There are tutorials and plenty videos on the subject. This is handy for quick pen tests. You scan a nice vulnerable system using Nessus.

- You just export the results to a .nessus file.
- You then import them into your setup database using:
msf > db_import /root/filename.nessus
- Then you exploit
msf > db_autopwn -t -p -e -b
- You will then see all the exploits being sent and hopefully get a session like so:

Then you should have access to the system. I did this with the latest Backtrack 4 BlackHat edition. With the latest Nessus 4.2.2.

Here are some other resources:
Metasploit 3.0 Automated Exploitation

Check them out:

Exploit MS Help vuln with Metasploit from Albert R. Campa on Vimeo.

So should you monitor your kids computer activity? Web activity, etc? Is it invasion of privacy? When do you stop monitoring their internet use? How do you monitor or filter computer use? What is the difference between this type of monitoring and business monitoring of employees?

This is my view of the subject.

Safeguards: Protection from themselves and of the integrity of your system and confidentiality of your private information.

• Use OpenDNS service for some web filtering. Or an equivalent UTM or proxy type technology.
• Use up to data AntiVirus software and HIPS if you can get it for a low price or free.
• Most importantly educate them. Talk to them on the dangers of the internet and how to protect their privacy.
• For smaller kids, maybe below age 14, whitelist their websites. They may only frequent a few kids game sites, like disney, online gaming sites or webkinz. They shouldn’t need access to the whole internet at younger ages.
• Ensure you keep the computer in an open area. Kids don’t need to have private time for internet surfing or using idle time on the computer. This is how they can get into undesired sites and possibly malicious sites.
• With kids, decision making isn’t always the greatest, so I need to stress the importance of educating them on the consequences of going to the wrong sites, or giving up sensitive information.

Monitoring viewing browsing history, proxy logs, keylogs)

• Occasional monitoring I think is responsible. This can help you know of any dangers or provide praise and trust to know you child is making wise decisions.
• Since website usage can lead to your computer being hacked, proxy logs are important to know how or where your computer accessed that may have caused infection.
• Again, education that website access is monitored and logged not only by parents but even by ISPs is important. This discussion again should include the consequences of unwise computer use, such as malware infection, loss of sensitive data, illegal downloading of music/movies, and damaging website access to ones morals or even online predators.

In business, web proxies are used to keep employees from hurting themselves or their PCs. It also helps them to be productive. No more sport sites, or other non-work related websites. These logs are monitored for a lot of the same reasons mentioned above. To identify possible sources of malware infection, misuese of internet, etc. The same is done with our children. Instead of doing homework are they playing games? Instead of writing their paper, are they on facebook installing malicious apps? Monitoring is the way this is done. Do you let your teenager go out with out asking where?

In conclusion, if adults need monitoring at work, why not children who arent the best decision makers and are in the learning phase of their life? They should need it even more. They need to be watched and cared for and advised when they are making mistakes, because they will make mistakes. They need to be educated and informed of possible dangers. They need to be advised of the reasons for monitoring and that it is done with care for their well being. Not to invade their privacy or spy on them.

I attended the morning session of Security B-Sides Austin, last week. It was pretty good. Rocky DeStefano, presented on SIEM and that is something that has my interest as of late. He had some very good information and I would definitely recommend talking to him about strategies of evaluating and using SIEM technology. Definitely check out his blog at: http://www.visiblerisk.com/blog/

I also noticed Leigh Honeywell planned for a discussion on hackerspaces. I couldn’t make it but got her information and told her about the Austin Hacker Space. She has since joined the mailing list and has even made it over to visit(I believe). I am still struggling for time to make it over there, but be sure to check out the site:

http://www.austinhackerspace.org/

I know they are there on Saturdays from 9am-5pm. I need to get out there as well. Check out the IRC channel and the mailing list. Any help, I am sure will be greatly appreciated.

You can download them here:

http://www.edge-security.com/soft.php

The Harvester:
Screen shot below is of the usage instructions for the script. You can use the Harvester to search google, bing, linkedin or pgp for email addresses or possible user names of a target network. This information can then be used to perform password guessing, or even better client side attacks via phishing emails.

