Tag: pen testing

Posted on

Useful cyber security learning sites: an essential top 10 list of platforms

Here is a short summary list of useful cyber security learning sites, suitable for all levels of experience ranging from novice, through to more advance levels of skills and expertise.

In no particular order:

1. The XSS Rat (https://thexssrat.podia.com/) provides material relating to penetration testing and web application security.

2. TryHackMe (https://tryhackme.com/) has various training paths and rooms relating to both offensive and defensive cyber security. Offers free and paid for content.

3. Security Blue Team (https://securityblue.team/) provides learning material for blue team defenders. Offers certification for working within a SOC environment.

4. OffSec (https://www.offsec.com/) formerly Offensive Security, that offers a premier platform within offensive security for training, certification and community-based activities.

5. Hack The Box (https://www.hackthebox.com/) is a useful platform that offers both free and paid for content, that allows CTF hobbyists to exploit vulnerable machines created by the community.

6. Portswigger (https://portswigger.net/) a professional web application software company that provides the well known BurpSuite tool, and offers a learning platform and certification.

7. PentesterLab (https://www.pentesterlab.com/) is a learning platform for web application testing and several other learning paths, covering learning material useful for cyber security.

8. Altered Security (https://www.alteredsecurity.com/) provides training and certification that focuses more on red teaming, penetration testing Microsoft Active Directory based networks.

9. Zero-Point Security (https://www.zeropointsecurity.co.uk/) is a learning platform that covers red teaming, such as targeting simulated users, using C2 infrastructure, and exploitation.

10. INE (https://ine.com/) a learning company that acquired the eLearnSecurity platform, offering cyber security certifications around penetration testing infrastructure, and web applications.

Posted on

New CREST penetration testing certifications

CREST has recently announced several new penetration testing certifications:

  • CREST Registered Security Analyst (Penetration Testing) – CRSA
  • CREST Certified Security Consultant (Red Team) – CCSC RED
  • CREST Certified Security Consultant (Networks) – CCSC NET
  • CREST Certified Security Consultant (Web) – CCSC WEB

Further information can be found on the CREST website.

Posted on

How to become CHECK “green lighted” to deliver ITHC (guidance for organisations and people)

For a company to become a CHECK approved organisation, otherwise known as having been granted a green light status to undertake ITHC penetration testing or vulnerability assessment services, a CHECK approved company is able to conduct security assessments for UK government agencies or critical national infrastructures (CNI).

NCSC has the following to say when discussing what CHECK is and what it means for penetration testing services:

CHECK is the term for the NCSC approved penetration test companies and the methodology used to conduct a penetration test. Companies providing CHECK services do so using staff who hold NCSC approved qualifications and have suitable experience. Penetration tests are conducted using NCSC recognised methods and the subsequent report and recommendations are produced to a recognised standard.

Also directly qouted from the NCSC website for obtaining CHECK, the following criteria must be met prior to the CHECk assessment:

  • the company must be able to sign-up to English law
  • the company must have performed penetration testing service under their company name for a minimum of 12 months
  • all proposed team members must be able to hold SC clearance
  • there is a minimum of one team member who has passed a CHECK Team Leader examination, and can provide a technical (only) CV, 2 redacted penetration test reports they have authored, and have at least 12 months penetration testing experience

Guidance for organisations seeking to be assessed by NCSC in order to obtain CHECK status can be found: here

Posted on

How to join CREST as an organisational member

CREST is widely known in the penetration testing indusry, due to CREST’s professional membership scheme, professional certification for penetraiton testers, and support towards becoming CHECK with NCSC.

Ann excert from CREST’s website regarding membership:

In accordance with CREST’s stated aim “to increase professionalism in the security testing industry”, CREST places requirements on member companies in order to ensure that consistent standards of services are delivered.

It is worth noting that as covered in the FAQ provided by CREST, obtaining organisational membership is not dependant on people holding CREST-based certifications.

For full guidance on joining CREST as an organisational member (for organisations), the following link will be of help: click here

Posted on

Nessus has detected that API access on this scanner is disabled.

Nessus displays warning “Nessus has detected that API access on this scanner is disabled” during usage.

To fix this issue, the Nessus service must be stopped, the configuration reset, Nessus restarted and then registered using your previous registration key.

1. Stop the Nessus service:
service nessusd stop

2. Reset the configuration:
/opt/nessus/sbin/nessuscli fix --reset

3. Start the Nessus service:
service nessusd start

4. Register Nessus using your previous registration key:
/opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx-xxxx

5. Login to Nessus to update plugins.

Posted on

Alien Vault – How to Prepare to Take the OSCP

Offensive Security Certified Professional (OSCP) – Most recognized penetration testing certification in the industry.

  1. Earn after passing the 24-hour performance based exam
  2. Pre-requisite Course: Penetration Testing with Kali Linux (PWK)
  3. Certification proves you have a clear and practical understanding of the penetration testing process and life-cycle
  4. Virtual network containing targets of varying configurations and operating systems
  5. An OSCP is able to identify vulnerabilities and execute attacks in a controlled and focused manner.

Alien Vault – How to Prepare to Take the OSCP: Link

Posted on

Advanced Netcat Commands

Update to post “Netcat Commands – https://kevindicks.co.uk/blog/2017/08/14/netcat-commands/

File transfer between client/server
Server:
#cat file.pdf | nc -l -p 1234

Client:
#nc localhost 1234 > file.pdf

Web server
Server:
#(echo -e “HTTP/1.0 200 Ok”; echo “My HTTP server”;) | nc -q 1 -l -p 8080
Browse to the location – http://localhost:8080

Execute program
Server:
#nc -l -p 123 -e /bin/bash

Client:
#nc <server_ip> 123
#whoami
#pwd

Posted on

Netcat Commands

connect to somewhere: nc [-options] hostname port[s] [ports] …
listen for inbound: nc -l -p port [-options] [hostname] [port]

Options:
-c shell commands – as `-e’; use /bin/sh to exec [dangerous!!]
-e filename – program to exec after connect [dangerous!!]
-b – allow broadcasts
-g gateway -source-routing hop point[s], up to 8
-G num – source-routing pointer: 4, 8, 12, …
-h – this cruft
-i secs – delay interval for lines sent, ports scanned
-k – set keepalive option on socket
-l – listen mode, for inbound connects
-n – numeric-only IP addresses, no DNS
-o file – hex dump of traffic
-p port – local port number
-r – randomize local and remote ports
-q secs – quit after EOF on stdin and delay of secs
-s addr – local source address
-T tos – set Type Of Service
-t – answer TELNET negotiation
-u – UDP mode
-v – verbose [use twice to be more verbose]
-w secs – timeout for connects and final net reads
-C – Send CRLF as line-ending
-z – zero-I/O mode [used for scanning]

Port numbers can be individual or ranges: lo-hi [inclusive]

Hyphens in port names must be backslash escaped (e.g. ‘ftp\-data’)

Note that Netcat sends/receives data in cleartext. For encrypted data, replace command “nc” with cryptcat”.