Coding for Penetration Testers

What sets a good penetration tester apart from an average one is the ability to adapt to the ever-changing landscape within which we live. One aspect of this adaptability is the skill to build, extend, and manipulate scripts and applications encountered in the field. Whether tools already exist to accomplish a task, or one needs to be built to take advantage of a new vulnerability, the ability to build and extend tools in a variety of scripting languages is important. Each of the first five chapters of this resource delves into a different scripting language that we may encounter while performing penetration tests.

Through investigating the core aspects of each language, either on Microsoft
platforms, or on Linux platforms such as BackTrack 5, each chapter brings to light the power and strengths of each language. We will use these strengths to build a series of scripts to help us understand the intricacies of each language, and in most cases develop a basic tool that we can use and extend while penetration testing. Whether it is through shell scripting, Python, Perl, Ruby, or PHP, we will cover the basics of each language and discuss topics such as output handling, loops and control statements, networking, and command execution. Once the core language concepts have been covered, Coding for Penetration Testers tackles the core tasks of penetration testing. While covering scanner scripting and information gathering, we will discuss tools such as Nmap and Nessus and use the scripting languages behind them to extend the capabilities of both tools. Information gathering is one of the first and most important steps of a penetration test. We don’t know what we’re attacking until we do the initial research. Chapter 8 investigates how to automate information gathering tasks to be more effective and to
have repeatable results. Once we’ve gathered the information, we’re ready to begin the offensive. Through looking at Python as an exploit delivery tool, we will discuss the basics of exploit development. Walking through building a working exploit, Chapter 9 takes us through each step of the process, from creating a Proof of Concept (POC) to creating a repeatable and extendable exploit within the Metasploit Framework.
The following descriptions provide an overview of the contents of each chapter:

  • Chapter 1: Introduction to command shell scripting
  • Chapter 2: Introduction to Python
  • Chapter 3: Introduction to Perl
  • Chapter 4: Introduction to Ruby
  • Chapter 5: Introduction to Web scripting with PHP
  • Chapter 6: Manipulating windows with PowerShell
  • Chapter 7: Scanner scripting
  • Chapter 8: Information gathering
  • Chapter 9: Exploitation scripting
  • Chapter 10: Post-Exploitation scripting

Read More In Here

HTML5 Top 10 Threats Stealth Attacks and Silent Exploit

Abstract : HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities  and able to execute Rich Internet Applications in the context of modern browser architecture.  Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is  not a single technology stack but combination of various components like XMLHttpRequest (XHR),  Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser  rendering. It brings several new technologies to the browser which were not seen before like  localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has  enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging  these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to  compromise…Read more in here [PDF Format]


SQL Server Label Security Toolkit V-2.0

The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2012) to implement row-level security (RLS) and cell-level security (CLS) based on security labels.

The major components of the Toolkit are:

• The Label Policy Designer application
• Documentation
• Examples showing the implementation of row- and cell-level security in different scenarios

The toolkit complements the whitepaper : SQL Server 2012 CLS&RLS [word document]
For more information about securing SQL Server, visit :

Security Technical Overview : BlackBerry Bridge App and BlackBerry PlayBook Tablet

Attacks that the BlackBerry Bridge pairing process is designed to prevent

The BlackBerry Bridge pairing process is designed to help protect the connection between the BlackBerry PlayBook tablet and BlackBerry smartphone from the following types of attacks:

• Brute-force attack

• Online dictionary attack

• Eavesdropping

• Impersonating a smartphone

• Man-in-the-middle attack

• Small subgroup attack

Brute-force attack

A brute-force attack occurs when a potentially malicious user tries all possible keys and guesses what the encryption key is. The BlackBerry Bridge pairing key is 256 bits long, which makes a brute-force attack computationally infeasible.

Online dictionary attack

An online dictionary attack occurs when a potentially malicious user uses feedback to determine the correct password. For example, during the key agreement protocol, the potentially malicious user might try to guess the shared secret between the BlackBerry PlayBook tablet and BlackBerry smartphone. The ECDH protocol permits the potentially malicious user to only guess the shared secret one time. If the guess is incorrect, the BlackBerry PlayBook tablet user must restart the pairing process, which creates a new shared secret before the potentially malicious user guesses again.


