Tag Archives: How To

Learning BackTrack 5: The Art Of Penetration Testing

Posted by Steven Swafford on January 19, 2012

BackTrack is an absolutely amazing Linux based penetration testing environment that is entirely dedicated to hacking. I must say that you should use common sense when you begin digging into the security tools provided because the last thing you want to do is break the law and find yourself in trouble.

Now to say that there are many security tools available in BackTrack would be an understatement. In fact there is so many available that I would never start to list theme here. If you wish to see for yourself, simply execute the following within your terminal instance:

[code]
dpkg –list
[/code]

To be honest I have just recently begun experimenting with BackTrack and I have a great deal of learning ahead of me. For that reason I felt compelled to share the following video tutorials, books, and how-to guides that I could locate. Should you have any tips or resources please leave a comment.

Video Tutorials

Guides

Books

Amazon ImageAmazon ImageAmazon ImageAmazon Image

Microsoft Baseline Security Analyzer

Posted by Steven Swafford on July 13, 2011

If you’re running a Windows platform then you must secure your operating system and the Microsoft Baseline Security Analyzer (MBSA) makes it a breeze. Securing your operating system is absolutely the single most important step you can take to protect yourself. Computers have become so mainstream in homes today that often daily activities that they were previously down with pen and paper are all but extinct. There are a number of actions that should be taken which include staying up to date with patches and of course controlling user account but this just begins to scratch the surface. Unless you’re a security expert the typical end user most likely does not understand what the next steps are. This is where the Microsoft Baseline Security Analyzer is beneficial.

Introduction to MBSA

Microsoft Baseline Security Analyzer is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. A number of options include:

  1. Administrative vulnerabilities
  2. Week Passwords
  3. IIS administrative vulnerabilities
  4. SQL administrative vulnerabilities
  5. File shares
  6. … and more

Best of all Microsoft Baseline Security Analyzer it absolutely free from Microsoft!

Executing MSBA

Once you have downloaded and installed Microsoft Baseline Security Analyzer go ahead and run the application.

If you’re scanning a single computer then go ahead and click “scan a computer”. Once the next dialog has loaded, you will need to uncheck IIS and SQL administrative vulnerabilities unless of course you are running these two services.

The next step is to start the scan. Go ahead and click the button “start scan. The scan can take a few minutes so be patient. Once the scan has completed you are then presented a dialog that tells you exactly what was scanned, the score, issue, and the result. Reporting includes:

  1. Microsoft Office Updates
  2. Critical Updates or Patches
  3. Weak Password Check
  4. Services
  5. Firewall
  6. File Sharing

The scan resulted in a number of critical failures. The failures must be correctly properly secure you system and while you in the process address each line item to further fortify your operating system. Take for example the critical failure of local account password test. The result states user accounts have simple or no password which can lead to others being able to quickly determine your password.

If you’re not positive how to correct the problem then Microsoft has you covered here as well. Go ahead and click “how to correct this” and the issue is explained as well a solution with instructions is provided. Now it just cannot be any simpler and now you have no reason to not properly secure your operating system.

Conclusion

Microsoft Baseline Security Analyzer does a great job of pointing out the holes in security and by following the best practices and guidelines provided you will quickly find yourself on a path of security prosperity. Just remember, security is a never ending process and with that being said you may want to re-run the scan on a monthly or even a quarterly basis.

Have you used Microsoft Baseline Security Analyzer previously? If so what are you thoughts? Does this product provide a valuable tool set that helps in your security endeavors?

References

Credits

Featured image: Casey Serin

Free Security Vulnerability Guides From Veracode

Posted by Steven Swafford on June 25, 2011

Veracode focuses on security for organizations to accurately identify and manage application security risk. They offer a number of resources to include podcast, whitepapers, cheat sheets, and much more.

SQL Injection Cheat Sheet

The SQL Injection Cheat Sheet provides a summary of everything you need to know about SQL Injection. The SQL Injection Cheat Sheet contains the key concepts of SQL Injection and a SQL Injection example and tips for prevention of SQL Injection attacks. Note that you must register with Veracode in order to obtain these cheat sheets.

Download the FREE SQL Injection Cheat Sheet

Cross-Site Scripting (XSS) Cheat Sheet

The Cross-Site Scripting Cheat Sheet provides a summary of what you need to know about Cross-site Scripting. Our XSS cheat sheet details the different types of Cross-site Scripting and shows you how to protect against Cross-site Scripting vulnerabilities.

Download the FREE XSS Cheat Sheet

LDAP Injection Cheat Sheet

The LDAP Injection Cheat Sheet provides a summary of what you need to know about LDAP Injection. It contains a LDAP Injection example and details of how to protect against LDAP Injection vulnerabilities.

Download a FREE LDAP Injection Cheat Sheet

 

Poor Man Backup Using Robocopy, 7Zip and DropBox

Posted by Steven Swafford on March 28, 2011

Rather than talking about how important data backups are I thought I would take the time to show you how you can use tools that are free or low cost to automate backups using Dropbox. If you don’t have a Dropbox account then I strongly urge you to grab on and why not since it free for the first 2Gb. By using Dropbox you can access your data from any device that has internet connectivity. However the purpose of this article is to show you just how easy it is to perform backups.

Tools

  1. Robocopy: is a command-line directory replication command. It has been available as part of the Windows Resource Kit starting with Windows NT 4.0, and was introduced as a standard feature of Windows Vista, Windows 7 and Windows Server 2008.
  2. 7Zip: An open source file archive designed originally for Microsoft Windows. 7-Zip operates with the 7z archive format, and can read and write several other archive formats. The program can be used from a command line interface, graphical user interface, or Windows shell integration. 7-Zip began in 1999 and is actively developed by Igor Pavlov. It is related to a cross-platform port, p7zip.
  3. Of course a Dropbox account.
  4. Your favorite text editor.

