14 Live CDs para pentesting

En english copy & paste xd


Arudius : A Linux live CD. The CD consists of a Zenwalk Linux base on top of which a large collection of network security testing software has been installed.
BackTrack: Ah the favorite one for most of the pen testers! Do I need to mention more?
Damn Vulnerable Linux (DVL): A Linux-based tool for both novice and professional security personnel. It was initiated for training tasks and learning IT security knowledge domains such as web vulnerability, network security, or binary vulnerability such as exploitation or shellcodes.
DEFT (Digital Evidence & Forensic Toolkit): A Xubuntu Linux-based Computer Forensics live CD. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics.
FCCU: A GNU/Linux Forensic Boot CD is based on Debian-live that contains a lot of tools suitable for computer forensic investigations, including bash scripts. The main purpose of the CD is to help the forensic analyze of computers.
Frenzy: A portable system administrator toolkit based on FreeBSD. It generally contains software for hardware tests, file system check, security check and network setup and analysis.
grml: grml is a bootable CD (Live-CD) originally based on Knoppix and nowadays based on Debian. grml includes a collection of GNU/Linux software especially for system administrator and users of texttools. grml provides automatic hardware detection.
Helix: A customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.
Knoppix-NSM: This is to learn about Network Security Monitoring or to deploy a NSM capability in your network based on KNOPPIX Technology.
Network Security Toolkit (NST): A bootable ISO live CD based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms.
OSWA Assistant: A self-contained, freely downloadable, wireless auditing toolkit for both IT-security professionals and End-users alike.
OWASP Labrat: The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security.
Protech: A specially designed Linux distribution for security technicians and programmers, although it can be used normally as your default desktop system. Protech ONE comes with a great variety of the best security tools for your use.
Samurai: The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

sacado de ivizsecurity.com

Vulnerabilidad en múltiples cortafuegos personales

No todo firewall es seguro

Por Angela Ruiz
angela@videosoft.net.uy

Se trata de un problema genérico que afecta a múltiples cortafuegos del tipo personal. Son vulnerables casi todos aquellos productos que aceptan accesos directos o proporcionan una interfase que se puede habilitar con un clic sin que se requiera contraseñas para acciones como activar un programa como servidor, ejecutar otros programas, etc.

Se ha demostrado que es simple eludir estos cortafuegos con un programa de múltiples procesos simultáneos y el envío de códigos de teclas, o por medio del control del ratón. Existen múltiples pruebas de concepto publicadas al respecto.

Esta debilidad, puede habilitar a cualquier troyano o código similar, para que eluda fácilmente el control del cortafuegos.

Son vulnerables los siguientes productos:

- Agnitium Outpost Firewall (todas las versiones)
- Kaspersky Anti-Hacker (todas las versiones)
- Kerio (todas las versiones)
- Look 'n' Stop (todas las versiones)
- Omniquad Personal Firewall (todas las versiones)
- Panda Platinum Internet Security (todas las versiones)
- Symantec's Norton Personal Firewall (todas las versiones)
- ZoneAlarm 4.5 y anteriores
- ZoneAlarm Pro 4.5 y anteriores

No son vulnerables:

- Microsoft Windows Firewall (ICF) Windows XP
- ZoneAlarm 5.x y superiores
- ZoneAlarm Pro 5.x y superiores

Otros cortafuegos no testeados, también podrían ser vulnerables.

furier c++

#define PI 3.141593
#define xydim T
// T es un valor fijo definido por el usuario.
// Puede también pasarse a la función.

