Coding for Penetration Testers

What sets a good penetration tester apart from an average one is the ability to adapt to the ever-changing landscape within which we live. One aspect of this adaptability is the skill to build, extend, and manipulate scripts and applications encountered in the field. Whether tools already exist to accomplish a task, or one needs to be built to take advantage of a new vulnerability, the ability to build and extend tools in a variety of scripting languages is important. Each of the first five chapters of this resource delves into a different scripting language that we may encounter while performing penetration tests.

Through investigating the core aspects of each language, either on Microsoft
platforms, or on Linux platforms such as BackTrack 5, each chapter brings to light the power and strengths of each language. We will use these strengths to build a series of scripts to help us understand the intricacies of each language, and in most cases develop a basic tool that we can use and extend while penetration testing. Whether it is through shell scripting, Python, Perl, Ruby, or PHP, we will cover the basics of each language and discuss topics such as output handling, loops and control statements, networking, and command execution. Once the core language concepts have been covered, Coding for Penetration Testers tackles the core tasks of penetration testing. While covering scanner scripting and information gathering, we will discuss tools such as Nmap and Nessus and use the scripting languages behind them to extend the capabilities of both tools. Information gathering is one of the first and most important steps of a penetration test. We don’t know what we’re attacking until we do the initial research. Chapter 8 investigates how to automate information gathering tasks to be more effective and to
have repeatable results. Once we’ve gathered the information, we’re ready to begin the offensive. Through looking at Python as an exploit delivery tool, we will discuss the basics of exploit development. Walking through building a working exploit, Chapter 9 takes us through each step of the process, from creating a Proof of Concept (POC) to creating a repeatable and extendable exploit within the Metasploit Framework.
The following descriptions provide an overview of the contents of each chapter:

  • Chapter 1: Introduction to command shell scripting
  • Chapter 2: Introduction to Python
  • Chapter 3: Introduction to Perl
  • Chapter 4: Introduction to Ruby
  • Chapter 5: Introduction to Web scripting with PHP
  • Chapter 6: Manipulating windows with PowerShell
  • Chapter 7: Scanner scripting
  • Chapter 8: Information gathering
  • Chapter 9: Exploitation scripting
  • Chapter 10: Post-Exploitation scripting

Read More In Here

HTML5 Top 10 Threats Stealth Attacks and Silent Exploit

Abstract : HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities  and able to execute Rich Internet Applications in the context of modern browser architecture.  Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is  not a single technology stack but combination of various components like XMLHttpRequest (XHR),  Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser  rendering. It brings several new technologies to the browser which were not seen before like  localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has  enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging  these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to  compromise…Read more in here [PDF Format]


SQL Server Label Security Toolkit V-2.0

The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2012) to implement row-level security (RLS) and cell-level security (CLS) based on security labels.

The major components of the Toolkit are:

• The Label Policy Designer application
• Documentation
• Examples showing the implementation of row- and cell-level security in different scenarios

The toolkit complements the whitepaper : SQL Server 2012 CLS&RLS [word document]
For more information about securing SQL Server, visit :

Security Technical Overview : BlackBerry Bridge App and BlackBerry PlayBook Tablet

Attacks that the BlackBerry Bridge pairing process is designed to prevent

The BlackBerry Bridge pairing process is designed to help protect the connection between the BlackBerry PlayBook tablet and BlackBerry smartphone from the following types of attacks:

• Brute-force attack

• Online dictionary attack

• Eavesdropping

• Impersonating a smartphone

• Man-in-the-middle attack

• Small subgroup attack

Brute-force attack

A brute-force attack occurs when a potentially malicious user tries all possible keys and guesses what the encryption key is. The BlackBerry Bridge pairing key is 256 bits long, which makes a brute-force attack computationally infeasible.

Online dictionary attack

An online dictionary attack occurs when a potentially malicious user uses feedback to determine the correct password. For example, during the key agreement protocol, the potentially malicious user might try to guess the shared secret between the BlackBerry PlayBook tablet and BlackBerry smartphone. The ECDH protocol permits the potentially malicious user to only guess the shared secret one time. If the guess is incorrect, the BlackBerry PlayBook tablet user must restart the pairing process, which creates a new shared secret before the potentially malicious user guesses again.


