The SC
ELITE MEMBER
- Joined
- Feb 13, 2012
- Messages
- 32,229
- Reaction score
- 21
- Country
- Location
Top Five Hacker Tools Every CISO Should Understand:
Armitage
“Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. Nevertheless, I will focus on Armitage an open source effort to bring user-friendly interface to Metasploit,” Ouchn said.
“Armitage demonstrations are very convincing and allow you to analyze weak and vulnerable machines in a network in just a few clicks. The compromised devices are depicted with a lightning round,” Ouchn continued.
“This tool has brilliantly hidden the complexity of Metasploit (for a non-technical audience) in favor of usability, and is a great way to demonstrate the security in depth of an IT architecture,” Ouchn said.
“In fact, the framework has several capabilities to exploit vulnerabilities in almost any type of layer to therefore infiltrate (by pivoting) systems to reach the network’s nerve center. Armitage should definitely be part of the CISO’s Arsenal and his internal Red Tiger team.”
HashCat
“There is constantly a battle between security folks and users when it comes to passwords. Although it is simple to deploy a Password Policy in a company, it’s also very difficult to justify it,” Ouchn noted.
“Because in a perfect world from users perspective, the best password would be the name of the family cat with no expiration date, and this fact applies to any system that requires authentication.”
“HashCat has shown that the selection of a strong password must be done carefully, and this tool allows us to demonstrate the ease with which a password can be recovered,” Ouchn said.
“A CISO should certainly incorporate this password cracking tool in his arsenal because it allows to check the complexity of the company password policy. Of course, the complexity of a password is not the only criterion for a well-constructed policy, as there are a plethora of criteria: Duration, length, entropy, etc… So HashCat is a must have for any CISO.” (See also John the Ripper).
Wifite
“You know what you have connected to when using your hardwired network, but have you ever wondered if the air is playing tricks on you? To test your WiFi security, Wifite has the simplest way,” Ouchn says.
“The grip is instantaneous. It is written in Python and runs on all platforms. CISOs should need only to supply the WiFi interface they use and it does the job, verifying that the corporate wireless networks are configured according to the applicable Security Policy, and better yet, it can be used to identify any open and accessible network that can potentially be harmful in terms of Phishing” Ouchn continued.
“Wifite allows the discovery of all devices that have an active wireless capability enabled by default (like some printers for example). Wifite is a very simple and convincing way for a CISO to validate the security of wireless networks. (See also AirCrack).
WireShark
“Known for many years as Ethereal, WireShark is probably the best tool when it comes to sniffing for and collecting data over a network,” Ouchn says.
“On the one hand, WireShark has boosted its capabilities with the support of several types of networks (Ethernet, 802.11, etc.) and also in the simplicity of its use through a very friendly user interface.”
“WireShark allows a CISO to demonstrate that outdated protocols such as Telnet / FTP should be banned from a corporate network, and that sensitive information should be encrypted to avoid being captured by a malicious user,” Ouchn explained.
“Beyond the sniffing features, WireShark is also a great way to validate the network filtering policy. When placed near filtering devices, it can detect the protocols and communication flow in use. WireShark should be considered by any conscious CISO to validate the filtering policy and the need for encryption. (See also Cain & Abel).
Social Engineering Toolkit (SET)
SET is a framework that helps the in creation of sophisticated technical attacks which operated using the credulity of the human. It can be used in the process of preparing a phishing attack mimicking a known website or trapping PDF files with the appropriate payload,” he continued. “The simplicity of use via an intuitive menu makes it an even more attractive tool.”
“It is the dream of every CISO to drive security awareness campaigns without ruining the security budget. With SET, the team in charge of security audits can design attacks scenarios and distribute them internally to the targeted users,” Ouchn says.
“This will confirm the users security perception within the company and validate the best Awareness Policy to deploy. The SET tool is very well maintained and is also based on a framework already mentioned above: Metasploit.”
https://www.tripwire.com/state-of-s...ve-hacker-tools-every-ciso-should-understand/
Five More Hacker Tools Every CISO Should Understand:
Vega Open Source Web Application Scanner
“How many applications are developed internally in large companies that are not subject to a regular security inspection?” Ouchn asks. “This is one of the CISO’s biggest fears: Deploying an application without validating the security status.
