Saturday, July 19, 2014

Penetration Testing - An Asterisk VoIP IP-PBX System Using SIP-based Calls

VoIP stands for Voice over Internet Protocol which is mainly used to establish the telephony connections with the help of the internet. Asterisk is the PBX (private branch exchange) daemon and the telephony switching daemon for this VoIP. This asterisk software is open source and will be available freely in the internet [1]. This asterisk based VoIP supports different signalling protocols like SIP, MGCP, and H.323 etc.
Installation of VoIP

-> For the installation of the aestrix based VoIP in the Linux server machine, download the VoIP software from the link http://www.digium.com/en/ . Then follow the installation steps that are required for installing this VoIP in the Linux machine.

Sunday, May 25, 2014

Packed File Forensics With PEextract Tool

Python is the only language which provides a better interface for the analysts who are working in forensics departments. It is a high level language. The analyst can write scripts in order to examine the different evidence. In the past many analysts have written open-source scripts which got rapidly used by the world in forensic investigation. For example, volatility tool for the memory forensics analysis, GRR, which is a rapid incident response framework, libppf, which is a helpful tool to access the personal files and folders. This paper will provide you the introduction to different areas of forensics in which python is used as a scripting language. Then I will develop an artefact in which I will create a python tool which will be used in forensics to analyse PE file format which is known as portable executable file attributes. Quickly generate using Python to further examine the evidence.

Saturday, May 17, 2014

M0n0Wall Firewall Penetration Testing

The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are:·One of the benefits would include testing the equipment that is supposedly protecting the network. Another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment. You will also need to understand the automated methods of detection such as web applications, network, and host-based intrusion detection systems that are in place to avoid triggering alerts.

Thursday, May 1, 2014

Fool The Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system. The general goal of the program is to make the information gathering phase slow and bothersome for your attackers as much it is only possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.

So let’s start directly. So this is how the common structure of portspoof. First I will mention normal network structure without using portspoof and then with using portspoof. Below figure shows the normal structure of my network.

Friday, April 25, 2014

Exploitation Through Metasploit

Exploitation is the main part of penetration testing many security professionals’ careers. The ability to gain full control over a targeted machine is a great feeling. Various system and network protections have made it increasingly more difficult to succeed with basic exploits. So we need to know advance exploitation.

In this article, we move into more difficult attack methods, beginning with command-line interfaces to the Metasploit Framework. Most of the attacks and customizations discussed in this article will occur in msfconsole, msfencode, and msfpayload.

Before you begin to exploit systems, we need to understand a few things about penetration testing and exploitation.

Vulnerability Scanning With Metasploit

Vulnerability scanning is part of penetration testing. A vulnerability scanner is an automated program designed to look for weaknesses in computer systems, networks, and applications. There are many vulnerability scanners available for penetration Testing. But here we use Metasploit framework for scanning vulnerability.
 Various operating systems respond differently because of the different networking implementations in use. These unique responses that vulnerability scanner uses to determine the operating system version and even its patch level. A vulnerability scanner can also use a given set of user credentials to log into the remote system and enumerate the software and services to determine whether they are patched.

Tuesday, April 15, 2014

Information Gathering Through Metasploit


Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to learn how the organization operates, and to determine the best route. Metasploit is a best console for information gathering it is very comprehensive penetration testing tool. In this article, I am going to cover whole information gathering of a network using Metasploit.

Information gathering requires careful planning, research, and, most importantly, the ability to think like an attacker. At this step, you will attempt to collect as much information about the target environment as possible.

There are two types of information gathering passive and active.

Saturday, April 5, 2014

CASE STUDY – NEWS OF THE WORLD PHONE HACKING SCANDAL (NOTW)


The world is growing rapidly with various technologies, and accordingly the illegal activities are being increased by adopting these new technologies. Every country has their own laws and regulations. In the UK people are convicted under the Computer Misuse Act 1990 for illegal activities, which are done with the help of technologies, and there are evidences proved that many people have been sentenced under those laws (Turner, M., 2013).Apart from that, there are few regulations such as RIPA 2000, which gives power to certain authorities in the UK to carry out surveillance or intercepting the communications against a person for a specific reason. The question is that how these laws are being used effectively and reasonably? Gaining information illegally or by misusing the power of rights is against the law and publishing this information is unethical and against Media Regulations.