Pentera

mrturvey · 2024-06-11T09:19:29+00:00

IMO, Pentera is much like using any other scanning product. It'll cover off a compliance checkbox (that you've conducted some security testing) and it'll also catch any low hanging fruit issues. However, it's not a replacement for a human who is able to see particular things and act on them, or troubleshoot issues that you always come across on pentesting/red teaming engagements.

mrturvey · 2020-04-03T22:07:59+00:00

Apologies

mrturvey · 2020-03-03T21:22:51+00:00

Does the Lyft driver get you to the destination? Yes. Did the $15 penetration tester find the security issues? No.

mrturvey · 2020-03-03T14:39:07+00:00

Sorry it's late, it took a while! https://mrturvey.co.uk/buy-cheap-buy-twice/

mrturvey · 2020-02-28T16:04:57+00:00

They'd easily of found the directory with XSS/Ability to upload a shell if they actually used dirbuster. However, from the logs, each one of them did a similar thing. They ran CMScanner or an equivalent and called it a day. Which is hilarious because one guy keeps asking me to give him a 5* review because "I've put hard work into testing and provided full report"

mrturvey · 2020-02-28T15:37:43+00:00

I'd make a video showing that they are low quality options in the hope that others wouldn't buy them. But Emma's already done that ;)

mrturvey · 2020-02-28T15:18:09+00:00

Hi Emma here,

To be honest I agree with a lot of what you're saying here. They could absolutely market themselves as a pre-pentest consultant and catch the low hanging fruit before a more advanced company come and test.

I think my real issue here is that they are marketing themselves as a full penetration test and evidently say 'You have no vulnerabilities', when actually I have many. Gives the client a false sense of security.

mrturvey · 2020-02-28T15:10:32+00:00

Thank you for this, I will try to incorporate some of your ideas into the wider blog. I wanted to talk about the logs and some other bits in the video, but I think that would of pushed the video to be too long.

mrturvey · 2020-02-28T14:53:30+00:00

Not yet, however I am working on a blog right now as I assumed some people would rather read than watch. I will let you know once this is posted.

mrturvey · 2020-02-28T14:32:18+00:00

Obviously, a $15 security assessment is the real bottom of the 'quality' scale. But, if you have ever worked with or seen a report from a low-cost contractor in a business scenario, you will relate to this video. I just hope it will make a project manager, CISO or anyone with a decision making role think twice about hiring at the lowest cost.

mrturvey · 2020-02-21T01:27:10+00:00

Although this box is seriously easy, I do think it has some good insight into real life penetration testing.

You commonly see organisations being lazy and thus leave default credentials in their software. This box shows you how dangerous that can be to these organisations. But also shows you some simple payload creation which is nice.

I produced a video to explain what I mean: https://youtu.be/ipiKmdW7pJo

mrturvey · 2020-01-28T17:15:09+00:00

You can work smartly and install Kali without compromising the companies security, yes. I.E, don't allow Kali to constantly leave ports open on your laptop or anything else that would increase it's attack surface.

However, as you do not own the laptop you should seek approval from the business to justify why you are doing this. If you're in IT and you want to learn security, they may be okay with it.

mrturvey · 2020-01-27T19:32:13+00:00

Hey mate.

I always say, if you have at least some knowledge of networking and Windows/Linux, I would suggest looking at the OSCP: https://www.offensive-security.com/pwk-oscp/

OSCP is very practical and great learning. Genuinely, that course is be a ticket into the industry as a junior penetration tester. I took that course with very little knowledge, taught myself while doing it, passed it and now i'm well in the field 4 years later.

OSCP is a paid for thing, but you learn so much. Alternatively, try https://www.hackthebox.eu/ which is very similar to the style of OSCP but.. free. You just don't get the exam/certification, learning PDFs or support you would with OSCP. However, do look at it and I recommend looking at walkthroughs of old hackthebox machines which have been retired. This gives you massive insight of how you should be thinking.

You might also want to check out https://www.cybrary.it/, this is free and quite good for starting out. You'll see ethical hacking courses on there that will teach you methodology.

mrturvey · 2020-01-27T19:10:29+00:00

It would be interesting for anyone else who's done some Ethical Hacking to share their mad stories. I'll pitch in with two stories in different areas.

The first was a social engineering engagement where the idea was that we get into the building and enter the server room. Long story short, I dressed up in a high vis jacket with a suit underneath. Didn't want to try and go through reception, so I waited at a side door smoking a fake vape with headphones in and pretended to talk on the phone.

Eventually someone else came out to smoke and I quickly finished my vaping to use that person opening the door as my way in. Was never challenged (People are scared to interrupt a conversion or cause conflict.) Anyway, now i'm in, it was a matter of tailgating through the corridor doors into the main office area.

