Training on Networks, Systems and Hacking

I want to write about next security courses on Networks, Systems and Hacking which are going to be delivered for free by FEVAL in Extremadura. It will be five training courses where students will learn basic and advanced security techniques to protect and attack networks and systems. In addition, students will learn computer forensic techniques to analyse digital evidences. Last year, I was the teacher. However, this year, I don’t know yet who are going to provide these training. Nevertheless, I think it’s a good opportunity for learning about security information.

 

The first course, which start next month, is about basic security on networks and systems, where students will learn concepts and skills to understand main information security issues on networks and systems. Students will learn methodologies, and they’ll also use security tools, for protecting IT infrastructures and implementing security plans. Besides, students will manage the Risk Management Process and they’ll also read and create Business Continuity and Disaster Recovery Plans. For instance, last year, we spoke about Antivirus, Application Control, Web Filtering, Antispam, IPS/IDS and we even deployed a virtual firewall.

After finishing the basic security course on networks and systems, we can continue learning information security in the advanced security course on networks and systems. Students will get a deep knowledge about security management and operations, access management techniques, security software methodologies, cryptography, and security laws and regulations. For example, last year, we introduced Web Application Firewalls with SQLi and XSS attacks.

If you like hacking, you can also take the ethical hacking fundamental course where students will learn concepts and technical skills to discover vulnerabilities and attack services with the aim of auditing information systems. For instance, last year, we spoke about vulnerabilities such as Heartbleed, Apache Struts and Shellshock as well as we tested with vulnerabilities assessment systems like Greenbone and OpenVAS into Kali Linux and OSSIM.

If you really love hacking, the ethical hacking fundamental course is not enough because you’ll want more and more hacking techniques. Therefore, the advanced ethical hacking course will be interesting for those students who want to learn advanced techniques to get unauthorized access by targeting systems. For example, last year, we were talking about Social-Engineering Toolkit (SET), Windows Powershell attack, OWASP - Top 10, Web Application Vulnerabilities, DoS Attacks, etc.

This year, there is a new course about Digital Forensics, which sounds fascinating, where students will learn methodologies, procedures and techniques to look for electronic evidences. Computer forensics activities are increasingly requested by organizations because there are lots of security incidents which have to be analysed to determine the scope of attacks.

Regards my friends. I hope this will be interesting for you. Keep studying.

Windows Buffer Overflow Example

I’m learning these days how to exploit Buffer Overflow Vulnerabilities and how to find this kind of vulnerabilities. I think the best way to learn about Buffer Overflow is exploiting these vulnerabilities in a laboratory by ourself. Therefore, I’ve installed a vulnerable server in a Windows machine along with Immunity Debugger and Mona tools. I’ve also installed a Kali Linux machine, which has been the attacker machine. This is the laboratory I’ve deployed to test a simple buffer overflow vulnerability that you can check in the next video.

Firstly, I've scanned the vulnerable server with the Nmap tool to know whether POP3 service is open. I’ve also tested a simple script to send 3000 ‘A’s to the vulnerable server. We can see the program crashes and ESP registry contains many ‘A’s or ‘41’ in hex. However, we have to find the specific EIP memory location thus I’ve created a unique string which is sent to the vulnerable server through the malicious script. Once I’ve controlled the EIP registry, we have to know which bytes cause problems within the vulnerable server such as truncation with bad characters \x00\x0a\x0d. The next challenge is to locate a JMP ESP instruction into the memory to insert it into the EIP register. Finally, I’ve created a payload with the msfvenom tool to add it into the script, which give us a Windows reverse shell.

Regards my friends. This has been an amazing demo to know how Buffer Overflow works. I recommend you do it by yourself.

Buffer Overflow Attack

I remember when I was at University and I studied the “Computer Introduction” and “Operating Systems” subjects. I learnt about registers and how computers use them. I learnt about assembly language. I learnt about Little-Endian and Big-Endian. When I was studying these subjects, I just wanted to pass my exams. However, I realise this knowledge is useful to discover vulnerabilities. It’s also useful to understand attacks such as Buffer Overflow attacks. These knowledge which I learnt 14 years ago is still useful and it’s the basis of new vulnerabilities and attacks.

If we want to understand how Buffer Overflow attacks work, firstly, we have to understand how the memory is segmented and organized, secondly, why the registers are used and what they are used for, lastly, how attackers take advantages of Buffer Overflow vulnerabilities to take control of computers. If we have these knowledge, we will be ready to discover this kind of vulnerabilities and we will also be ready to develop exploits. However, this is not easy because there are different CPU architectures to take into account and there are increasingly security protections such as ASLR or DEP.

