SE

Search for:


Archive for the ‘Book and Course Reviews’ Category

Metasploit: A Penetration Testers Guide book from NoStarch Press

Tuesday, July 12th, 2011

It’s finally here folks. Metasploit: A Penetration Testers Guide book from No Starch Press

 

metasploit pentest guide Metasploit: A Penetration Testers Guide book from NoStarch Press

 

We had to do a blog on a new and upcoming book, “Metasploit: A Penetration Testers Guide” written by Devon Kearns (dookie), Jim O’Gorman (elwood), Mati Aharoni (muts), and David Kennedy (ReL1K). As some of you may know, three of the writers are hosts on the Social-Engineer podcast and experts in penetration testing.

I’ve had the privilege of reading the book ahead of time and can say I was blown away at the amount of detail and knowledge in its pages. It started off slowly building you up as a penetration tester and establishing a fundamental methodology all the way up to finding zero-day vulnerabilities and creating your own Metasploit exploits and modules. (more…)

Tags: , ,
Posted in Book and Course Reviews | No Comments »

Social Engineer The Book Reviewed on Slashdot

Wednesday, March 9th, 2011

100 percent official 300x300 Social Engineer The Book Reviewed on SlashdotWow! What a humbling day today has been. Just a little bit ago I was linked to a review done by a gentlemen named, Ben Rothke. Ben wrote a really nice and very comprehensive review of the book on Slashdot. He broke it down chapter by chapter and really laid it all out there.

Thank you Ben!

The humbling was continued as our friends and supporters at BackTrack publicly congratulated us for being dubbed “The Official Social Engineering Book”.

All I can say is a truly heartfelt “Thank You”. With out this community this would not have happened.

Till next time.

Posted in Book and Course Reviews | No Comments »

SET 0.5 – Client Sides, Web Cloning and HakSaws – The Lemon Strikes Back

Friday, April 16th, 2010

The Social-Engineer Toolkit (SET) has progressed over the months thanks to the suggestions and collaboration with the security community. With this version, I am proud to announce the immediate release of the Social-Engineer Toolkit v0.5. 4/16/2010 at 9:00pm EST

Before getting into the new attack vectors, let’s talk about the improvements from 0.4 to 0.5:

* The ability to utilize the -x flag within Metasploit, this is much better for A/V bypass. SET has a built in legitimate executable that it backdoors. Running this through VirusTotal showed only 1 A/V company was picking this up and it was hit and miss.

* Over 35 bug fixes, I spent a large time beta testing and giving it to people that would test it to find issues with it. Thanks to all of the beta testers, your help was awesome.

* Ettercap no longer does the single HREF replacement custom filter method. Instead, it DNS poisons the entire subnet your on and redirects them back to your malicious site. You can utilize either a single site for example blahblah.com or do a “*” which will do every single site.

* Rehauled the custom web server within Python to now handle POST requests, this will come into play later.

* Added the latest Sun Java zero-day vulnerability into the Metasploit attack vector.

* Added better user-agent handling to impersonate Firefox better when ripping a site.

* Expanded the site templates instead of the “Java Required” website, there are now pre-defined templates you can use.

If those changes weren’t enough, lets discuss the new vectors available to you in SET v0.5:

Harvesting Credentials: You can now utilize the credential harvester method in conjunction with the website cloning to harvest usernames and passwords. Essentially, SET will first clone a website. You then coax a victim into coming to the site, and it will rewrite the webpages post parameters to POST to the local server which stores them. After that, the victim is redirected back to the original site you cloned.

Reporting Engine: After your finished owning the target through SET’s attack vectors, an HTML based report as well as an XML export will be generated with all of the parameters it was able to harvest. This attack vector alone is a great addition to the toolkit, and allows the ability to do something other then complete pwnage.

Custom HakSaw – The SET way: The next addition allows you to create a infectious USB/DVD/CD with a simple autorun.inf. This attack is pretty simple but will get more advanced as we go down the road. Essentially, a folder is created which you can burn to a DVD/CD and when it is inserted into a machine with autorun enabled, it will execute a Metasploit payload for you.

SET has taken a life on of its own. Even though there are countless hours into perfecting this tool, I want to thank all the people who have helped with ideas, vectors, code and testing. We are all very excited about this release and the new capabilities it brings to the toolkit. If you have any questions, new feature ideas, or bugs, always feel free to report them to: davek@social-engineer.org.

Again – 9:00pm EST April 16th 2010, is another sign that the end is near!

Posted in Book and Course Reviews, Social Engineering | 2 Comments »

Maltego 3 Leaked – A Social Engineers Dream

Wednesday, April 14th, 2010

The guys at Paterva are at it again. The tool that we all know and love, Maltego, has taken massive leaps into the future of information harvesting.

The Paterva crew gave about 9 people in the world access to the new and MASSIVELY improved Maltego 3. I quickly installed it and after a few uses I forgot all about Maltego 2….

According to our agreement with Paterva I cannot release too much info, the asked me to limit our screen shots to just a few with not too much detail. Keep your fingers near the mouse as you will want to be first on the list to get Maltego 3 soon as it comes out.

New transforms….new look… new feel… more results – that is Maltego 3

Maltego3 FirstImage Maltego 3 Leaked A Social Engineers Dream
Maltego3 work area is pretty and very user intuitive

Maltegp3 DynamicView Maltego 3 Leaked A Social Engineers Dream
After doing some serious research you have a very detailed Dynamic View

Maltego3 EntityList Maltego 3 Leaked A Social Engineers Dream
A brand new view – entity list – makes the data you pull up VERY easy to use

Maltego3 AllTransforms Maltego 3 Leaked A Social Engineers Dream
A list of all the transforms available to you – some really really nice new ones

Overall I can’t say too much more yet. But stay tuned – Maltego 3 is going to rock the foundation of social engineering.

Thanks to Paterva for all their hard work.

Posted in Book and Course Reviews, How-Tos | 1 Comment »

Exclusive Interview with the Development team of BackTrack 4

Monday, January 18th, 2010

We invited the development team of BackTrack 4 to a special edition of our podcast. We fielded some questions through email and IRC and got deep and personal with the dev team.   If you want to get to know the BackTrack 4 team a little better then run over to the podcast page and hit up the podcast page for this special edition, exclusive interview.

Posted in Book and Course Reviews, General Social Engineer Blog | 2 Comments »

« Older Entries



SE Polls

SE CTF

Brad Smith