7MS #353: Tales of Internal Pentest Pwnage - Part 1

In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet's iptables firewall: *Flush existing rules* **sudo iptables -F** *Allow all concurrent connections* **sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT** *Allow specific IPs/hosts to access port 80* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Allow specific IPs/hosts to access port 22* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Block all other traffic:* **sudo iptables -P INPUT DROP** *Provide the VPS loopback access:* **sudo iptables -I INPUT 1 -i lo -j ACCEPT** *Install iptables-persistent to ensure rules survive a reboot:* **sudo apt-get install iptables-persistent** *Start iptables-persistent service* **sudo service iptables-persistent start** *If you make iptables changes after this and they don't seem to stick, do this:* **sudo iptables-save > /etc/iptables/rules.v4** See this Digital Ocean article for more information.

26 Tammi 20168min

Here are some of my favorite stories and links for this week! If you missed last week's BURN IT ALL! Webcast, it's now online as a Youtube video. There is still time to register for the Real World Web Penetration Testing Webinar. It's(Thursday, January 28 @ 1 p.m. CST) and $25 (cheap!) Trustwave is in big trouble after failing to find hackers under their noses. Their noses mustreally hurt because Mandiant was quick to point out the work done by Trustwave was "woefully inadequate." I'm scared of IoT stuff. Why? Oh, I don't know, because what happens when your Nest fails and leaves your buttcheeks freezing cold?!?!? Or what if hackers steal your doorbell, and thus your wifi password and pwn your network? Thankfully, OWASP now now has a top 10 for IoT stuff too. A researcher found some clever ways to abuse Lastpass with an exploit called Lostpass. Lastpassresponded with a security change wherein a Lastpass authentication from a new device requires approval via email. A new Sysinternals tool helps figure out if you have shady, unsigned files in c:\windows\system32. Oh, and for sure upgrade all your iThings ASAP. Apple patched some ugly security holes.

23 Tammi 201610min

In today's off-topic episode I review two movies: Sicario and The Walk.

21 Tammi 20167min

I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.

18 Tammi 20167min

Here are some of my fav' stories and links for this week! * Burn it all...The New Security Fundamentals **(Wednesday, January 20 @ 1 p.m. CST)**: a free Webinar on setting up the "*core technical things you need to do for your security program*." I've attended many Webinars from the BHIS group and they're always informative and humorous. * Real World Web Penetration Testing **(Thursday, January 28 @ 1 p.m. CST)**: a $25 Webinar on going through "*a real world penetration test. We will explore the methodology and procedures Secure Ideas follows as we test web applications. The course will also walk through some tricks and tips on how to focus your testing on likely flaws*." I have seen four of their recorded courses before and found them to be *absolutely* worth the money I spent, so I'm confident this upcoming session will be no exception. * Fortinet SSH backdoor not much to say except if you use any of the affected products, update immediately as they contain an SSH backdoor: * FortiOS v4.3.17 or any later version of FortiOS v4.3 (available as of July 9, 2014) * FortiOS v5.0.8 or any later version of FortiOS v5.0 (available as of July 28, 2014) * Any version of FortiOS v5.2 or v5.4 * Hacker sentenced to 334 years in prison for operating a phishing Web site similar to that of a legit banking Web site. Moral of the story? Don't do that. * Don't use IE 8, 9 or 10 anymore! unless you like to live dangerously.

15 Tammi 20168min

This off-topic episode covers: * Media servers - I'm a newb in this area and could use your help in setting up a config that actually works! * Making a Murderer - this is a fantastic documentary on Netflix. Stop what you're doing (once you listen to this episode) and watch *immediately* please.

13 Tammi 20168min

Happy (belated) new year! This episode is more of a "What am I listening to, a PBS telethon?!" kind of thing, and I'm sorry for that. But I want to cover: * Scheduling changes for 2016 - we're gonna be 3 times a week! * A new documentation project I'm working on called BPATTY (Brian's Pentesting and Technical Tips for You) * A way you can support the podcast financially.

11 Tammi 20168min

This episode talks about some cool video games I've been playing lately: * Metal Gear Solid Phantom Pain (Xbox 360) * Rise of the Tomb Raider (Xbox 360) * Luminocity (iPhone) * Super Mario Maker (Wii U) I recommend 'em all!

8 Tammi 20169min