training experience:

* Capture the Flag hacking exercises every night
* Abusing DNS for host identification
* Leaking system information from Unix and Windows
* Stealthy Recon
* Unix, Windows and Cisco password cracking
* Remote buffer overflow exploit lab I - Smashing the Stack
* Remote buffer overflow exploit lab II - Integer Overflows
* Remote heap overflow exploit lab III - Beyond the Stack
* Desktop exploitation
* Remote keylogging
* Data mining authentication information from clear-text protocols
* Remote sniffing
* Breaking wireless security
* Malicious event log editing
* Transferring files through firewalls
* Hacking into Cisco routers
* Harvesting web application data
* Data retrieval with SQL Injection Hacking
* Calculating the Return on Investment (ROI) for an ethical hack

Click here to learn more about the most hands-on Ethical Hacking course ever!

Tuesday, March 14, 2006

De-anonymizing the Internet

Well, I've recently undertaken a quite interesting project--- attempting to de-anonymize specific portions of the Internet. This is by far not a new idea. I can think of 10 "projects" in different forms that have all attempted, with various degrees of success. I'll list three of them.

eBay feedback system: Forces buyers & sellers to treat each other with some degree civility. But, is easily circumvented by creating dozens of accounts through different proxies and leaving positive feedback on fake items sold between two non-existant accounts.

USAF Bot Network Traceback
: The USAF solicited bids for a R&D project to trace back through bot nets to discover the controller of the bot network. I saw some of the bids, some were very brute force (root all of the bots and then root the botmaster, then root all of his friends, his mother, and then kick his dog), others were much more creative. If you run a botnet, maybe the Air Force is watching you right now?

Google Toolbar: If you have advanced options enabled with the Google toolbar, any page you visit is transmitted to Google. Google does this primarily to track relevancy of its search results.

Obviously there are lots of ideas about reducing anonymity on the internet. Some (like the Google Toolbar) require huge scale. Others rely on technology (USAF project) and others rely on communities volunteering to give up anonymity for increased trust (eBay feedback). This all lends a question, is a de-anonymized internet better? Is it more secure? You can bet that most businesses and governments would love an internet where your IP was tied to your SSN and then to thumbprint. (Of course, this would be lame, because IPs, SSNs and even thumbprints can be spoofed by high school kids with nmap, photoshop and elmers glue, respectively) .

Its a hard question. If you look at society 200 years ago, people had a very little degree of anonymity in their daily lives. You were an apprentice for a trade (meaning you had one boss for life and you lived in his basement), you knew your neighbors, you likely had little ability to travel place yourself into new surroundings where you could pretend to be someone else. Were people better off? It would be impossible to measure, and if it was, it would be equally impossible to control for other factors, such as healthcare, political representation, etc.

Generally if you are going to do something bad or unethical, you are going to want to be anonymous (or at least assume some other sucker's identity). Conversely, if what you are doing is deemed "bad" by the powers that be, but is truely ethical and moral, you are also going to hang out on "anonymous networks" with all of the truely unethical folks.

So, the question becomes, if you have been tasked with reducing or eliminating anonymity on the Internet, how do you distinguish the bad guys from the good guys? What can you build into the system so that it can only detect traders of child porn, state-backed Chinese hackers getting into government networks, and click fraud dorks making 100k a month from Adsense?



  • At 11:52 AM, Anonymous said…

    FYI, Jack CACI won the ARDA contract. They look at DNS lookups across the internet to find where boxen are. Not sure if it will work, but it IS one of those "creative ideas" you alluded to.

  • At 10:24 PM, Tate Hansen said…

    This reminds me of IP geolocation. People/Companies making deals with ISPs to provide billing information (name, phone #, street address, etc.) in real-time for each leased public IP, be it for an individual or business. Obviously there are lots of ways to hide (e.g. TOR, proxies, the local Starbucks) but I’m guessing 99% of the Internet users don’t actively try to avoid being tracked. So, IP geolocation fits one of your goals – it reduces anonymity somewhat. Do you get to play with a big budget or is this project on the cheap?

  • At 6:46 PM, Jack Koziol said…

    Hey tate! How are ya? I hope all is well. That is true, that 99% of people arent savvy enough to prevent from being tracked... but, it is the 1% that are most interesting. I think the starbucks/random wireless problem can be solved easily, but Tor networks would be a huge problem. Good thing for me there are some vulnerabilites in Tor:

    Project has a nice budget, very well funded. I only get to do a small sliver of it, but it is an important sliver ;)

  • At 12:18 AM, tate hansen said…

    Things are good; I've been having too much fun with ruby on rails. I've drank the rails koolaid.

    A colleague and I were throwing out ideas for fun on tracking the 1%. If the resources allow -- you could run enough Tor servers to compromise the Tor network. I can't remember the exact percentage, but I think it was somewhere around 40-60% (maybe you can do it with 10% :). Without Tor or other services that offer similar features, it seems traditional public proxies would probably be next in line. Run enough of those and you again make a hit – attackers would be risking more to trust “public” proxies and you may effectively reduce their use. Without those it becomes a lot more difficult to hide your IP, thus your location or associations.

    Encryption seems to kinda’ blow watching for “bad” data. I guess if you watch everyone who encrypts you can make some easy connections along the six degrees of separation path. You encrypt, you get put on the list. You encrypt and use a public proxy or Tor, you get put on a shorter list. If something bad happens you have a really small list, relatively to all internet users, to look at. Like Echelon for the Internet.

    In the end it seems the more challenging tracking cases would fall back to standard investigation stuff. When someone sends an electronic threat to the president, the secret service starts buzzing around and it becomes a game of asking everyone around whom the likely perpetrator is.

    Anyway, this is definitely a fun topic to toss around. Do you ever attend any conferences during the year? I'll buy the beer.

  • At 10:28 AM, Anonymous said…

    It is an interesting question you raise. I see with various experts all the time this same kind of thing.

    As an example, think police. It would make their job a lot easier if we had no privacy laws whatsoever. That would be a bad thing for society. So we have them.

    I guess I see it as a "can't see the forest for the trees" kind of thing. While we absolutely need more decent security that runs both ways. The end user also requires protection not just alphabet agencies and corporations.

    Unfortunately, I don't have any insight into this dilemma. How do you get the kiddie porn guy without compromising the integrity of anyone else's information?

    As an aside, it appears that several TOR server end node servers were confiscated by police in an operation. I have been waiting for this to happen for some time. I guess they are trying to peel the layers of the onion from the outside in...

    Jason Clark


Post a Comment

<< Home