void Fourier1(imag, freal, fimag) {
// recibe 'imag' como una matriz bidimensional en
// la que guardan los valores 'x' e 'y'
// 'freal' la parte real del resultado y 'fimag'
// la imaginaria
double imag[][xydim];
double freal[][xydim];
double fimag[][xydim];
double phi, sum1, sum2;

for (int i = 0; i -- xydim; i++)
for (int j = 0; j -- xydim, j++) {
sum1 = 0;
sum2 = 0;
for (int x = 0; x -- xydim; x++) {
for (int y = 0; y -- xydim, y++) {
phi = 2 * PI *(i * x + j * y) / xydim;
sum1 = sum1 + imag[x][y] * cos(phi);
sum2 = sum2 + imag[x][y] * sin(phi);
}
}
freal[i][j] = sum1 / xydim;
fimag[i][j] = -sum2 / xydim;
}
}

10 post diarios

Me cogió la tarde y no he posteado desde hace mucho desde ahora 10 post diarios 

Pagina Para Mandar Sms A toDo El Mundo GRATISS

http://for-ever.us/

Solo busquen el indicativo de su pais y listo!!

indicativos:www.reductel.com/es/indicatifs.html

Mi Desorden Tiende A Un Orden

Últimamente hablando con mi super yo discutíamos acerca de mi orden y pues claro es evidente que no tiene ninguna estructura ordenada ni discreta así que para empezar a mejorar les traigo : Escritorios Virtuales.

jalado de taringa: Qué es un escritorio virtual?

Imagínense poder convertir esa pantalla, en 4, 5, 9, escritorios diferentes, todos ordenados con ventanas y aplicaciones distintas. Es decir, tenemos un escritorio, por ejemplo, con todas nuestras aplicaciones de internet (messenger, firefox, outlook, qué se yo), el otro escritorio, con aplicaciones de oficina (Word o lo que sea). Bien, no podemos verlo de manera simultánea, o a la vez, pero con una combinación de teclas, podemos pasarnos de un escritorio a otro, velozmente (presionando, por ejemplo, Win-1 para el escritorio 1, o Win-3 para el escritorio 3, y así sucesivamente).

Como pueden ver, es una muy útil manera de mantenernos organizados, si es que abrimos bastantes ventanas al día, y no queremos tratar de encajar todas en un mismo escritorio, llenando de paso, nuestra barra de tareas. Así que ahora, pasaremos a ver las aplicaciones que valen la pena para todos los sistemas operativos.

la propieda version de escritorios virtuales hecha por microsoft es :http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Alternativas al uso de un antivirus…

Por un mundo sin antivirus : 

Uno de los problemas de tener una computadora con conexión a Internet es que estamos expuestos a millones de amenazas, tanto virus que nos eliminan ficheros o nos dañan el equipo, como estafas relacionadas con el robo de tarjetas de crédito y documentos importantes (algo mucho más preocupante)… Por tal motivo es que para prevenir estos conflictos muchos optamos por la instalación de un antivirus y en algunos casos de un firewall (corta fuegos) para evitar intrusos molestos en nuestra computadora…

