Raiders of the Lost ARP

Amatuer Network & Security Archaeologists, trying not to break things.

My Experience with the CCDE

On August 16th I was surprised to learn I actually passed the CCDE Practical. Holy cow! As with all Cisco E-level certs, a pass is a pass – we have no idea if I JUST made it or if I crushed it, but I felt like it would be nice to return the favor so many wonderful folks delivered and write my very own post-mortem. There is a healthy amount of imposter syndrome that creeps in any time I talk about recent events, but I hope that I can share some of what others passed along that influenced my own pursuit. After having the unexpected Pass result from the May 30th CCDE exam for a couple of weeks now, this is as good a time as any to share a little about the journey and what nuggets I found helpful. Continue reading

Scanning for Vulnerabilities with Arachni

Web application vulnerability scanners are big business. A quick search of alternatives will show you that there are literally hundreds of open source and commercial scanners, and all of them offer varying coverage of the vuln space as well as functions that extend into different phases of the Pen Test Kill Chain. As is the case with any trend in security, this explosion in the market is a symptom of something else entirely – web applications are by their very nature easy to access and popular for hackers to exploit. The payoff for a successful breach or compromise is massive.

Continue reading

Roll Your Own Kill Chain

When we conduct penetration tests, we are trying to mimic the actions an actual intruder or attacker would use to gain illicit access or otherwise compromise target systems. Knowing how they attack influences how we plan our penetration test. Most pen testers mimic some version of the Cyber Kill Chain discussed in a previous post. When Jason and I sought to write the Raspberry Pi pentesting update, we took some liberty with the Kill Chain.  We crafted a version to suit our needs for penetration testing. We did our best to show how different tools we used to get our Raspberry Pi through the entire operation:

Continue reading

BYOT (Bring Your Own Target)

Sorry readers – pen testing is far from a prescriptive field. A good deal of fun can be had, but there is an element of choose your own adventure here that means you’re going to have to continually adjust your plans and ensure you are meeting your needs, be they training or job specific. One of the most awesome aspects of the field is how many tools are published that can help you out! The hacking community is pretty collaborative, so there have been a plethora of tools out there for many years that evolve, receive updates, and see some pretty vibrant extensions and support.

Continue reading

Common Web App Defenses

If we step back and think about what customers are up against, it is truly staggering.  Building a secure web application and network are akin to building a nuclear reactor plant. No detail is small and insignificant, so one tiny failure (a crack, weak weld, or a small contamination), despite all of the good inherent in the design and implementation, can mean failure. A similar truth impacts web application security – just one flaw, be it a misconfiguration or omission in the myriad of components, can provide attackers with enough of a gap through which immense damage can be inflicted. And to add insult to injury, these same proactive defensive measures are relied upon in many environments to help detect these rare events (sometimes called black swan events). Network and application administrators have a tough job, and a white-hat’s purpose is to help them and their organization do it better.

Continue reading

« Older posts