what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Thursday, September 04, 2008

Ummunities' DR Linux Rootkit released

Hi guys.

Canvas folks just released Dr Linux rootkit with nice stealth creation, eg

a) Hide processes
b) Hide network sockets
c) Hide files
d) Get a remote MOSDEF Node (via hidden userland-backdoor)

All of this happening to the end user.

Download link: http://www.immunityinc.com/downloads/linux_rootkit_source.tbz2



Friday, August 22, 2008


Breaches are always good for companies' networks and systems (they make you wake up), but failure comes when you don't have a security department which should look into this, especially an Incident Response Team. Does the Kenya Police have that?

These security teams should be very interested in Security and they need to be people who have Hacking experience before and do continue trying to bypass security, coz its in their blood. These guys will never ignore a breach.

Protection is a cost, discovery is another cost and remediation is another expensive cost.


Monday, July 14, 2008

Scope (Pentest)

I been doing alot of pentest lately, and alot of them involved Banks and Mobile Network Providers here in Kenya. What amazed me is that some of the admins knew about scanning system and they thought that was enough. You just lauch Nessus, or Nmap like E and Y guys do, and you write up that the pentest is over, maybe after 3 days. Nooooooo, its doesn't run like that brothers.

After u find the vulnerability, you need to tactically exploit the host, and bypass the IDS signatures, penetrate through to secure networks, crack passwords and even access files that are restricted. How you do it, the duration, every step depends on the ROE and the scope of the pentest as discussed. You may have found some XSS holes and the next day as you get in and get down with your gear, you find that, its just got patched, and the other pages are behind the login page.

One thing you need to stress to the administration is that, the scanners wont see beyond, like an exploitation phase should.


Valzsmith post on seclist

Hey, not posted for a while.

This is a mail Valzsmith, one of the creators of BackTrack , wrote.

From: val smith <valsmith_at_offensivecomputing.net>
Date: Fri, 25 Apr 2008 11:09:39 -0600

I'll have to be honest, I don't really WANT Microsoft to change their
patch methodology, even if the dramatic (probably incorrect)
conclusions people seem to be drawing from this paper are true. Bear
with me for a moment and Ill explain why. Lets be honest here, there
are researchers (many on this list) who can rapidly find and exploit
vulnerabilities. Patches help speed things up but BinDiff (and
similar) things have been available for many years and the people who
can write exploits understand this process and those with a financial
stake in it have automated much of the process by now. If patches were
to be obfuscated, or the process changed how long would it really take
for someone to circumvent it? A binary has to exist somewhere at some
point right? Someone smart enough will eventually send input to it, or
reverse it or accidentally crash it eventually.

Many of us make use of exploits and vulnerabilities in some way for a
living whether we are pen testers, IDS sig developers, vuln
researchers, framework builders or whatever. At this point security is
such a tangled, many layered labyrinth that I no longer possess the
self righteous fury required to shout from the pulpit: "Patch your
systems! Configure security! Use an IDS! Educate your users!"

I'm in it for the fun.

There I said it. If everyone did everything securely, I wouldn't have
much to do and I'd have to pour coffees or flip burgers for a living.
I like showing up for a pen test and finding unpatched boxes, or users
sharing admin passwords. I love finding web apps with null byte file
inclusion bugs, or passwordless ssh keys with sudo permissions on
every server. Its FUN. I suspect other security researchers have
reached this conclusion (even if they haven't admitted it to
themselves yet) that security is probably too hard a problem to
"solve" and all our ranting really doesn't make anyone more secure in
the long run. At this point, broken things are fun and we just want to
play and thankfully people are willing to pay for it. I don't mind if
you continuously make it just a little bit harder, just to keep it
interesting, but don't take away my exploits please! ;)


Its said like it is.