Pero, ¿hay forma de subsistir sin un antivirus?… Yo realmente no uso antivirus, menos un corta fuegos, sólo he terminado por instalar hace pocos días el Nod32 porque el peligro reside dentro de mi propia casa, en mi familia (ya que no soy el único que utiliza esta computadora), quienes no siguen lo siguientes consejos que creo importantes para no tener que instalar un antivirus:
Algo fundamental, primer factor por el cual nuestra máquina se infecta, son las descargas que realizamos por Internet, ya que como bien sabemos no todo lo que descargamos termina siendo lo que creíamos que era y es por eso es que hay que prestar especial atención a todas las descargas finalizada:
Nombre del Archivo… Nos aseguremos que el nombre del archivo que hemos descargado nos diga que es exactamente lo que queríamos (el uso de raras palabras, o por ejemplo palabras de instaladores como “setup”, nos indican que el archivo es muy peligroso o dudoso)
Extensión… Si descargamos un archivo de, por ejemplo, audio, que la extensión sea correcta…
Icono… Al igual que en el ejemplo anterior, si lo que descargamos es un archivo de audio, que el icono del mismo sea el de nuestro reproductor…
Peso… Utilizando el ejemplo anterior, si lo que descargamos es un archivo de música (audio), tiene que tener un peso generalmente mayor a 1 MB, si sólo pesa unos bytes el archivo es dudoso…
Utilizar los clientes P2P con mucha precaución es otro punto a tener en cuenta ya que nadie controla lo que en dicho lugar se comparte y es muy probable que siempre descarguemos algún archivo peligroso… Por eso mismo debemos aplicar los consejos del punto anterior y además:
Buscar los enlaces ED2K en páginas webs dedicadas a la difusión de lo que estemos necesitando, y no buscar directamente desde el propio cliente P2P… De esta manera nos aseguramos que quien comparte nos afirme que es lo que estamos descargando, sumado a que podemos ver los comentarios de otras personas sobre el contenido ofrecido…
Descargar únicamente aquellos archivos que tienen nombres que describan su contenido de forma específica, y que además (de ser posible) contengan un enlace a un sitio web de referencia (el proceso inverso al punto anterior)…
Leer, si es que contienen, los comentarios y valoraciones que se dejan para los archivos encontrados en el cliente P2P…
Por nada del mundo, y esto lo digo porque lo he visto hacer, seleccionar todo de forma automática y descargarlo sin leer ni siquiera lo que hemos marcado…
Leer completamente los sitios por los cuales navegamos, y especialmente leer con atención los textos con enlaces… Además, es muy importante leer en donde nos encontramos, leer la dirección de la página donde nos encontramos para ver si concuerda con el sitio que estábamos necesitando…
Asegurarnos de escribir de forma correcta las URLs de los sitios de transferencias bancarias, transferencias en línea, o compras por Internet (como las pertenecientes a las entidades bancarias, PayPal, MercadoLibre, eBay, entre otros)…
No seguir enlaces a los sitios antes mencionados directamente de un correo electrónico recibidos… Podemos caer en una muy buena trampa…
El correo electrónico es otra entrada para ciento de amenazas que puede llegar a borrarnos ficheros importantes, hasta incluso estafarnos para robarnos dinero… Por eso mismo hay que poner atención en varios ítems:
Sólo leer aquellos correos electrónicos de personas conocidas, y no de remitentes dudosos…
Jamás, pero jamás, abrir los archivos adjuntos de personas que no conozcamos o que creamos conocer pero no estemos seguros… Por más tentador que sea el nombre del archivo que nos envíen, jamás debemos abrirlo… Lo mejor es sólo abrir los archivos adjuntos que sabíamos que íbamos a recibir…
No seguir los enlaces que nos aparezcan en los correos electrónicos que recibimos… Es poco seguro y sólo perdemos unos segundos con teclear lo que buscamos en nuestro navegador…
Por nada del mundo completar formularios donde se nos pidan datos personales o contraseñas por correo electrónico… Si esto sucede es obvio que estamos frente a una estafa…

Fuente:http://www.leegar.com.ar

THE VALUE OF PENETRATION TESTING

Para personas como yo translate.google.com :D

THE VALUE OF PENETRATION TESTING

Penetration testing works best as an audit of your security policy and procedures

by Rik Farrow

During a conversation with a client, I heard that they planned to hire a company that specializes in networking to run a vulnerability scanner to test their firewall. The client called this process "penetration testing", but I was appalled. My own concept of penetration testing was very different from what they had in mind.

I have never performed "formal" penetration tests, as I believe that is best done by a group of people with varying specialties. I have performed less formal tests for clients and friends using port scans and tests of the services open at particular ports. But after checking with other security consultants, I discovered that what I had been doing could be called penetration testing. And the notion of paying someone to run a vulnerability scanner against a site turns out to be not as farfetched as I had first thought, although other experts in this field recommend doing a lot more than just running some tool, handing over the report it produces, and delivering an invoice.