The memory model for an x86 Processor is segmented and organised from higher address to the lower address where the stack is at the top of the memory and the program code is at the bottom of the memory. On the x86-32bit architecture there are 8 general purpose registers that are used to store data and address that point to other positions in memory. The most important registers for Buffer Overflow attacks are ESP, EBP and EIP. The first one, ESP, tells us where on the stack we are, thus, the ESP register always mark the top of the stack. The second one, EBP, points to the base address of the stack. Finally, the EIP register contains the address of the next instruction to read on the program, thus, points always to the “Program Code” memory segment.

When we are developing applications, we can use functions like strcpy, gets, scanf, and others. If we call these functions without previously limiting the buffer, we can allow the program writes out of the buffer. For instance, if the parameter value is higher than the memory buffer space, the EIP register could be overwritten by the parameter value. Obviously, the program will crash and it will stop because the CPU doesn’t know where is the next instruction to read on the program.

What an attacker does to exploit a Buffer Overflow vulnerability? Actually, the attacker writes the address of a malicious code in the EIP section. In other words, the attacker overflows the buffer to write into the EIP section the address which points to the exploit.

 

However, a Buffer Overflow attack is not so simple. There are some problems. First, we don’t really know where the address of the EIP register is located. Second, we have to capture the ESP value when the buffer overflow exception occur. Third, there are some values that could cause a problem if the address of ESP contains one of this bad characters. Of course, these problems can be resolved. The first one can be resolved sending a unique pattern of characters to find the offset position in the original string. The second one can be resolved using any Disassembler/Debugger. The last problem can be resolved sending all the characters (from 0x00 to 0xFF) and monitor manually with a Disassembler/Debugger thus when a bad character is sent, the string sent is truncated just before the bad character revealing one of the bad characters

Regards my friends. Maybe, this is a very technical post. I've obviated many things. I’ll try making a video.

I’ve been reading ...

I got back from holiday. This is my first post of this new season. I want to start writing about reading books. Six years ago, I opened this blog where I write weekly and I think writing is important to organize ideas and improve writing skills. However, today, I want to write about reading books. I think it’s the best for learning new techniques, concepts, ideas. It’s the best way to get knowledge from others. Therefore, I’m going to tell you what books I’ve been reading during this summer. I’m sorry, none of them are tech books.

At the beginning of the summer, I read “Aprendiendo de los mejores” by Francisco Alcaide. It’s a book where Francisco has written sentences and comments from important people such as Steve Jobs, Bill Gates or Amancio Ortega, among others. We can read their lifestyles and their thoughts to discover that the patience, persistence and discipline have been their abilities to be successful. I think, this is an excellent book for getting motivation because you can easily realise that success is built step by step and happiness is a feeling that it should be throughout the process.

I’ve also read “Thinking, fast and slow” by Daniel Kahneman this summer. This is a book to understand how the mind works. He explains that human beings have two types of minds. A mind which is fast, intuitive, and emotional. It is called system 1. This system helps us to make decisions faster based in intuition which, sometimes, could be helpful and beneficial but it could also be harmful because there are some things which should be thought slowly. We use the system 1 while we are walking, driving the car or even speaking. The system 1 is used for routine activities. On the other hand, we also have a mind which is slower, more deliberative, and more logical. It is called system 2. This system helps us to make logical decisions based in arguments which is useful often to make the right decision. However, this system is slower because it requests lots of mind efforts and human beings don’t like to make efforts by nature thus we prefer to use system 1 instead of system 2 most of the time. I’m using system 2 right now to write in English language and it’s also used for maths calculations or learning new skills.

The last book that I hope to finish this week is “Factfulness” by Hans Rosling. This is a book where we can see the progress of the world. We can see most countries are getting better. Most people around the world live better than before. Hans Rosling show lots of data sets from the United Nations (UN) where we can see that, although there are still countries which live in poverty, most countries are making progress in health, democracy and human rights.

These are the books I’ve been reading for this summer. I recommend you these books. The first one to be motivated. The second one to understand how the mind works when we make decisions. The last one to know that things are better than we think.

I really love reading. Quietly. Reading in my room. Nobody disturbs me. I think it’s the best way to get knowledge from others. I hope keep reading for a long time.

Regards my friends. I hope these books are interesting for you. Keep reading.