Tuesday, June 03, 2008

Penetration testing

Black, white and gray box tests provide different approaches for assessing the security of your Network and applications. Each approach has specific advantages and disadvantages, and selecting a testing approach needs to be done based on the time and resources available, as well as the overall goals of the test being performed.
You can assume most real-world attackers will approach systems from a black-box perspective. But to better account for the advantage attackers have with regard to time and resources, and to avoid relying on security through obscurity, gray and white box tests can be appropriate approaches as well. Maximizing the security value of testing approaches when you have limited time and resources requires careful test planning and a thorough understanding of how testing constraints affect the completeness of testing results.
Let's take a look at the differences between the three tests.

Black box testing
Black box testing refers to testing a system without having specific knowledge to the internal workings of the system, no access to the source code, and no knowledge of the architecture.
In essence, this approach most closely mimics how an attacker typically approaches applications. However, due to the lack of internal application knowledge, the uncovering of bugs and/or vulnerabilities can take significantly longer. Black box tests must be attempted against running instances of applications, so black box testing is typically limited to dynamic analysis such as running automated scanning tools and manual penetration testing.

White box testing
White box testing which is also known as clear box testing, refers to testing a system with full knowledge and access to all source code and architecture documents. Having full access to this information can reveal bugs and vulnerabilities more quickly than the "trial and error" method of black box testing. Additionally, you can be sure to get more complete testing coverage by knowing exactly what you have to test.
However, because of the sheer complexity of architectures and volume of source code, white box testing introduces challenges regarding how to best focus the testing and analysis efforts. Also, specialized knowledge and tools are typically required to assist with white box testing, such as debuggers and source code analyzers
In addition, if white box testing is performed using only static analysis techniques using the application source code and without access to a running system, it can be impossible for security analysts to identify flaws in applications that are based on system misconfiguration or other issues that exist only in a deployment environment of the application in question.

Gray box testing
When we talk about gray box testing we're talking about testing a system while having at least some knowledge of the internals of a system. This knowledge is usually constrained to detailed design documents and architecture diagrams. It is a combination of both black and white box testing, and combines aspects of each.
Gray box testing allows security analysts to run automated and manual penetration tests against a target application. And it allows those analysts to focus and prioritize their efforts based on superior knowledge of the target system. This increased knowledge can result in more significant vulnerabilities being identified with a significantly lower degree of effort and can be a sensible way for analysts to better approximate certain advantages attackers have versus security professionals when assessing applications.


Monday, April 07, 2008

Social Engineering The Act

I will be posting all my information on social engineering as i get it and write it. This thread may look crappy now but it will get alot better.

Section one:
Its all about your act. You must practise who you are and what you wil do. Wether you prefer to act like a reformed gentalmen when you are acting smooth with a lady to get her to tell you somethign or if you are a enraged customer it just matters. Some poeple use a double persona as in the act as two different people.

Section 2:
I cant stress it enough practise practise practise. You need to atleast practise what you will do and how you will act inside your head.

Section three:
Keywords are important so do research. Such as at target if you want to return something that you got from another store even you jsut say it was a gift you recieved and the recipt wasnt put in the bag by the employe. Now this plays on 2 things One Target has a policy for returnign items and 2 it was thier fualt.


Saturday, March 15, 2008


Hi guys

I got certified for C.E.H .last year and C.P.T.P. too. This March, I'm doing Offensive Security Certified Professional. I think this is the perfect course for anybody who want to be a pentester by profession. We are in Module 5, on arp spoofing and we are being shown some tactics with scripts like file2cable which proofs to be very effective in a switched network.

C.E.H. according to what i found out is more of script kiddles, where u get a tool and u just execute it.

O.S.C.P. is the course, good luck guys.


Tuesday, March 04, 2008

Hacker Myths

All the perceptions of hackers and their portrayal in movies and entertainment have lead to the development of “hacker myths.” These myths involve common misconceptions about hackers and can lead to misconceptions about how to defend against them. Here we have attempted to identify some of these myths and dispel common misconceptions.

Hackers are a well-organized, malicious group.