“Fortunately Vega Open Source can do the job and check whether the developers have followed a Security Development Lifecycle. Vega is a free and open source scanner designed to test the security of web applications,” Ouchn explains.
“Vega can help CISO’s internal teams to find and validate SQL Injection, Cross-Site Scripting (XSS) and all the vulnerabilities described in the OWASP Top Ten, and can significantly reduce the exposure of an application.”
“This tool can be part of a continuous loop for securing applications and can used in two different ways: By the development team to ensure that their processes is clean against the OWASP Top Ten most exploited issues, and by Red tiger teams to assess the application prior to its deployment,” Ouchn continued.
“Solutions for Web Application security are many, and the choice should not be limited only to Vega, so we could also include in the same vein tools like Wa3f, Watobo or Netsparker Community, Burp Suite, and Zap. Each solution has its strong point and can be used to fill the application security gap.”
Open Vulnerability Assessment Language Interpreter (OVAL)
It is very important to keep an eye on the security status of internally deployed systems, and OVAL Interpreter has been developed with this task in mind, Ouchn says.
“It provides a non-intrusive way to check the OS compliance and security levels. An ideal tool for OS / Systems configuration management. The hands-on is very simple and the added value is enormous. The tool is part of a bundle toolkit created by Mitre for analysis of configuration and vulnerabilities,” Ouchn said. “A CISO must add this tool to his arsenal.”
“The icing on the cake is that the tool generates an HTML report and has several testcases called “Definitions” to conduct with an application’s inventory, patch management overview, vulnerability checking, etc. A must for CISO and system administrators.” (See also Open-SCAP and XCCDF Interpreter).
Scuba – The Free Database Vulnerability Scanner
“Databases are critical assets for an information system, and therefore CISOs must implement the best strategy to protect them,” Ouchn said.
“To do so, we must draw a picture of the vulnerabilities they suffer from, and that is where Scuba comes into play. It ships with an average 1200 built-in testcases to check for vulnerabilities and configurations. It also overs the basics of the most common databases such as Oracle and Microsoft SQL Server,” Ouchn continued.
“A CISO should always instruct database admins to constantly assess the configuration of their databases. While Scuba cannot perform the exploitation of vulnerabilities, Metasploit is already in the Arsenal for that,” Ouchn says.
“To fill the gap, we also recommend using the OpenVAS (Open Source Vulnerability Scanner) with its several dedicated database plugins.” (See also oriented database Nessus plugins.)
Drozer – An Android Device’s Metasploit
“In the last decade, mobile phones have become a thorn in the side for security managers, and their security should not escape the attention of the CISO,” Ouchn said.
“Drozer is the perfect tool to demonstrate how an Android application poorly developed or subject to compromise could become a Trojan in an enterprise network environment and ruin the whole security in depth strategy.”
“Drozer can perform an Android systems security assessment prior to a massive deployment within a company, and a wise CISO can indeed ensure that the devices comply with the security policy by checking the installed packages, the services in use, the possible vulnerabilities identified, and the opportunities to exploit them,” Ouchn continued.
“We must not fool ourselves, smartphones and other intelligent mobile devices are rooted in the culture, and an aware CISO must manage and secure them as best they can.” (See also SPF – Smartphone Pentesting Framework).
PwnPad – The Sexiest Pentesting Tablet
“I saved the best for last. One of the gadgets that has taken the security and hacking community by storm right now is the PwnPad Nexus tablet created by Pwnie Express. In fact, this one has all the ingredients to compromise your network,” Ouchn said.
“The tablet has been designed in such a way to work in all cases: It has WiFi dongle for cracking Wireless networks and a Bluetooth dongle and support for Mobile Data, and the best tools used by security professionals are already integrated and pre-configured.”
“It only takes few clicks and little effort to configure a malicious rogue AP and trap anyone who connects into it, so this is a great tool for performing pentesting, wireless assessment (WiFi / Bluetooth) and Awareness campaigns to educate internal users to avoid connecting to any open WiFi network,” Ouchn continued. “The Pwnpad hardware is a must for a CISO’s Red Tiger team.”
