New THA Modules: Metasploit db_commands and Intro to PDF Launch Action
October 29, 2010
New October content released to The Hacker Academy Premium Members site!
A quick update before the end of October just to give some insights into some new content released to our Premium members this month.
Firstly is Dan Frye’s latest module on Advanced Metasploit, where Dan covers the use of db_commands. An excerpt from his lesson:
“Using the db_ commands in Metasploit is one of the key efficiencies of Metasploit when working with a team of pentesters. In this module we’ll review the commands and cover two really helpful components of Metasploit – the db_nmap and db_autopwn commands.” Become a member to see the rest of the lesson.
Jeremy Conway bring our students the next in his series of modules based PDF vulnerabilities. This month, he discusses the PDF Launch Action, Jeremy explains:
“The PDF Launch action is a built-in feature of the PDF specification that can be utilized to carry out Social Engineering attacks. In this learning module we will introduce you to the PDF Launch action by taking a look at it’s syntax, capabilities, and restrictions for usage. The PDF Launch action is another one of those fine examples where a feature can be abused to carry out interesting attacks without having to exploit a vulnerability. Unlike vulnerability exploitation, feature abuse can be tougher to address since it requires a feature specification change and/or feature removal that will likely break applications and/or use cases that rely upon the feature.” Become a member to see the rest of the lesson.
Not a member? Just take a quick trip over to our membership page and sign up – you’ll have access to the whole gamut of modules available to our members, but the above are great examples.
Cheers,
The Hacker Academy Team
Grabbing PDF Metadata
October 13, 2010
We’re incredibly lucky to have amazing instructors here at THA. We’ve worked hard to find people who aren’t just strong engineers/researchers/hackers, but who also can teach.
Even luckier for us, the old saying isn’t true: those who teach for us can also do.
One of our favorite new instructors is Jeremy Conway. Jeremy is one of the most well-rounded security people I’ve ever met – he builds SOCs (Security Operations Centers), he does forensics, he can hack with the best of them, and (in his day job) he helps design the future of products for Nitro Security (disclaimer: Nitro is a partner of MAD Security). While Jeremy can (and does) do almost anything in security, one of his areas of focus for the past little while has been on the scourge that is PDFs. Jeremy’s research in to PDF attacks is well respected and he does some really cool analysis.
To that end, members of The Hacker Academy have been treated over the past couple of months to Jeremy’s modules on how to use PDFs to compromise users. His latest one also includes instructions on using a tool that he developed called PDF MetaSlurp. This is a tool that will use search engines to perform data analysis and data grabbing on all of the PDF files that are publicly accessible for a given domain. It’s a tool that we’re integrating in to our normal pen-test reconnaissance phase and the results are nothing short of spectacular.
This (like most of our tools) is a quick script – it’s not full-blown commercial software, so it doesn’t come with a warranty or instructions. (If you want detailed instructions on its use, you’ll have to become a member). But we think you’ll find it useful.
Tooncon: a night out on the ‘toon’
October 8, 2010
On the 1st of October 2010, I had the great pleasure of attending the second ‘Tooncon’ infosec meetup. Named after the town where it is hosted (Newcastle-Upon-Tyne is nicknamed ‘the toon’ after the regional pronunciation of ‘town’), Tooncon is a hacker meet-up where established infosec enterprises share ideas and experience with other businesses and local ethical hacking and computer forensics students.
What is unique about Tooncon compared to the other ‘run-of-the-mill’ hacker meet-ups is the unique dynamic between the students at the local universities who study some variety of infosec course and the local infosec related businesses.
On this occasion, the group met at a local ‘world’ bar called Nancy’s Bordello. Upon arrival, multiple impromptu wireless internet connections were created and a mad scramble for powerports began. Once everyone was nice and comfortable, with a drink in one hand and their backtrack-booting netbook in another, the true magic began.
In what could only be described as not unlike vultures attacking an injured gazelle on the Serengeti Plains; a sizable portion began looking for vulnerabilities in an unnamed, popular web browser, whilst another portion of the group decided to have an in-depth conversation about ARP poisoning.
In some respects we must have looked considerably conspicuous; a group of blatant geeks sat with their laptops out whilst the rest of the room was dancing to the Buena Vista Social Club. Nonetheless, we were left to our own devices, and had a fun, productive meeting.
For those who intend to attend a Tooncon gathering, it is held on the first Friday of every month at Nancy’s Bordello, 13 Argyle Street, Newcastle Upon Tyne, near the Manors metro station.
Cheers,
Matt Hughes
Jr. Instructor
BruCON Brussles 2010
October 8, 2010
From the 23rd of September to the 26th of September, I had the pleasure of visiting the Belgian capital of Brussels for the two day hacker conference that is BruCON.
Held in the breathtaking post-modern architecture of the Belgacom Surfhouse, the hackers that had flocked from five continents to visit were provided with food, beer, a fat-pipe and all the mind-expanding talks they could consume.
Dale Pearson did a fantastic talk on hypnotism, neuro-linguistic programming and how that translates into social engineering; a useful part of any penetration test. Dale is an effective speaker and certainly conveyed points that would normally arouse skepticism.
Paul Assadoorian gave a talk on embedded system hacking. He talked about the importance of embedded systems in our society today, and how they can be exploited to gain world domination. Paul is a naturally charismatic person, and an absolute riot to hang around with. I’ve got massive respect for all the work he does.
Of course, there were more talks than these two, although for the sake of brevity, I’m just going to mention these two. It’d be a fairly lengthy blog post otherwise.
When we got tired, we drank an energy drink native to Germany called ‘Club-Mate’ (pronounced mah-tey), popular with hackers and geeks worldwide. It has an unusual taste, and as its brutally honest tag-line says, ‘you’ll get used to it’.
Infosec podcasting heavyweights such as Paul Assadoorian of Pauldotcom and Chris Nickerson of Exotic Liability were in attendance, along with the SecureIT podcast, Disaster Protocol and EuroTrashSecurity. The culmination of this was the podcasters meetup. To a live audience in the main auditorium, the podcasters thrashed it out in a heated debate about security professional/developer relations and whatever came to their minds.
After all the talks, we all headed to the local bars to hang out, wind down and grab some of the fantastic Belgian beer. It was a pleasure to hang out with the heavyweights in the industry and grab a beer with them, and I look forward to the next years festivities!
Cheers,
Matt Hughes
Jr. Instructor
Check out Dan at BSides Atlanta
October 7, 2010
It’s always cool for us at THA when one of our instructors speaks at a conference.
This week, THA’s Dan Frye will be speaking at BSides Atlanta. His talk is on the “Basics of Securing PeopleSoft Architectures” – it’s one of the best sets of slides I’ve read in a while (and I read a lot of slides). There are so few people in our industry who really understand how to secure Peoplesoft, and Dan is one of the best out there. He’s been working with the security side of Peoplesoft in detail for a lot of years.
If you’re in the Atlanta area and you’ve ever had any thoughts or questions about Peoplesoft security, you absolutely have to check this one out. And if you’re not, rumor has it that they’ll be live-streaming the conference.
My only disappointment is that I won’t be there to see it myself.