Penetration testing does provide real value for any organization interested in network security. But finding the right company to perform a penetration test is not easy. And getting an effective penetration test also relies on you, the target, working with the penetration testers.
Another Type of Audit

My own personal image of penetration testers was created by the movie Sneakers (http://www.allwatchers.com/topics/info_13234.asp), where a group of security experts used a variety of techniques to penetrate first a bank, and later a security company. The techniques involve social engineering, use of a a video camera with a long lens to watch passwords being typed, wiretapping, theft, as well as technical tricks. Of course, the real world of penetration testing is very different.

Penetration testing provides a mechanism for proving that your security works the way that you want/expect it to work. Let's assume that your organization is already doing the right things: regularly updating your policy and procedures, keeping systems patched, especially any exposed or critical systems, and using security tools such as vulnerability scanners to see that your network really is fully patched. If you do all these things, why would you want someone else to perform an audit or penetration test?

Penetration testing provides an independent examination of your security, a second set of eyes. And not only eyes, but individuals whose entire professional lives revolve around looking for flaws in the security of networked systems.

Penetration testing may be part of an external audit. In particular, penetration testing refers to probing systems to identify the operating system and any network services, then checking for vulnerabilities in the network services found. You can do these things pretty well with vulnerability scanners, so why hire someone else to do them for you? Not only do you want third parties checking your work, you also want them to use different tools, and people who are familiar with using those tools.

In a review that appeared in Network Computing (see Resources), the authors discovered that none of the vulnerability scanners tested found all of the known vulnerabilites in a set of target systems. Of the seventeen vulnerabilities intentionally installed on the target systems, no scanner found more than fifteen, and none of the scanners found one of the vulnerabilities, even though it was one that was often exploited. Though this review is several years old (2001), I do not believe that the art of vulnerability scanning has improved that much--certainly not to the point of perfection.

So part of the art of penetration testing becomes interpretting the results of tools used during the probing process. Anyone who owns a vulnerability scanner can run the tool against your firewall, or portions of his or her network. But there are few people competant enough to understand fully the results of a vulnerability scanner, and actually capable of performing additional tests to prove that the vulnerability scanner's report is actually accurate.

Some penetration testers use two scanners to perform the vulnerability assessment. At first, the use of a vulnerability scanner seemed, to me, like a form of cheating. But such tools can automate at least part of the process, and allow skilled individuals to focus upon anything that appears to be a problem. Deeper probing should involve connecting to any suspect service, and, in some cases, actually attempting an exploit.

Another issue with commercial vulnerability scanning tools is that many products hide the results when a particular test fails to acchieve a definite answer. One well-known product, for example, would not report that a Cisco router was vulnerable to certain DoS attacks if the scanner could not log into the router, or use SNMP to obtain the software version. If you don't know that a scanner hides the information (that it failed to test for the vulnerability), you could easily be fooled into believing that your network is safe, when, instead, your vulnerability scanner product has avoided telling you that the true state of part of your network is unknown.
Scope

Besides finding a competant organization to perform a penetration test (see audit article in the Resources), your organization has its own tasks to perform. First among these is to define the scope of any testing.

Sometimes management will suggest a "black box" approach to penetration testing. In black box testing, the penetration testers are told nothing about the target, under the assumption that real attackers will work under similar conditions. Not only is this a good way to waste your organization's money, it is also not true. Attackers may garner information about your organization through social engineering, theft, bribery, and breaking and entering. Real attackers will not be limited to attacking your own organization, but might also break into other organizations or your ISP. Penetration testers will be (should be!) law abiding, and operate under a very different set of restraints.

To get the most out of a penetration test, you want to provide as much information as possible to the testing organization. Keep in mind that any testing organization should expect to sign a non-disclosure agreement, so that you can feel comfortable with sharing your policy, procedures, and information about your network and critical systems.

