Hakin9_EXTRA_01_2011.pdf

EXPLOITING SOFTWARE

PRACTICAL PROTECTION IT SECURITY MAGAZINE

Dear Readers,

This is the opening issue of the second line of Hakin9

magazine. This line will be a series of monthly, topical issues.

We are starting with the topic Exploiting Software.

The biggest problem is that programmers who create the

software focus on several safety aspects, but they sometimes

miss the inside vulnerabilities. This problem was summed up

by Gary Miliefsky, in his article on Exploiting Software: Most

programmers are professional and have learned the basics

of proper software development – commenting, structuring,

testing, etc. but this is not enough. Today’s software

engineers need to become computer and network security

professionals so they can develop hardened software from

the inside. If they don’t then some hacker, virus, worm, cyber

criminal or cyber terrorist will leverage the holes in their code .

Because of that, exploits are becoming widely used. There is

also another aspect influencing the popularity of exploits, new

tools are available for free, for example social networks. This,

as well as other topics, are widely discussed by Rebecca

Wynn in her article Exploit Kits – Cybercrime Made Easy:

Whether the attacker is targeting a CEO or a member of

the QA staff, the Internet and social networks provide rich

research for tailoring an attack. By sneaking in among our

friends, hackers can learn our interests, gain our trust, and

convincingly masquerade as friends. Long gone are the days

of strange email addresses, bad grammar, and obviously

malicious links. A well-executed social engineering attack has

become almost impossible to spot .

Another very interesting view on the topic of exploiting

software is the so-called human buffer overflow. Chris

Hadnagy explains this in his article Exploitation of the

Human OS – The Human Buffer Overflow: Obtaining code

execution is the easiest and most direct way to reach this

goal. Social Engineering professionals are no different. Yet

one of the most asked questions that we receive is how can

a social engineer execute code when dealing with people?

That question really leads us to think about what our goals

are during a social engineering pentest. In the case of most

social engineering pentest, we are trying to get people to

take actions that under normal circumstances would cause

all sorts of red flags to going off. How can we do it? How can

you influence someone to take an action that they know they

shouldn’t? I like to call it the human buffer overflow .

And this is not all we prepared for you in this issue. I hope

you will find all of the article included very useful and

interesting. Next month, we will discuss the topic of ID thefts,

so don’t forget to visit Hakin9 website.

team

Editor in Chief: Ewa Dudzic

ewa.dudzic@software.com.pl

Managing Editor: Karolina Lesińska

karolina.lesinska@hakin9.org

Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,

Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt

DTP: Ireneusz Pogroszewski

Art Director: Ireneusz Pogroszewski

ireneusz.pogroszewski@software.com.pl

Proofreaders: Michael Munt

Top Betatesters: Rebecca Wynn, Bob Folden, Shayne Cardwell,

Simon Carollo, Graham Hili.

Special Thanks to the Beta testers and Proofreaders who helped

us with this issue. Without their assistance there would not be a

Hakin9 magazine.

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa Dudzic

ewa.dudzic@software.com.pl

Production Director: Andrzej Kuca

andrzej.kuca@hakin9.org

Marketing Director: Karolina Lesińska

karolina.lesinska@hakin9.org

Subscription: en@hakin9.org

Publisher: Software Press Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.hakin9.org/en

Whilst every effort has been made to ensure the high quality of

the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only for

informative purposes.

All rights to trade marks presented in the magazine are

reserved by the companies which own them.

To create graphs and diagrams we used

program

The editors use automatic system

Mathematical formulas created by Design Science MathType™

DISCLAIMER!

The techniques described in our articles may only

be used in private, local networks. The editors

hold no responsibility for misuse of the presented

techniques or consequent data loss.

Enjoy your reading

Karolina Lesińska

www.hakin9.org/en

CONTENTS

6 Ask the Social Engineer: Exploitation of the Human

OS – The Human Buffer Overflow

by Chris Hadnagy

Total domination is the goal for a penetration tester in every pentest – To

utterly hack the company and demonstrate their true exposure to malicious

attacks. Obtaining code execution is the easiest and most direct way to

reach this goal. Social Engineering professionals are no different.

10 From Fuzz To Sploit

by Israel Torres

By now everyone has heard of buffer overflows and a lot have been hearing

about it for the last 15+ years. Through this time period there have been

many techniques evolved both to combat vulnerabilities as well as persist

attack and exploitation. As security is most often most thought of as an

afterthought it is of no surprise that systems of all flavors (and their users

of all sizes) can still be dropped to its knees by such a fundamental attack.

18 Exploit Kits – Cybercrime Made Easy

by Rebecca Wynn

The playing field for cybercrime has changed. It has become wide open. Many

of the top attack exploit toolkits are now free! Symantec released its 2010

Symantec Internet Security Threat Report the first week in April 2011. Their

executive summary states that Symantec recorded over 3 billion malware

attacks in 2010 and yet one stands out more than the rest – Stuxnet.

26 Software Exploitation: Development Flaw or

Malicious Intent

by Rich Hoggan

It’s been said that lazy programmers make good programmers. Yet, it’s hard

to understand why laziness would be considered one of the virtues of a

good programmer let alone a virtue at all. By this point – however – I’m sure

you’re probably already asking why I’m bringing up laziness in relation to

programming.

28 Exploiting Software: The Top 25 Software

Vulnerabilities and How to Avoid Them

by Gary Miliefsky

Top 25 Most Dangerous Software Errors is a list of the most widespread

and critical programming errors that can lead to serious software

vulnerabilities. They are often easy to find, and easy to exploit. They are

dangerous because they will frequently allow attackers to completely take

over the software, steal data, or prevent the software from working at all.

36 Why Is Password Protection a Fallacy – a Point of

View?

by Yury Chemerkin

Make your password strong, with a unique jumble of letters, numbers and

punctuation marks. But memorize it – never write it down. And, oh yes,

change it every few months. These instructions are supposed to protect

us. But they don’t. A password is a secret word or string of characters that

is used for authentication, to prove identity or gain access to a resource

(example: an access code is a type of password). The use of passwords is

known to be ancient…

www.hakin9.org/en

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: