Yasser's Security Blog

Cryptography for Penetration Testers

Yasser — Fri, 25 Mar 2011 16:31:11 +0000

I wanna share with you this interesting presentation about some cryptography issues related to the pentest. That’s not a theoretical one but it gives practical aspects and case studies.

Nice reading

SaaS: audit du WPA dans un nuage

Yasser — Sat, 19 Mar 2011 05:56:13 +0000

Bonjour!

J’aimerais bien parler dans cet article d’un service illustrant une figure de SaaS: Security as a Service. En fait, il s’agit d’un WPA Cracker. Ce service est supposé être utilisé par des testeurs d’intrusion et des auditeurs de sécurité des réseaux afin d’auditer la sécurité des réseaux sans fil protégés par une WPA-PSK.

Ce service est basé sur un nuage (cloud) formé de cluster de 400CPU qui essaierons un total de 135 millions mots de dictionnaire créés spécialement pour casser les mots de passe WPA.

Selon les fournisseurs du service, tandis que le processus de cassage de ce type de clés prend en moyen 5 jours sur un PC dual-core, la même opération prend cependant sur leur cluster à peu près 20 minutes pour un prix $17.

Un autre service pour l’audit des fichiers ZIP est offert et les responsables invitent les visiteurs de proposés d’autres types de fichiers susceptibles intéressés une large gamme de testeurs potentiels.

A mon avis, les créateurs du système WPA Cracker ont bien profité de la nouvelle tendance du cloud computing, l’ont combinée par un savoir-faire en matière de sécurité des réseaux sans fil pour en tirer profit en créant un service payant.

Lien du projet: http://www.wpacracker.com/

Journées Nationales de la Sécurité – Marrakech

Yasser — Wed, 16 Mar 2011 03:39:16 +0000

In this topic I’ll give a briefing as an attendee and participant at “Journées Nationales de la Sécurité” (JNS). The First edition of National Journeys of Security were a great opportunity to meet researchers and some professional actors of infosec in Morocco. The journeys took place in Marrakesh for 2 days: march, 11-12, 2011.

Marrakech

The organization of the JNS aimed to strengthen links between researchers, industrialists, engineers, organizations, teachers, students and other actors of IT field, in Morocco or in foreigns countries , in a common goal to work together, present and discuss their works, develop partnerships and projects, propose viable solutions and provide our country with strong skills in the field of information, systems and network security.

I want to thank Mr. Anas ABOU EL KALAM and all members of the organization’s comity, to accept our contribution to these days. In fact, we, as members of the INSEC club of ENSIAS, had the opportunity to talk, during the presentations, a little bit about our initiative of creating a scholar club for IT Security and inform all attendees of our organization of the first edition of “Moroccan Cyber Security Challenge – Rabat, April, 16-17 “.

A the end, thier were a General Assembly of a new association named AMAN (Association Marocaine de la confiAnce Numérique). Yet another good initiative in Morocco, good job founders!

The event were well organized and the attendees were pleased to meet experiences and research of all participants.

I hope we’ll see more events like this in Morocco and I’m glad to be a part of this first edition.

For more details about the past event, I invite you to see the Program of Journées Nationales de la Sécurité.

Jarlsberg: a cheesy web app to secure

Yasser — Sat, 10 Jul 2010 03:40:57 +0000

This topic is dedicated to another codelab that concerns Web Application Exploits and Defenses:

This framework is coded by Bruce Leban, Mugdha Bendre, and Parisa Tabriz from Google Code. It’s written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code.

Jarlsberg, compared to a piece of cheese, has multiple security bugs ranging from XSS and XSRF, to information disclosure, DoS, and remote code execution. The goal of this codelab is to guide the tester through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.

Jarlsberg Home Page

Challenges are tagged to indicate which techniques are required to solve them: some of it can be solved just by using black box techniques, others require that you look at the Jarlsberg source code and finally some challenges require some specific knowledge of Jarlsberg that will be given in the first hint.

It’s really a great work and I’m enjoying time to time find some of the obvious vulns :p See the shots:

Oops! Don’t you smell a tasty cookie ? :p

Have fun and secure it !

Securing public services using Tariq!

Yasser — Sun, 04 Jul 2010 19:06:22 +0000

This was the title of an interesting article in Hakin9 Magazine. It’s about a topic that threats what port-knocking is, the benefit of using it and how-to secure a public service such as SSH using Tariq.

However this name “Tariq” didn’t refers to the Arabic language? Yep! Indeed, the developer of this technique is the engineer Ali Al-Shemery and the project was developed using python and scapy to fulfill his Ph.D. Research.

Here are brief notes of the project excerpt from the official project’s page:

“Tariq is a new hybrid port-knocking technique, which uses Cryptography, Steganography, and Mutual Authentication to develop another security layer in front of any service that needs to be accessed from different locations around the globe. [...]. We had to use a new methodology that can communicate in an unseen manner, making TCP Replay Attacks hard to be issued against Tariq. We also wanted the implementation to listen to no ports, or bind itself to no socket for packets exchange, so that Tariq won’t be exposed himself to a remote exploit. Tariq relies completely on Packet Crafting, as all packets sent and received are crafted to suite our needs.”

The project has been also added to the Portknoking website among a wide variety of other implementations of port knocking!

It’s really honorable to see like these projects in our Arabic community ! Big up to you my bro Ali Al-Shemery for your brilliant work and May Allah reward you for the good!

To download the magazine: Hakin9 05 2010 EN.pdf

Cluster under Ubuntu to crack passwords using BF method!

Yasser — Sun, 04 Jul 2010 16:36:25 +0000

In my earlier reading, I found this tutorial that explains who to mount a cluster under Ubuntu 10.04 in order to crack passwords using the Brute Force method. In this case, the famous tool is used: Johan the Ripper. But the guy, as he said, used this implementation when he found himself in a situation where he had to break up an old password of his.

In the original post, the author explains that he managed to decrease the time required to crack password hashes at home to a fraction (9% of the original time) using his 3 computers with this setup.

To my mind this implementation will be owesome using Back|Track 4 since this later is based on Debian core and uses Ubuntu packages and the JTR tool is already setup in B|T4 !

This document, as you’ll discover, is a simple step-by-step tutorial which is for academic purposes but can be used for purposes other than hacking.

The PDF link!

Source:

http://www.petur.eu/blog/?p=59

Welcome to Seek4Sec!

Yasser — Tue, 25 May 2010 14:28:49 +0000

Welcome to Seek4Sec !

This is my first post

As you may understand from the blog’s name, it is mainly dedicated to issues related to IT Security: it’s a kind of a Seek for Security. I would like also share some of Computing Science topics, white hacking, engineering skills and why not my modest experiences in this field

Posts in this blog are for educational purpose only!

I hope you enjoy contents and themes!

If you have something to say about or add to a blog post I’ve written, please take a moment to post your thoughts in a comment on the blog.

Thanks for stopping by.