Josh Wright and I presented a webcast a few months back that is chock full of useful pen testing techniques from the mobile and network arenas. Based on the new SANS course, SEC561: Intense Hands-on Skill Development for Pen Testers, this webcast covers numerous useful techniques, such as:
- Exploiting and automating data harvesting from iOS devices
- Extracting stored secrets from iTunes backups
- Effective Anti Virus evasion with Veil
- Windows host compromise and privilege escalation, along with UAC bypass
The slides below cover all the tools and techniques for doing all that great stuff, and more.
The SANS SEC 561 course is 80% hands-on skill development, showing how security personnel such as penetration testers, vulnerability assessment personnel, and auditors can leverage in-depth techniques to
by Ed Skoudis
Hope you had a great holiday! I got an unexpected nice gift for the holidays on one of my blogs. Below, you'll see a comment that was submitted to the SANS Pen Test Blog, which I run. As you can see, it is one of those lame pseudo-comments sent in as link-bait for Search Engines and other nefarious purposes. I get a few of this kind of thing a week, and our anti-blog-spam filter catches most of them.
What makes this one special is that the automated tool that barfed it into my blog didn't choose from each grouping of different options; instead, it shot up ALL options for every variation of this blog spam. You can see, by selecting at random from each grouping, untold thousands of combinations are possible. But, with this errant blog spam shot, I've got all potential combinations here. It's almost silly how many different combinations there are, and how each one tries to be super polite. You gotta read through them for a little
[Editor's Note: In this article, Tim Medin describes a common pen test scenario in which a tester gets limited access of a target Windows machine, and needs to escalate privileges without incurring the wrath of User Account Control (UAC). Tim describes his approach, which involves the use of psexec to bounce off of another machine to evade UAC and then pivot mercilessly in the target environment. Nice stuff! --Ed. ]
by Tim Medin
During a recent penetration test, we were trying to figure out how to bypass UAC on a fully patched Windows environment, given that we'd had a limited compromise of one system via phishing. I'd like to share the technique we came up with so you can apply it in your own work.
In our test, we were using phishing attacks trying to trick a user to click on an AV-dodging attachment that would
[Editor's Note: In this article, Mark Baggett summarizes some of the Anti-Virus evasion tactics of the past year or two, and then cranks it up a notch, by digging into the details of some recent AV-dodging techniques useful to penetration testers. To be effective penetration testers, we need to model the techniques used by the real-world bad guys, and anti-virus evasion is high on the bad guys' list of things to do to remain undetected in target organizations. Mark builds up to showing how to use Veil for AV evasion, step-by-step, and also discusses how to leverage Veil all in a single command. Nice work, Mark! --Ed.]
By Mark Baggett
Back in October 2011 on the SANS penetration testing blog, I shared a little technique I had been sitting on for a while for bypassing antivirus software. Check it out here:
By Mark Baggett, the SANS Institute
You know the old saying "Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON."
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here are some tips for creating your own backdoors for use in penetration testing:
TIP #1: Do your reconnaissance. Know what antivirus software target