Megagoofil:
The screen shot below shows the help for metagoofil. You notice the switches are similar, with -d indicating the domain you want to search. This tool will search google for documents of the types listed below. It will then download the documents and run this tool to extract metadata from each files. This metadata can include usernames, or file paths that the files contain. These file paths can contain usernames such as c:\documents and settings\<username>\My Documents\

Soon I hope to be able to provide video tutorial of these and other tools and techniques. Stay tuned,

SANS Security 560: Network Penetration Testing and Ethical Hacking.

This is a course that is taugh at the bigger SANS conferences by Ed Skoudis. Ed also wrote the material for the course. He works for InGuardians, which is an information security firm in DC. He is one of the top security guys out there and you can tell from the course. This course goes over the whole pentesting process, from start to finish. From getting a pentest gig to turning in the final report to your client. Very good information on preparation, recon, as well as in depth technical skills to penetrate systems. I took the mentor course and found it to be very informational and provided lab access to practice what you learn and even a capture the flag exercise at the end. I highly recommend this training course, whether it be at a SANS conference or by other delivery means, such as Mentor.

Offensive Security: Penetration testing with Backtrack

This next training course, I am currently going through, and I am impressed so far. Pentesting with Backtrack (PWB) is a course developed from the creators of Backtrack, themselves. You get connectivity to laps, so you can run the tools in Backtrack, scan, exploit and revert VM if you need. You use your downloaded instance of Backtrack to go through the course and I can say that it is very in-depth. You are given videos explaining the teaching and labs/exercises. You also get a document with all the course information to go along with the videos. This training is all hands on, with steps such as recon, scanning, even some exploit creation all using the suite of tools provided in Backtrack. Backtrack is such a huge tool to pentesters, so this course is very essential training. The site has reviews from those of HD Moore, Kevin Mitnick and others. I am going through the Online version of this training but there is also an in class course.

I hope to post some videos from my own research and work with the skills learned in these both courses. Penetration testing is very important to test your security controls. It gives you real insight into your security posture and what you should really be concerned with.

This is not enough. Look at this password, you may even have used it:

ZAQ!1qaz

This password complies with all the requirements I mention above. Take a moment and look and your keyboard and how easy it would be to type that password in. You hold down Shift key and go up the keys on the far left, then let go of shift and go back down. This is called a keyboard combination, and you can imagine there are many. Just go down your keyboard and you can find many possible easy to remember or type in passwords.

Problem with this is you can also create a pretty good password file to then crack passwords. If you audit your domain passwords you might use pwdump or fgdump to extract the hash from your domain controller or even local computer. Then with the hashes you can run them through john the ripper and use a dictionary file with these password combinations. Just like that you can catch users that put this bad habit in practice. So it would seem our initial control of AD password complexity is not fully working.

This is where a program like PPE, password policy enforcer can help you out. PPE gives you the ability to put a dictionary file in the AD complexity rules. In addition to complexity requirements, you can force users to not create passwords that exist in a dictionary file of your choice. This way the next time you crack passwords, theoretically you should crack 0 passwords, if you are using the same dictionary file.

There are additional security measures such as multi factor authentication, biometrics, etc, but this is a good start.

See link for details and sign up!

If you click on the ad at the bottom right of the site, you can help me out with a referral to the training.

http://www.sans.org/mentor/details.php?nid=21188

I was reading Fyodor’s book on nmap and want to share some interesting quotes.

This is on page 19 of the book that talks about port scanning systems.

“…no application, host, or network component should ever crash based on an Nmap scan. If they do, that is a bug in the system which should be repaired by the vendor.”

“…poorly written applications, TCP/IP stacks, and even operating systems have been demonstrated to crash…”

“…finding that a machine crashes from a certain scan is valuable information. After all, attackers can do anything Nmap can do…”

“Reducing the ports/hosts scanned reduces the number of state entries and thus might help those sorry devices stay up.”

This sums up my beliefs exactly. If I scan a system and it crashes, they need to fix it. I am not exploiting or doing anything nobody else can do.

In adition to the descriptive words of these systems used by Fyodor, I would add the word finicky.