The Batch File Broken Down

Now it is important to understand that my intent is to demonstrate how to backup items such as your favorites, email, and anything else that you deem important. I will not go into the details of the command line switches as they apply to 7Zip and Robocopy rather I will explain the use in my example.

First, define the variables. I prefer this method because it is clean and provides a single line item.

:: variables
set dailyDrive=C:\Users\SomeUser\Dropbox\Backup
set backupCmd=robocopy /S /Z /COPY:DAT /MIR
set zipCmd="C:\Program Files\7-Zip\7z.exe" a -tzip

So what is really happening here?

  • dailyDrive defines where my backup is stored (remember by using Dropbox it automatically syncs to the cloud)
  • backupCmd defines the robocopy executable and the switches
    /S :: copy Subdirectories, but not empty ones
    /Copy:DAT :: What to COPY (default is /COPY:DAT)
    /Z :: copy files in restartable mode
    /MIR :: Mirror a directory tree (equivalent to /E plus /PURGE)
  • zipCmd defines the 7Zip executable and the switches
    a :: This command stands for ‘archive’ or ‘add’. Use it to put files in an archive.
    -tzip :: format zip

I use to goto statements to both run the backup as well as exiting once complete.

:FULL_BACKUP

echo ### Backing up Favorites...
%backupCmd% "%USERPROFILE%\Favorites" "%dailyDrive%\Favorites"

echo ### Compress and Backing up Email...
%zipCmd% C:\Users\SomeUser\Dropbox\Backup\Email\email.zip "%USERPROFILE%\Documents\Outlook Files"\*.pst"

echo ### Backing up Wallpaper...
%backupCmd% "%USERPROFILE%\Documents\Wallpaper" "%dailyDrive%\Wallpaper"

cls
Echo Congratulations you have backed up your data!
goto EXIT_BACKUP

:EXIT_BACKUP
exit

It is important to state that “%USERPROFILE%” is simply the environment variable within Windows for the individual. In the example above I am performing three basic actions:

  • Backing of up my favorites
  • Compressing and backing up my email
  • Backing up my wallpapers

While there is much more data you may wish to backup this should clearly demonstrate how to get started. For example, say you have a folder called “TaxRecords”, all you need to do is add the following to the batch file.

echo ### Backing up the user defined data...
%backupcmd% " c:\TaxRecords" %drive%\TaxRecords"

Finally, add the batch file as a scheduled task or as a start-up item to execute each time you log into Windows. Upon execution you will see a command window similar to the following:

backup command window

Complete Batch File

@echo off

:: variables
set dailyDrive=C:\Users\SomeUser\Dropbox\Backup
set backupCmd=robocopy /S /Z /COPY:DAT /MIR
set zipCmd="C:\Program Files\7-Zip\7z.exe" a -tzip

cls

goto FULL_BACKUP

:FULL_BACKUP

echo ### Backing up Favorites...
%backupCmd% "%USERPROFILE%\Favorites" "%dailyDrive%\Favorites"

echo ### Compress and Backing up Email...
%zipCmd% C:\Users\SomeUserDropbox\BackupEmail\email.zip "%USERPROFILE%DocumentsOutlook Files"\*.pst"

echo ### Backing up Wallpaper...
%backupCmd% "%USERPROFILE%\Documents\Wallpaper" "%dailyDrive%\Wallpaper"

cls
Echo Congratulations you have backed up your data!
goto EXIT_BACKUP

:EXIT_BACKUP
exit

Conclusion

That is all it takes to backup your important data all without spending anything. Of course as your data needs grow there may be a time that you find yourself needed more than the free 2GB that Dropbox provides and cost for additional space is very reasonable.

Do you have any tips on data backups? If so, leave a comment.

How To Use ScreenFlow To Capture Netflix Streaming Media

Posted by Steven Swafford on March 19, 2011

streaming media

First things first, I am not advocating violating copyright laws and you should clearly understand the Digital Millennium Copyright Act surrounding digital media before you try capturing media. Previously I wrote about How to Backup DVDs with Handbrake and this article is very different in nature. Because you do not own the content that you wish to capture you will likely find yourself in a legal battle should you distribute such content. That being said since I am a paying NetFlix subscriber there are often times that I may be traveling and I don’t have access to the internet. Because of this fact I thought to myself there must be a way to capture that movie or television show and play it on my iPad and then ultimately deleting the media once I have watched it.

In the past few months I have begun using my MacBook Pro more and more and when it comes to digital media and software associated in this area I feel nothing performs better than the Mac Operating System. Case in point is ScreenFlow which is a professional screencasting studio. Just stop and think about it for a moment and I am sure you will begin to understand just how simple it is to capture streaming media.

Recording NetFlix Streaming Media with ScreenFlow on a Mac

  • Grab ScreenFlow, a screen video capture software for Mac.
  • Launch ScreenFlow for Mac and the following dialog window will appear:

screenflow dialog

  • When you finish your recording, press command-shift-2 to stop recording. ScreenFlow will create a new video files with the recording.
  • Press Command-E or select “Export” from the File menu to export your recorded video:

screenflow export recording dialog

The end result is a high quality recording, grab ScreenFlow and see for yourself.

Update, I just ran across an article titled Media Converter for OS X is the Simplest Drag-And-Drop Video Converter Around where Whitson Gordon says, “If you need to convert a video for your iPod, a DVD, or even just rip the audio out of a movie, free app Media Converter will do it with just a quick drag-and-drop.”

Pages:123456»