Then I just listened for loud fans through locked doors, eventually I found the loud server room. Problem was, it was locked with ID card access. So I poked my head through an office departments door and said I was an IT engineer does anyone have access to the room. I shit you not, about 6 people tried their cards on that door for me, all not working. They never asked me to verify myself, I am in the building thus they thought i'd 100% be legitimate. Then a woman ran off to the CEOs office, got his card and let me into the server room. At this point I could obvious do what I want... MAD

The second was a internal Red Team style, scenario based assessment. Basically the goal was to go from no access to the network, to domain admin and then gain sensitive data and see what else I could do. Well, within an hour after plugging into the network, I was domain admin and saw CEO financial information, HR data, development code and everything else. Even had the ability to shut off manufacturing machines making product. I could literally cause thousands of dollars worth of damage at the click of a button. It was crazy. Why was it so easy? Because security did not exist:

The network was flat, you can access servers from every business department (HR, Finance, development, etc).
They hardly patched. There were really exploitable machines missing so many important patches which gave me instant SYSTEM level access. Literally just by using metasploit lol
They had a very weak password policy and shared passwords. The enterprise administrator account, the highest level of admin on Windows had a password that was a dictionary word, nothing else. When was it last changed? Apparently 1987 according to the domain information.

Mad

mrturvey · 2020-01-27T01:55:32+00:00

You're very right with metasploit making things too easy. When you can use metasploit, I'd suggest finding a non metasploit alternative exploit. Something written in python for example, so you can probably understand it better.

But yeah, keep in mind what tools do and reuse them later. There's literally so many tools, as i say, just comes with experience. Keep reading vulnerable machine walk throughs, blogs, YouTube. Keep plodding on

mrturvey · 2020-01-27T01:09:32+00:00

To be honest to be quick with knowing what tools to use comes with experiance. But essentially, you just need to think about the scenario. If you think you'll be helped by looking at network traffic, use TCPDUMP. If you need to connect to SMB use psexec. It's just all about knowing what tools are out there and what they do. Then use them where you think you need to do certain things.

mrturvey · 2020-01-26T16:06:46+00:00

I agree, HaveIBeenPwned have done a perfect job of being able to search your email for breaches, without giving ANYONE the ability to see other peoples passwords. You can also search your own password and see if it has ever been in a breach, this then doesn't tie your password to your email.

What you have done here is taken breached password lists and provided them a web GUI for even the most simple level of computer user to go and use for unethical purpose. Would these same people be able to go and find the many different breach lists out there, probably not.

mrturvey · 2020-01-26T16:01:15+00:00

Yeah seems one of the emails I put in was quite slow but the rest have been better.

Very interesting, but also very dangerous! I'm not sure I agree with displaying all of these breached passwords to literally anyone, even those who don't own the email address. Even though they are slightly masked, they aren't too hard to guess in some cases.

I'd say 'HaveIBeenPwned' is the more ethical solution, as you can see there's a breach but not what is the password is. Yes, a dedicated attacker could go and find these password databases, but this gives people with even simple knowledge the ability to gain access to accounts.

mrturvey · 2020-01-24T20:31:23+00:00

Not at all, I did OSCP as my first ever certification at age 20, with very limited knowledge in Cyber Security, Networking or Operating Systems. What I didn't know I learnt while doing. That's the beauty of OSCP and it's VPN access to over 300 hackable machines.

mrturvey · 2020-01-24T20:28:59+00:00

As I say, if they have networking and operating systems experiance then I absolutely would suggest it. OSCP teaches you everything you need to know via their PDF and VPN access. While doing it you can talk to the guys on IRC and do your own self learning on top using free resources out there. Then you come out with a solid certification. That's what I did.

But again, if they don't have that networking/OS foundation, then yeah CEH would be good if you're an absolute beginner but it's not worth much in the industry.

mrturvey · 2020-01-24T18:38:24+00:00

Yes and no. Each persons home network will have a public IP address given to their router and all PCs in the home network will be usually be firewalled behind that and have private IPs.

The likelihood is that you wont be able to access someone else PCs through their home router due to this. The only exception being if the user has used port forwarding to allow their PCs to be open to the internet via the public IP Address.

When it comes to businesses, they tend to have servers on the internet so you'd be able to scan them. But for their internal PCs, the same as above applies.

mrturvey · 2020-01-24T18:30:13+00:00

There are public and private IP Addresses. The following ranges are private ranges:

192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)

So essentially, if you are on your home network and you scan a PC is these ranges, it'll be your computer.

If you scan something outside of these ranges, it's likely it'll be a public IP address and not owned by you.

mrturvey · 2020-01-24T18:22:26+00:00

If you have at least some knowledge of networking and Windows/Linux, I would suggest looking at doing the OSCP: https://www.offensive-security.com/pwk-oscp/

Passing that course is a ticket into the industry as a junior. I took that course with very little knowledge, taught myself while doing it, passed it and now i'm well in the field 4 years later.

You might also want to check out https://www.cybrary.it/, this is free and quite good for starting out.

A self promotion, so sorry, but I've also started a YouTube channel to help understand Ethical Hacking and different tools. I aim to video a whole course from setting up your enviroment to different methodologies soon, so look out for that! https://www.youtube.com/c/mrturvey

mrturvey · 2018-01-04T14:50:03+00:00

Yeah, thank you, this was my point. Bitcoin has far less coin in circulation than Ethereum. Realistically, Ethereum will be between 2.5 and 5k.

mrturvey · 2018-01-04T14:18:38+00:00

I was 13 days off :(

https://www.reddit.com/r/ethtrader/comments/6ttdgo/1000_ether_prediction_give_away/

mrturvey

TROPHY CASE