There is indeed a community within the hacker underground. There are hacking-related groups such as Alt-2600 and Cult of the Dead Cow, IRC “hacking” channels, and related newsgroups. However, these groups are not formed into a well-organized group that targets specific networks for hacking. They share a common interest in methods for avoiding security defenses and accessing restricted information.

If you build it, they will come; and

It is safe if you hide in the tall grass.

Both of these myths represent opposing views on the probability of being hacked. Myth 2 is indicative of the view that once an Internet presence is established, malicious hackers will begin to attempt a compromise. Myth 3 expresses the opinion that there are so many Web sites around that if you just do not make a lot of noise and do not have one of the truly big sites, publicity-seeking hackers will not bother to go after you.
The truth lies somewhere in the middle. You will probably be scanned by users with malicious intent, but it may not happen the moment your systems go online. Some scans will be by groups trying to get an idea of how many Web sites are using a particular piece of software. Others are unethical (but legal) system reconnaissance.
A good plan is to develop a security posture that balances the risk of system compromise with the costs of implementing and maintaining security measures. This will allow you to sleep at night. While you may not stamp out the chance of compromise entirely, you will have done what you can to prevent and limit the compromise without killing your budget.

Security through obscurity.

Myth 4 implies that because you are small and unknown or you hide a vulnerability, you are not at risk. For example, according to this myth, if you create a Web site but give the URL only to your friends, you don't have to worry about it being attacked. Another example we have seen is the creation of a backdoor around a firewall by putting a second network card in a DMZ system and directly connecting it to the internal network. People using such a strategy think that because they have hidden the weakness, no one will find it and the organization is safe. However, security through obscurity does not work. Someone will find the weakness or stumble upon it and the systems will be compromised.

All hackers are the same.

This myth is borne out of a lack of knowledge among the general public about the hacker community. All hackers are not the same. As mentioned above, different hackers focus on different technologies and have different purposes and skill levels. Some hackers have malicious intent; some don't. They are not all teenagers who spend far too much time in front of a computer. Not all hackers are part of a group that defaces Web sites and creates and distributes hacking tools. The range among hackers is great, and you need to defend against them all.


Wednesday, January 30, 2008


Hi guys. I haven't been posting due to the fact i have been doing some training and alot of field work lately too.

New stuff is coming in too this coming Feb, so keep tuned.

If u wish to be in any of my trainings, you can contact me with the number posted in my profile. Training is as follows.

Assessing and Securing Wireless Networks

Few fields are as complex as wireless security. This course breaks down the issues and relevant standards that affect wireless network administrators, auditors, and information security professionals. With hands-on labs and instruction from industry wireless security experts, you will gain an intimate understanding of the risks threatening wireless networks. After identifying risks and attacks, we'll present field-proven techniques for mitigating these risks, leveraging powerful open-source and commercial tools for Linux and Windows systems.

Network Penetration Testing and Ethical Hacking

Find Security Flaws Before the Bad Guys Do

Security vulnerabilities such as weak configurations, unpatched systems, and botched architectures continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.

Hacker Techniques, Exploits & Incident Handling

If your organization has an Internet connection and one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

Advanced Web Application Penetration Testing

Assess Your Web Apps in Depth

Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited web sites altered by attackers. In this class, you'll learn the art of exploiting web applications so you can find flaws in your enterprise's web apps before the bad guys do. Through detailed, hands-on exercises and training from a seasoned professional, you will be taught the four-step process for web application penetration testing. You will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. You will utilize Cross Site Scripting attacks to dominate a target infrastructure in our unique hands-on laboratory environment. And, you will explore various other web app vulnerabilities in-depth, with tried-and-true techniques for finding them using a structured testing regimen. You will learn the tools and methods of the attacker, so that you can be a powerful defender.


Others like CEH Certified Ethical hacking and CPTP Certified Penetration Testing Professional, can be done as evening classes due to that they are very long and can't be finished in a weeks time.