what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Friday, November 27, 2009

Computer search, scan the internet

There is this new tool done by Achillean, you can follow him in twitter, http://twitter.com/achillean that enables to search for system across the internet by issuing command searches on his site, http://shodan.surtri.com/. At the time of this blog post, the app is still running at BETA stage, which acts like an nmap search of systems online.

You can use keywords like, country code, port number, host name , etc.

Doing a scan of some systems here in Kenya, Apache webservers, having port 80 open, and registered as a co.ke would have a key search as, apache:KE port:80 hostname:co.ke

The first page...

Sunday, November 22, 2009

Banks and goverments going to Security through obscurity

Security through obscurity is something i have seen a lot of organizations using in Kenya that is Private and Government as well. But as this goes on, does it mean private and confidential data can never be compromised by the bad guys. I was doing a infosec assessment with a bank the other day and amazingly i found out that they were hiding systems behind their firewalls which were really vulnerable, but if you scanned their block very carefully without triggering the Cisco PiX you would get loads of info.

A nmap scan to the mail server reported:

25/tcp open smtp Cisco PIX sanitized smtpd
Service Info: Device: firewall

One thing the administrators didnt know is that, if you have such a disclosure just after scanning a mailserver, every attacker would know what he is dealing with. So any further attacks as from there gets blocked by an IPS which also blocks that IP and the attacker is aware of such information. Some of these organizations rarely inspects intrusions or perform incident handling so if attackers sees such info, then does research on what he has found and comes back after one year, the administrators or even the security team have no track of such attacks that must have happened 12 months ago from same range of IPs, then it becomes hard to protect such infrastructure.

This becomes a serious issue and with good luck the attacker may get into very valuable info.

After i realized that a Cisco PIX was blocking me, i decided to switch to another ISP network, and i ran through KDN and this time i was doing stealth scans going for the whole block and found mailservers and webservers, internet banking servers all gaping open to the internet. Amazingly some of these servers had MySql ports open with user root and password r00t. Several routers were also exposed to the internet,

Not shown: 990 closed ports
23/tcp open telnet Cisco router
79/tcp open finger Cisco fingerd
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
465/tcp filtered smtps
808/tcp filtered ccproxy-http
1002/tcp filtered windows-icfw
3918/tcp filtered unknown
4004/tcp filtered unknown
34573/tcp filtered unknown
Service Info: OS: IOS; Device: router

So as far as security through obscurity is concerned, i think its not a good option especially for fanancial institutions. For government institutions its also a bad deal, since if you look at network infrastructures like KRA, such systems aren't carefully protected, such that if there is an attack, and incidents like deletion of information or change of information etc, then there would be lack of Integrity and availability of data to authorized users and to the tax payers.


Wednesday, November 04, 2009

Str0ke passes away

Str0ke founder of Milworm just passed away after cardiac arrest this morning, an issue he had since childhood.

This was the reason his site and tweeter feed wasn't updated in quite a while.

RIP str0ke, and God be with you and your family.



Hi guys.

I haven't been able to blog lately, busy with work and organizing the hack battle. You can also follow me in twitter @chuksjonia to know what happening with me in the world of Infosec and i will follow u right back.

There is also some education stuff that will be blogged soon so keep check this site.