ADVANCED EXPLOITATION WITH METASPLOIT

Dear Readers,

You are going to read the Advanced Exploits with Metasploit issue. While the tittle may suggest that the publication is solely devoted to one specific topic, we decided to go back to old times and provide you with various articles assisting on the issue. This time, the issue focuses on Metasploit but you will have the chance to read about VoIP, SCADA, IT Security. You may also take interest in Venafi report or Dr.Web solutions for Android.

We hope you enjoy the issue.

Exploitation of Hash Functions

By Deepanshu Khanna and Er Laveena Sehgal

The term cryptography is defined as the method or protocol for developing the security of the information over an insecure channel on which the two parties are communicating. For instance, let’s assume the two parties, which are very famous in the field of cryptography, are ALICE and BOB. Let’s also assume that Alice wants to communicate or share some information with Bob. The main problem that arises here is how to share the data over such an insecure channel. So, Cryptography comes to the rescue. Hence, cryptography provides us the way to securely (neq 100%) communicate even on an insecure channel.

Dr. Web for Android

By Amit Chugh

The Dr.Web Anti-virus solution keeps your Android mobile safe from known viruses in the Internet. The application is designed to protect the mobile from known threats.

Because of their popularity, Android-based devices are rapidly becoming a target for a surging tide of malware and spyware. The Dr.Web Anti-virus solution ensures that infections are eliminated. It also scans mobile devices for “hidden” malicious data.

Building a Successful Disaster Recovery Program

By Michael Lemire

Today,  businesses are dependent on the continuous availability of technology infrastructure, platforms and services.   For this reason, disaster recovery planning continues to gain prominence as a critical part of risk management.   This article aims to summarize how to implement a successful disaster recovery program.

Step by Step Guide for Pentesting VoIP Devices

By Omkar Joshi

VOIP (Voice over IP) is the technology applied to deliver voice & streaming sessions over IP (SIP) General purpose protocol used for managing sessions. This protocol provides a method for voice signaling.

VOIP actually applies Session Initiation Protocol (SIP) to perform its methodologies like setting up, terminating & modifying voice & voice calls. These voice & video calls are transported by other protocols like RTP (Real time transport protocol).

Exploiting Adobe® Reader to Own a Box

By Vahid Shokouhi

Exploiting has become more and more interesting since its operation is different from other techniques and uses a stab-in-the-back style to fulfill its task. You may use a strong password and also use secure web browsing but at the end, you will find your system hacked. That will make you wonder what exactly happened. Exploiting utilizes vulnerabilities in your trusted(?) applications like your browser, music player or like in this tutorial, a PDF viewer, to break into your system and give the intruders a means to achieve their goals. If you follow IT security news, you have probably seen many topics about new exploitation techniques discovered. Because of its hidden nature and popularity, we will take a look at one of the frequently used vulnerabilities and the way it could be used to exploit a system.

Accessing Industrial Networks

By Darko Mihajlovski

In an ideal situation, the most critical systems of an industrial network are well protected behind strong layered defenses, making a basic attack difficult if not impossible. In reality, there are many entry points or attack vectors into industrial systems. The most obvious is via the business network, but in many cases, there are entry points directly into “secure” SCADA demilitarized zones, and even into the control systems’ networks themselves.

Vulnerability Assessments on SCADA Networks

By Fadli

First used in the 1960s, SCADA or Supervisory Control and Data Acquisition is a computer system that is used to gather and analyze live data. These systems are used to monitor and control various services ranging from telecommunications, oil and gas, electricity and water. With such importance, SCADA systems have been categorized as a Critical Infrastructure and are also favourite amongst hackers to penetrate and potentially disrupt these critical systems.

Hacking VoIP with Armitage-Metasploit

By Mirko Raimondi

Voice over Internet Protocol (VoIP) is rather a new technology which allows phone conversations to be transferred over a computer network. It transforms analog and digital audio signals into data packets which are transported via Packet-Switched Networks (such as Internet). VoIP is becoming increasingly popular since it provides several advantages in cost and functionality, especially in enterprise scenarios where companies use VoIP as an easy way for communication between their several branches and for their teleworking employees. In this case, VoIP works as a private telephone network where Softphones (software phones) are connected to a Private Branch eXchanges (PBXs), which are systems that connect telephone extensions into the company.

Wireless Sniffing through KARMETASPLOIT

By Ratan Jyoti

Karmetasploit is a Metasploit implementation of famous wireless sniffing tool KARMA (KARMA Attacks Radioed Machines Automatically) which passively listens to 802.11 Probe Request frames.  Wireless Clients are generally targeted by creating Rogue AP and harvesting of user credentials which is carried out by exploiting client side vulnerabilities.

Information Security

By Wan Arif

In this article, the reader will learn about the Web Application Security type of attack. There are a few types that the authors will share with the reader such as SQL Injection, Phishing and Man-In-The-Attack. The reader will also learn how the attack works on the system and the real environment of the attack.

The reader needs to know the concept of the machine structure. Besides that, the reader also need to have knowledge of MYSQL database as it will be useful for SQL Injection attack. He or she also need to know about some basic Linux commands and how the network environment works.

Ponemon 2014 SSH Security Vulnerability Report