An eavesdropping event occurs when a potentially malicious user monitors the communication that occurs between a BlackBerry PlayBook tablet and BlackBerry smartphone. The goal of the potentially malicious user is to determine the BlackBerry Bridge pairing key on the tablet and smartphone and then use the key to decrypt the data that the tablet and smartphone send between each other. Because the BlackBerry Bridge app uses the ECDH algorithm to generate the BlackBerry BridgBlackBerry Bridgee pairing key, a potentially malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to solving the DH problem, which is considered computationally infeasible… Read More In Here [PDF Format]


Computer Forensics Hard Disk And Operating System [C|EH]

[EC Council / [C|EH] – Full Disclousure

HardDisk : Data is organized on a hard disk in a method similar to that of a filing cabinet. The user can easily access the data and programs. When a computer uses a program or data, the program or data is copied from its location to a temporary location. When a user makes changes to a file, the computer saves the file by replacing the older file with the new file. Data is recorded magnetically onto a hard disk. A rapidly spinning platter is used as the recording medium. Heads just above the surface of the platter are used to read data from and write data to the platter. A standard interface connects a hard disk to a computer. Two common interfaces are IDE and SCSI.

Introduction to Windows, Linux, and Macintosh Boot Processes

This chapter focuses on the boot processes for the major operating systems available today. Booting, also called bootstrapping, is the process of loading an operating system into a computer’s main memory. This step takes place during the boot sequence, which is the set of steps a computer system takes after it has been powered on. The chapter begins by covering some basic information about the boot process. It then discusses the boot process for the legacy operating system MS-DOS before moving on to discussing the boot processes for Windows, Linux, and Mac OS

Read More & Download In Here [PDF Format]

Computer Forensics Investigating Data & Image File [C|EH]

[EC Council / [C|EH] – Full Disclousure

Introduction to Data Acquisition and Duplication

This chapter focuses on data acquisition and data duplication. Data acquisition is the act of taking possession of or obtaining control of data and adding it to a collection of evidence. Data duplication is the act of making a copy of data already acquired to preserve the original evidence in pristine condition. The chapter starts by discussing how to determine the best data acquisition methods for a certain situation. It then discusses how to make sure crucial data is not lost during the acquisition process. The chapter then covers the importance of data duplication before moving on to descriptions of the tools investigators use for data acquisition and duplication.

Data Recovery Contingencies

Investigators must make contingency plans when data acquisition failure occurs. To preserve digital evidence, investigators must create a duplicate copy of the evidence files. In case the original data recovered is corrupted, investigators can make use of the second copy. Investigators can use forensic tools such as EnCase and SafeBack to obtain multiple copies. Typically, computer forensic investigators make at least bit-stream image copies of the digital evidence that is collected. Investigators have at their disposal more than one bit-streaming tool. They should use at least two of these tools to make copies of the digital evidence in case one tool doesn’t properly acquire the data. During the data recovery process, an investigator must remember not to make any changes to the digital evidence. Forensic activities must be performed only on the bit-stream copies of digital evidence to ensure that the original evidence is not altered or corrupted.

Read More & Download In Here [PDF Format]

Some content on this page was disabled on March 8, 2017 as a result of a DMCA takedown notice from Cengage Learning. You can learn more about the DMCA here:

What a Honeypots?

A HONEYPOT is an information system resource whose value lies in unauthorized or illicit use of that Resource

It is defined as a computer system on the Internet that is expressly set up to attract and “trap” people who attempt to penetrate other person’s computer systems. Honeypot is a trap; an electronic bait. It is a computer or network resources that appear to be a part of the network but have been deployed as a honeypot can be as simple as a single computer running a program to listen on any number of ports; when a connection is made, the program logs the source IP and alerts the owner with an e-mail. The concept of Honeypots in general is to catch malicious network activity with a prepared machine. This computer is used as bait. A valuable compromised data is collected with the help of software that permanently collects data when a honeypot is attacked. This information is more of a surveillance and early warning tool that which also serves as an aid to computer and network forensics…[Read More In Here] . PDF Format

Source :