Publications
- Articles/White Papers
- Friendly Traitor: Our Software wants to kill us
-
This presentation series covers flawed features in many applications and devices that we use every day. From Adobe Flash to Verizon's MiFi devices, we have found features that can be abused in a trivial nature, yet often with disastrous results.
- Friendly Traitor: Our Software wants to kill us
- Advanced Metering Infrastructure Attack Methodology
-
This paper describes an attack framework designed by InGuardians to
evaluate the security of AMI technology. Intended for use by vendors
creating AMI products and customers testing their technology, this
framework seeks to provide guidance to engineers charged with assessing
and attacking the security of AMI technology. Developed in conjunction
with the AMI-SEC Task Force (part of the UCA International Users Group),
this methodology represents the standard security analysis framework for
AMI technology and related systems.
- Advanced Metering Infrastructure Attack Methodology
- Josh Wright debuts KillerBee: an attack framework designed to explore vulnerabilities in ZigBee and wireless sensor networks.
-
In this presentation, Josh examines how ZigBee technology interacts with the kinetic world in scary ways, exploring vulnerabilities in the ZigBee protocol and opportunities to exploit these deficiencies.
- KillerBee: Practical ZigBee Exploitation Framework
- Josh Wright and Matthew Carpenter release a presentation on Smart Grid Security
-
Smart Grid and Advanced Metering Infrastructure technologies hold great promise for modernizing the power grid. However, they may also introduce security vulnerabilities with potentially significant ramifications ranging from billing fraud to widespread sabotage.
In this presentation, Industrial Defender and InGuardians discuss security issues associated with various components of the Smart Grid. We will address attack vectors and scenarios, highlighting defensive strategies and tactics that organizations can apply to mitigate risks. We will also look at industry initiatives to help standardize secure and resilient deployments
- Smart Grid AMI Security Concerns
- Matt Carpenter releases two presentations on SCADA!
-
Matthew Carpenter recently participated in two keynote panels at the SANS
SCADA Summit, where he gave a turbo-talk-style overview of hacking Advanced
Metering Infrastructure (AMI) and the principles of penetration-testing in the
AMI space. Click here for Slides for both presentations as well as a formal
response to a question posed at the summit: "How do we fix it?"...
- SANS SCADA Pentesting Presentation
- SANS SCADA Hacking AMI Presentation
- SANS SCADA Summit Keynote Q & A
- Ed Skoudis and Frank Kim release a great paper on application security.
-
Increasingly, computer attackers are exploiting flaws in Web applications, exposing
enterprises to significant threats, including Personally Identifiable Information breaches
and uploads of malware onto vulnerable corporate Websites for distribution to customer
browsers. Many of these Web application vulnerabilities are a direct result of improper
input validation and output filtering, which leads to numerous kinds of attacks, including
cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many
others. This article describes some of the best defenses against such attacks, which every
Web application developer should master.
- Mike Poor's webcast slides: Pillage the village!
- Mike Poor gives a Core sponsored webcast Titled: Pillage the Village. Pilfering & Plundering for better Penetration Tests. This one hour presentation covers using sniffers and pilfering
techniques during a penetration test to gain further access. Sure,
sniffing passwords off the wire is good... but how about stealing the
RSA seed file? Pulling SSL certs and passphrases. "Sniffing" memory?
- Ed Skoudis releases 3 new awesome cheat sheets!
- Ed Skoudis releases 3 new cheat sheets for the most useful Windows command-line tools, Netcat, and other useful attack tools (Metasploit, Fgdump, and Hping). Get 'em while their hot!
- Windows Command Line Tools
- Super Netcat Cheat Sheet
- Useful Attack Tools
- Josh Wright releases article: Decrypting Debian-Vulnerable SSH Traffic
- Intro: My favorite security flaw from 2008 is the Debian OpenSSL vulnerability. Lots of analysis work has been done to understand the ramifications of this flaw, interesting because the effect of the flaw lasts long after vulnerable systems have been patched. Full recovery requires that all keys generated on a vulnerable system be replaced.
- Pen Test Perfect Storm Trilogy - Part 2!!!
- InGuardians is pleased to announce the release of the slides from Part 2 of the Pen Testing Perfect Storm webcast trilogy - featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson.
- Covering network, web app and wireless pen testing techniques, the second installment of Perfect Storm trilogy focuses on assessing the enterprise-wide fallout from a seemingly innocuous endpoint compromise - including how an exposed low-level Windows Vista box can quickly open the hatch to full-scale network subversion.
- During the webcast, you'll learn how to proactively test your network's vulnerability to sinking at the hands of a Client-Side Mutiny - and how to emulate what can happen after the initial compromise, including:
discovering wireless devices from exploited hosts with Josh Wright's newly released VistaRFMON
scanning and exploiting web applications with w3af
exploiting systems with Metasploit's integrated pass-the-hash functionality
Building on the premise that cyberthreats don't exist in a vacuum, the Perfect Storm webcast series presents tips for replicating real-world attacks that traverse multiple layers of infrastructure using combined network, web app, and wireless attack techniques.
- Pen Test Perfect Storm Trilogy - Part 1
- The Pen Testing Perfect Storm webcast series brings you a deluge of security assessment tactics and strategies from the combined forces of three penetration testing experts:
Kevin Johnson: web guru and senior security analyst
Josh Wright: wireless wizard and senior security researcher
Ed Skoudis: network security penetration tester
This trio of experts will show you how to assess an organization's real business risks by taking a holistic, comprehensive look at your information security - just as determined and skilled attackers do in the wild. You'll learn techniques for safely replicating chains of threats that can pivot throughout your infrastructure, including:
Web -- SQL injection, cross-site scripting, remote file inclusion, etc.
Wireless -- wireless LAN discovery, crypto and protocol attacks, client duping, etc.
Network -- port scanning, service compromise, client-side exploitation, etc.
This webcast series is ideal for anyone seeking to go beyond point-focused, "tunnel-vision" assessments to real-world penetration testing - mimicking the sophisticated, multi-staged threats that pose the most significant information security risks to organizations today. Download the slides from the first installment of this webcast trilogy here: Pen Test Perfect Storm Trilogy - Part 1!!!
- Secrets of America's Top Pentesters
- Ed Skoudis
- Authored by Co-Founder and senior security analyst Ed Skoudis, this presentation covers some
little-known but extremely helpful technical and procedural tips for
maximizing the effectiveness of pen tests. These secrets can help
testers save huge amounts of time, improve the likelihood of successful
compromise, and lower the chance of negatively impacting target systems
during a test. Based on experiences learned from in-the-trenches tests
by a dozen pen testers over the past year, Ed examines crucial
secrets associated with scanning, password attacks, exploitation, and
many other aspects that readers will be able to apply immediately in
their own penetration testing regimen.
- Vista Wireless Power Tools for the Penetration Tester
- Josh Wright
- This paper is designed to illustrate the Vista tools useful for wireless penetration testing, the format of
which is designed to be easy to read and utilize as a learning tool. Designed after the timeless work of
"Unix Power Tools" by Sherry Powers, et al, this paper presents several "article-ettes" describing the
requirements, Vista features and solutions for challenges faced by a penetration tester attacking
wireless networks.
-
This paper also presents two new tools, vistarfmon and nm2lp, both available on the InGuardians Tools page.
- IDS Deployment on Switched Networks Using Taps:
- Brian Liang and Jimmy Alderson
- This How-to Guide demonstrates how to scale IDS on a large network or ambiguous perimeter using network taps, comparing this to prior
methods using network hubs and switch spanning ports.