An eavesdropping event occurs when a potentially malicious user monitors the communication that occurs between a BlackBerry PlayBook tablet and BlackBerry smartphone. The goal of the potentially malicious user is to determine the BlackBerry Bridge pairing key on the tablet and smartphone and then use the key to decrypt the data that the tablet and smartphone send between each other. Because the BlackBerry Bridge app uses the ECDH algorithm to generate the BlackBerry BridgBlackBerry Bridgee pairing key, a potentially malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to solving the DH problem, which is considered computationally infeasible… Read More In Here [PDF Format]


Computer Forensics Hard Disk And Operating System [C|EH]

[EC Council / [C|EH] – Full Disclousure

HardDisk : Data is organized on a hard disk in a method similar to that of a filing cabinet. The user can easily access the data and programs. When a computer uses a program or data, the program or data is copied from its location to a temporary location. When a user makes changes to a file, the computer saves the file by replacing the older file with the new file. Data is recorded magnetically onto a hard disk. A rapidly spinning platter is used as the recording medium. Heads just above the surface of the platter are used to read data from and write data to the platter. A standard interface connects a hard disk to a computer. Two common interfaces are IDE and SCSI.

Introduction to Windows, Linux, and Macintosh Boot Processes

This chapter focuses on the boot processes for the major operating systems available today. Booting, also called bootstrapping, is the process of loading an operating system into a computer’s main memory. This step takes place during the boot sequence, which is the set of steps a computer system takes after it has been powered on. The chapter begins by covering some basic information about the boot process. It then discusses the boot process for the legacy operating system MS-DOS before moving on to discussing the boot processes for Windows, Linux, and Mac OS

Read More & Download In Here [PDF Format]

Computer Forensics Investigating Data & Image File [C|EH]

[EC Council / [C|EH] – Full Disclousure

Introduction to Data Acquisition and Duplication

This chapter focuses on data acquisition and data duplication. Data acquisition is the act of taking possession of or obtaining control of data and adding it to a collection of evidence. Data duplication is the act of making a copy of data already acquired to preserve the original evidence in pristine condition. The chapter starts by discussing how to determine the best data acquisition methods for a certain situation. It then discusses how to make sure crucial data is not lost during the acquisition process. The chapter then covers the importance of data duplication before moving on to descriptions of the tools investigators use for data acquisition and duplication.

Data Recovery Contingencies

Investigators must make contingency plans when data acquisition failure occurs. To preserve digital evidence, investigators must create a duplicate copy of the evidence files. In case the original data recovered is corrupted, investigators can make use of the second copy. Investigators can use forensic tools such as EnCase and SafeBack to obtain multiple copies. Typically, computer forensic investigators make at least bit-stream image copies of the digital evidence that is collected. Investigators have at their disposal more than one bit-streaming tool. They should use at least two of these tools to make copies of the digital evidence in case one tool doesn’t properly acquire the data. During the data recovery process, an investigator must remember not to make any changes to the digital evidence. Forensic activities must be performed only on the bit-stream copies of digital evidence to ensure that the original evidence is not altered or corrupted.

Read More & Download In Here [PDF Format]

Some content on this page was disabled on March 8, 2017 as a result of a DMCA takedown notice from Cengage Learning. You can learn more about the DMCA here:

Computer Forensics Procedures and Methods

Abstract : Computer forensics involves the preservation, identification, extraction and documentationof digital evidence in the form of magnetically, optically, or electronically stored media. Itis a relatively new science that is becoming increasingly important as criminalsaggressively expand the use of technology in their enterprise of illegal activities. Thischapter is a technical  introduction and overview to some of the fundamental methods and procedures of computer forensics. The topics covered parallel the order in which computer forensic procedures are typically conducted, beginning with process of creating a bit-stream image of the evidence and subsequent verification of the evidence using one-wayhash functions. Two forms of forensic analysis are covered, including logical and physicalanalysis procedures. Analytic procedures we demonstrate include hash and signatureanalysis; keyword and email searches; recovery and analysis of cookies, print spool andapplication residual files; slack and unallocated space analysis; manual recovery of deletedfiles; behavioral timelines creation; and collecting evidence from running systems. Weclose the chapter by describing several commercial tools.

Read more & Download in here