Monday, February 23, 2015

Tao Defense

   I am pleased to announce my company - Tao Defense. It is a vendor-independent security consulting company that can help you to defend your information assets and digital infrastructure by providing a wide range of customized consulting and testing services.

   Our team consists of experts in information security with huge experience in different security domains. Our purpose is strive to be the best in the area. We provide the best services including penetration testing; web application security testing; mobile application security testing; network security architecture reviews; expert testimony and architecture analysis, design, and security testing for networks, including VoIP.

Wednesday, January 8, 2014

Analysis of suspicious PDF


Hello. Happy New Year and Merry Christmas! After a long break I decided to write a new article about analysis suspicious PDF file. Several months ago I had an interesting quest with analysis some suspicious pdf file and I have a free time to tell how it was.
Almost everything tools mentioned in this article you can discover in Remnux image. You can download and install it as Virtual appliance on Vmware or VirtualBox.
First of all I analysed the file with pdfid tool:
PDF Header: %PDF-1.3
obj 11
endobj 11
stream 4
endstream 4
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 1
/JavaScript 1
/AA 0
/OpenAction 1
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Launch 0
/EmbeddedFile 0
/XFA 0
/Colors > 2^24 0

Immediately draw attention on the discovered OpenAction and Javascript. Good.
Next I used pdf-parser for parse the file.

obj 1 0
Type: /Catalog
Referencing: 2 0 R, 4 0 R

<<
/Type /Catalog
/PageLayout /SinglePage
/Pages 2 0 R
/OpenAction 4 0 R
>>

See that OpenAction calls Javascript in 4 object, which linked on Flatedecode object 5:
obj 4 0
Type: /Action
Referencing: 5 0 R
<<
/Type /Action
/S /JavaScript
/JS 5 0 R
>>
obj 5 0
Type:
Referencing:
Contains stream

<<
/Length 394
/Filter /FlateDecode
>>

Decode javascript code with pdf-parser:

Friday, September 28, 2012

OSCP in the mail


Not so long ago I wrote about getting OSCP certified.  It was more than a month before I discovered the postal receipt. Maybe a Postal service works so long  maybe there was something else causing it to take so long, but next day I went to Postal and finally received a package from Offensive Security.

I opened the package and found my certificate, wrapped in a cheerful folder:



The inscription on the back of the folder was very pleasing to me. Throughout the Lab and Exam I heard "Try harder" and it made me remember at that time. I think that it most popular phrase of the Offensive security crew. )) Thanks again to them.

Thursday, August 30, 2012

Bruteforce HTTP form with Hydra and Python


I had a free time to write my first tutorial. I'm going to be your guide to bruteforce  the simple login http form via hydra and python. For example, I chose the most popular of web hacking platform - damn vulnerable web application(DVWA). DVWA was included into OWASP Broken Web Applications Project and I will tell you below about it this time. I'm sure you have heard about these applications earlier and you will have no problem installing it.

Let's test the login form with a random login information. On giving wrong credentials, the login system shows us the error Username and/or password incorrect.


As we can see the URL in address bar changes to http://10.10.1.10/dvwa/vulnerabilities/brute/?username=test&password=test&Login=Login#.
The URL suggests us that form is using the GET method and hence our credentials are part of querystring on the URL.  It's very easy and you will unlikely find that in the real world. Remember, that GET and POST requests are quite similar and if you know how it works with GET you don't have problem understanding how to change your requests for POST.

Monday, August 6, 2012

OSCP. My review.

Hi all.
This is my first message.
I've just passed Offensive security exam and obtained OSCP.
Want to share my experience about how it was. So, start from the beginning.

My background relies on six years in IT, four of them in IT Security. I started as technical support engineer and now I'm not only Expert Security Researcher but Independent Security Researcher. Also, I'm experienced in IT security, audit, pentest and enterprise defense including system and network administration. Last year I passed "Professional Penetration Tester" exam by elearnsecurity and  got eCPPT.

Why did I choose this course and should to do the same? My personal motivation for taking the course and exam were to better understand some techniques and methods of penetration testing, the desire to enhance my knowledge and get qualification. Sometimes potential employers would rather see a professional qualification on the CV. I heard about this course from skilled professionals earlier and I do not regret their choice.
It was amazing challenge.

Despite that I am unable to share the details of the course, I will try to give some advices. If you want to pass the exam and do all of the Lab, I would recommend to take 60 or 90 days (about 4-6 hours everyday) depends on your knowledge.

The books above and some online resources help me to do some boxes in lab.

The good reviews about exam and lab has already written I fully agree with is available here:
http://g0tmi1k.blogspot.com/2011/07/review-pentesting-with-backtrack-pwb.html
http://proactivedefender.blogspot.com/2012/01/oscp-my-review.html

I just  say that the Lab consists of the several subnets, which you should to find and open with the keys. The final goal in the Lab is the key in admin network but also you can  try to get root on all of the Lab PCs.


I had some troubles with several PCs in the Lab, because another students doing the lab at the same time or did before me and interfere with other: change passwords, disable services and etc. My advice is revert PCs from your panel before you start.

I took 2 months of the lab time. I spent for the labs about 4 hours at first month and 6 hours at last every day and night and as much as possible on weekends. It was not an easy thing when you are married and working. I'm very tired.

There are a range of boxes, with mix operating systems, services and  different  ways of exploitation and getting root.The lab is really well designed, many thanks to developers and admins. I have to be short-spoken because of two reviews mentioned I fully shared with authors.

Finally I rooted almost all of the Lab machines, wrote some working exploits, and sent 2 reports (Lab and Exam).  When I received the official email from Offensive Security that I had passed I was very happy and satisfied the results. I really did enjoy the whole course and waiting for a letter with my Certificate.