“The tablet has a significant cost if you opt to buy it, however there’s an option to build your own using the Community Release (here is my own: http://www.toolswatch.org/2013/05/installing-my-own-pwnpad-community-for-fun-and-for-less-than-300/)”.
https://www.tripwire.com/state-of-s...re-hacker-tools-every-ciso-should-understand/
Armitage
“Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. Nevertheless, I will focus on Armitage an open source effort to bring user-friendly interface to Metasploit,” Ouchn said.
“Armitage demonstrations are very convincing and allow you to analyze weak and vulnerable machines in a network in just a few clicks. The compromised devices are depicted with a lightning round,” Ouchn continued.
“This tool has brilliantly hidden the complexity of Metasploit (for a non-technical audience) in favor of usability, and is a great way to demonstrate the security in depth of an IT architecture,” Ouchn said.
“In fact, the framework has several capabilities to exploit vulnerabilities in almost any type of layer to therefore infiltrate (by pivoting) systems to reach the network’s nerve center. Armitage should definitely be part of the CISO’s Arsenal and his internal Red Tiger team.”
HashCat
“There is constantly a battle between security folks and users when it comes to passwords. Although it is simple to deploy a Password Policy in a company, it’s also very difficult to justify it,” Ouchn noted.
“Because in a perfect world from users perspective, the best password would be the name of the family cat with no expiration date, and this fact applies to any system that requires authentication.”
“HashCat has shown that the selection of a strong password must be done carefully, and this tool allows us to demonstrate the ease with which a password can be recovered,” Ouchn said.
“A CISO should certainly incorporate this password cracking tool in his arsenal because it allows to check the complexity of the company password policy. Of course, the complexity of a password is not the only criterion for a well-constructed policy, as there are a plethora of criteria: Duration, length, entropy, etc… So HashCat is a must have for any CISO.” (See also John the Ripper).
Wifite
“You know what you have connected to when using your hardwired network, but have you ever wondered if the air is playing tricks on you? To test your WiFi security, Wifite has the simplest way,” Ouchn says.
“The grip is instantaneous. It is written in Python and runs on all platforms. CISOs should need only to supply the WiFi interface they use and it does the job, verifying that the corporate wireless networks are configured according to the applicable Security Policy, and better yet, it can be used to identify any open and accessible network that can potentially be harmful in terms of Phishing” Ouchn continued.
“Wifite allows the discovery of all devices that have an active wireless capability enabled by default (like some printers for example). Wifite is a very simple and convincing way for a CISO to validate the security of wireless networks. (See also AirCrack).
WireShark
“Known for many years as Ethereal, WireShark is probably the best tool when it comes to sniffing for and collecting data over a network,” Ouchn says.
“On the one hand, WireShark has boosted its capabilities with the support of several types of networks (Ethernet, 802.11, etc.) and also in the simplicity of its use through a very friendly user interface.”
“WireShark allows a CISO to demonstrate that outdated protocols such as Telnet / FTP should be banned from a corporate network, and that sensitive information should be encrypted to avoid being captured by a malicious user,” Ouchn explained.
“Beyond the sniffing features, WireShark is also a great way to validate the network filtering policy. When placed near filtering devices, it can detect the protocols and communication flow in use. WireShark should be considered by any conscious CISO to validate the filtering policy and the need for encryption. (See also Cain & Abel).
Social Engineering Toolkit (SET)
SET is a framework that helps the in creation of sophisticated technical attacks which operated using the credulity of the human. It can be used in the process of preparing a phishing attack mimicking a known website or trapping PDF files with the appropriate payload,” he continued. “The simplicity of use via an intuitive menu makes it an even more attractive tool.”
“It is the dream of every CISO to drive security awareness campaigns without ruining the security budget. With SET, the team in charge of security audits can design attacks scenarios and distribute them internally to the targeted users,” Ouchn says.
“This will confirm the users security perception within the company and validate the best Awareness Policy to deploy. The SET tool is very well maintained and is also based on a framework already mentioned above: Metasploit.”
https://www.tripwire.com/state-of-s...ve-hacker-tools-every-ciso-should-understand/
Five More Hacker Tools Every CISO Should Understand:
Vega Open Source Web Application Scanner
“How many applications are developed internally in large companies that are not subject to a regular security inspection?” Ouchn asks. “This is one of the CISO’s biggest fears: Deploying an application without validating the security status.
“Fortunately Vega Open Source can do the job and check whether the developers have followed a Security Development Lifecycle. Vega is a free and open source scanner designed to test the security of web applications,” Ouchn explains.