You want to decide which systems need to be tested. You don't want to exclude any system that could conceivably be attacked, although you might want to contract out your penetration tests in phases, focused on different portions of your network. You also must set down guidelines, for example, that the penetration experts can probe and test for vulnerabilities, but not actually exploit those vulnerabilities. Exploiting found vulnerabilities creates a lot of flash, but can endanger the very systems that you want to protect.

You also want to provide access for the test. If you want systems within your DMZ tested, the best place to test them is from within that same network. Forcing the penetration testers to work outside of your firewall might seem more realistic, but an internal test is much more likely to find flaws in server security that your firewall currently hides. These same flaws might later be exposed by changes in your firewall, or through exploits that make it possible to use one DMZ server to attack other servers. Just recall attacks like Slammer, that used a Web server to launch further attacks. While the best penetration testers might still succeed while working through your firewall, stacking the deck in favor of success will provide you with a much better payoff.

I was once hired to check out a firewall and the two systems protected by that firewall. As soon as I scanned the DMZ, I found three systems, instead of the two I had been told about. The third system had just been replaced by one of the two systems I had been asked to check. But it was that third system that contained the most vulnerabilities. And, in this case, the firewall was still configured to provide complete access to internal networks for any network traffic, or attacks, coming from the third system. Scanning within the DMZ made finding that system simple.

In the case of Web or application servers that can be accessed externally, you should also consider sharing the source code to these application to the penetration testers, if the scope of the work includes testing these scripts and/or programs. Testing ASP or CGI scripts without the source code is much harder to do, and deciding in advance that no attacker will ever see the source is not a good idea. Flaws in Web server software have exposed scripts and applications to remote attackers many times. Having access to the source of an application to be tested makes the process more efficient and effective. After all, you are paying the penetration testers to look for flaws, not to waste their time.
Bad Guys

The point of penetration testing is to prove that your network defense works the way you thing it does. Quite often, system and network administrators consider auditors or penetration testers as the enemy, when in fact, they are allies. A good penetration test might prove your defenses really do work. Or, that you have issues that need to be addressed that you can fix before you get attacked successfully. It is much better to pay someone to discover your holes, than to have someone you don't know do it to you.

Penetration testing can also be used to provide concrete evidence to some third party, such as a financial backer or your own management. Sometimes, you will already know that your network defenses have problems, but you can't get management to allocate the resources to fix them. Just as a prophet is never recognized in his (or her) home town, having external consultants say the same things you have often works wonders with management.

You should include in any penetration testing contract or statement of work exactly what you expect in the report. Some consultants add a cover sheet to the report generated by the tool they used. If you paid for a minimal test, then a computer generated report can be expected. But the real value of any penetration test comes with the analyses that accompanies any report. The penetration testers must not only point out what they found, but also the significance of their findings. Where appropriate, the penetration testers can also suggest methods for remediation, for example, updating a server, disabling network services, changing firewall rules, etc.

Vulnerability scanners by themselves only scratch the surface. Penetration testing requires true competance not only in the use of such tools and the interpretation of their reports, but in knowing how to take the next steps to verify anything reported by a vulnerability scanner. The competant penetration tester uses one or more vulnerability scanners as no more than a part of their arsenal of tools.

Note that most attacks seen today perform only a primitive form of vulnerability scanning--the attack is attempted, and if it succeeds the target was vulnerable. An attacker who attempts to vulnerability scan your site will generate hundreds of firewall log messages, and any IDS will merrily begin announcing alerts about attacks in progress. Try it yourself, if you haven't already, by running a vulnerability scanner on a network watched by IDS. Most likely, you have already annoyed by someone running a vulnerability scanner without announcing it first. Note that you don't want to run the scanner if your policy forbids doing so. I don't want to suggest that you do something that might get you fired.

Penetration testing is another weapon in your network defense arsenal. Consider it as part of any security audit--but make certain that your auditors are up to the task.

Source:www.spirit.com/Network/net0303.html 

Artdesktop