what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, July 14, 2008

Scope (Pentest)

I been doing alot of pentest lately, and alot of them involved Banks and Mobile Network Providers here in Kenya. What amazed me is that some of the admins knew about scanning system and they thought that was enough. You just lauch Nessus, or Nmap like E and Y guys do, and you write up that the pentest is over, maybe after 3 days. Nooooooo, its doesn't run like that brothers.

After u find the vulnerability, you need to tactically exploit the host, and bypass the IDS signatures, penetrate through to secure networks, crack passwords and even access files that are restricted. How you do it, the duration, every step depends on the ROE and the scope of the pentest as discussed. You may have found some XSS holes and the next day as you get in and get down with your gear, you find that, its just got patched, and the other pages are behind the login page.

One thing you need to stress to the administration is that, the scanners wont see beyond, like an exploitation phase should.


Valzsmith post on seclist

Hey, not posted for a while.

This is a mail Valzsmith, one of the creators of BackTrack , wrote.

From: val smith <valsmith_at_offensivecomputing.net>
Date: Fri, 25 Apr 2008 11:09:39 -0600

I'll have to be honest, I don't really WANT Microsoft to change their
patch methodology, even if the dramatic (probably incorrect)
conclusions people seem to be drawing from this paper are true. Bear
with me for a moment and Ill explain why. Lets be honest here, there
are researchers (many on this list) who can rapidly find and exploit
vulnerabilities. Patches help speed things up but BinDiff (and
similar) things have been available for many years and the people who
can write exploits understand this process and those with a financial
stake in it have automated much of the process by now. If patches were
to be obfuscated, or the process changed how long would it really take
for someone to circumvent it? A binary has to exist somewhere at some
point right? Someone smart enough will eventually send input to it, or
reverse it or accidentally crash it eventually.

Many of us make use of exploits and vulnerabilities in some way for a
living whether we are pen testers, IDS sig developers, vuln
researchers, framework builders or whatever. At this point security is
such a tangled, many layered labyrinth that I no longer possess the
self righteous fury required to shout from the pulpit: "Patch your
systems! Configure security! Use an IDS! Educate your users!"

I'm in it for the fun.

There I said it. If everyone did everything securely, I wouldn't have
much to do and I'd have to pour coffees or flip burgers for a living.
I like showing up for a pen test and finding unpatched boxes, or users
sharing admin passwords. I love finding web apps with null byte file
inclusion bugs, or passwordless ssh keys with sudo permissions on
every server. Its FUN. I suspect other security researchers have
reached this conclusion (even if they haven't admitted it to
themselves yet) that security is probably too hard a problem to
"solve" and all our ranting really doesn't make anyone more secure in
the long run. At this point, broken things are fun and we just want to
play and thankfully people are willing to pay for it. I don't mind if
you continuously make it just a little bit harder, just to keep it
interesting, but don't take away my exploits please! ;)


Its said like it is.