“Vega can help CISO’s internal teams to find and validate SQL Injection, Cross-Site Scripting (XSS) and all the vulnerabilities described in the OWASP Top Ten, and can significantly reduce the exposure of an application.”
“This tool can be part of a continuous loop for securing applications and can used in two different ways: By the development team to ensure that their processes is clean against the OWASP Top Ten most exploited issues, and by Red tiger teams to assess the application prior to its deployment,” Ouchn continued.
“Solutions for Web Application security are many, and the choice should not be limited only to Vega, so we could also include in the same vein tools like Wa3f, Watobo or Netsparker Community, Burp Suite, and Zap. Each solution has its strong point and can be used to fill the application security gap.”
Open Vulnerability Assessment Language Interpreter (OVAL)
It is very important to keep an eye on the security status of internally deployed systems, and OVAL Interpreter has been developed with this task in mind, Ouchn says.
“It provides a non-intrusive way to check the OS compliance and security levels. An ideal tool for OS / Systems configuration management. The hands-on is very simple and the added value is enormous. The tool is part of a bundle toolkit created by Mitre for analysis of configuration and vulnerabilities,” Ouchn said. “A CISO must add this tool to his arsenal.”
“The icing on the cake is that the tool generates an HTML report and has several testcases called “Definitions” to conduct with an application’s inventory, patch management overview, vulnerability checking, etc. A must for CISO and system administrators.” (See also Open-SCAP and XCCDF Interpreter).
Scuba – The Free Database Vulnerability Scanner
“Databases are critical assets for an information system, and therefore CISOs must implement the best strategy to protect them,” Ouchn said.
“To do so, we must draw a picture of the vulnerabilities they suffer from, and that is where Scuba comes into play. It ships with an average 1200 built-in testcases to check for vulnerabilities and configurations. It also overs the basics of the most common databases such as Oracle and Microsoft SQL Server,” Ouchn continued.
“A CISO should always instruct database admins to constantly assess the configuration of their databases. While Scuba cannot perform the exploitation of vulnerabilities, Metasploit is already in the Arsenal for that,” Ouchn says.
“To fill the gap, we also recommend using the OpenVAS (Open Source Vulnerability Scanner) with its several dedicated database plugins.” (See also oriented database Nessus plugins.)
Drozer – An Android Device’s Metasploit
“In the last decade, mobile phones have become a thorn in the side for security managers, and their security should not escape the attention of the CISO,” Ouchn said.
“Drozer is the perfect tool to demonstrate how an Android application poorly developed or subject to compromise could become a Trojan in an enterprise network environment and ruin the whole security in depth strategy.”
“Drozer can perform an Android systems security assessment prior to a massive deployment within a company, and a wise CISO can indeed ensure that the devices comply with the security policy by checking the installed packages, the services in use, the possible vulnerabilities identified, and the opportunities to exploit them,” Ouchn continued.
“We must not fool ourselves, smartphones and other intelligent mobile devices are rooted in the culture, and an aware CISO must manage and secure them as best they can.” (See also SPF – Smartphone Pentesting Framework).
PwnPad – The Sexiest Pentesting Tablet
“I saved the best for last. One of the gadgets that has taken the security and hacking community by storm right now is the PwnPad Nexus tablet created by Pwnie Express. In fact, this one has all the ingredients to compromise your network,” Ouchn said.
“The tablet has been designed in such a way to work in all cases: It has WiFi dongle for cracking Wireless networks and a Bluetooth dongle and support for Mobile Data, and the best tools used by security professionals are already integrated and pre-configured.”
“It only takes few clicks and little effort to configure a malicious rogue AP and trap anyone who connects into it, so this is a great tool for performing pentesting, wireless assessment (WiFi / Bluetooth) and Awareness campaigns to educate internal users to avoid connecting to any open WiFi network,” Ouchn continued. “The Pwnpad hardware is a must for a CISO’s Red Tiger team.”
“The tablet has a significant cost if you opt to buy it, however there’s an option to build your own using the Community Release (here is my own: http://www.toolswatch.org/2013/05/installing-my-own-pwnpad-community-for-fun-and-for-less-than-300/)”.
https://www.tripwire.com/state-of-s...re-hacker-tools-every-ciso-should-understand/
