SecurityExperiment.com

Updated:IntelliScan

2008-04-28T01:37:28Z

It is still just POC code, however it was recently cleaned up by researcher Dave of Pingtrip.com.
Download this latest version:
IntelliScan.pl

Social Engineering Script Submission

2008-04-01T03:35:14Z

Instead of emailing in your script submissions or editing the Wiki, you can now use the form that has been added to the Social Engineering Repository.

Upload a script now!

WLAuthor Updated: Customized Wordlist Generator

2008-02-06T02:50:00Z

Updated version of WLAuthor released. WLAuthor is an advanced custom wordlist generator. It can be used to create a custom dictionary/wordlist for password guessing or cracking attacks in penetration testing. It now supports better crawling capabilities and a hybrid engine (customized word manipulation). This script takes a target domain, and a manipulation recipe as input and will browse the target web site and parse it for potential words used in passwords. It will then manipulate the wordlist to include special characters and numbers for increased complexity.

WLAuthor-0.12.pl

Data Leakage Prevention White Paper

2008-01-26T17:19:26Z

Security Experiment's researcher Joseph Rivela publishes white paper on affordable data leakage prevention. Check it out at Protiviti Inc.'s website: Download the White Paper. Look for mention of the honey data techique discussed ealier this month here, as an affordable option to data leakage detection.

Metasploit 3 in the palm of your hand!

2008-01-15T04:52:20Z

Who could say no to these super mobile Linux machines? With only a little bit of hacking, we easily put Metasploit 3 (web interface and all) on this Nokia N810. The autopwn features are a little slow but worth waiting when it fits in your pocket. After updating some perl libraries, Security Experiment's POC code
WLAuthor-0.12.pl and IntelliScan0.02.pl worked great on this device as well.

Honey Data: Data Leakage Prevention and Detection Strategy

2008-01-14T15:27:27Z

Other groups may have a different name for the below process but Security Experiment has referred to it as “Honey Data.”

“Honey Data” can be a very valuable technique to detect and respond to data leakage. Not to be confused with a “Honey Pot,” where whole systems may be set up to entice would be attackers. Using honey data involves the introduction of strategic data into production databases and resources. Different databases within the organization are seeded with unique information. A secure database is maintained of honey data location and content. Known signatures for this very specific information can be easily created. Theses known signatures are generally granular enough not to generate false positives. They could easily be incorporated into existing intrusion detection systems as well as specialized data leakage solutions such as Vontu, Vericept, and Verdasys. This can be a very cost effective tool of detecting when data is leaving an organization and from which resources the leak is originating from.

In addition to customized network based signatures, other means for detecting the leak of information would also be in place. Dummy accounts would include data such as working email addresses for which the defending organization has control over. Then accounts can be monitored for unsolicited traffic. If one of the dummy accounts were to receive spam, it would be an indication that the email address had been leaked and from which database or source. This method could be applied to other mediums as well, such as postal addresses, IP addresses and telephone numbers. Another method for detection is data mining for our known honey data on the Internet. For example, currently one would not want to do Google searches for legitimate customer private information. But we could perform Google, IRC, or file sharing searches for our known honey data social security or account numbers. The process could even be automated to be performed at an acceptable interval

Honey data sometimes can be your last line of detection. If a determined attacker is successful at stealing information, honey data techniques may detect the breach via misinformation. It is not infeasible for an attacker to be able to encrypt information in order to bypass detection at an organization’s egress points. However, once the stolen information is acted upon, detection will not be easily avoided by the attacker.

As with any solution, there are some considerations to be aware of. Some such considerations include who has access to the database and knowledge of honey data. Special caution must also be performed to avoid the unintentional use of honey data which effects business decisions unknowingly.

Look for more research on honey data by Security Experiment in the near future.

Customized Password Cracking- WLAuthor-0.05.pl

2008-01-02T04:04:21Z

WLAuthor is a proof of concept custom wordlist generator. It can be used to create a custom dictionary/wordlist for password guessing or cracking attacks in penetration testing. This script takes a target domain as input and will browse the target web site and parse it for potential words used in passwords. It is still just proof of concept and will see some additions soon, such as crawling capabilities, hybrid engine, custom parsing options, and better documentation. It will also be cleaned up a bit, to be more memory efficient, although it is still very quick for what it does.

WLAuthor-0.05.pl

IntelliScan

2007-12-17T03:56:57Z

This is an updated version of the StatfulTCPScanner.pl proof of concept in regards to intelligent port scanning. It now supports command line arguments, ability to adjust the error threshold, and verbose mode.

IntelliScan0.02.pl

Intelligent Port Scanning

2007-12-05T00:02:26Z

One concept I have been throwing around with the group is the idea of more intelligent port scanning. I think it would be great to have a port scanner that could detect an IPS and adjust appropriately. By feeding the tool "previously known open ports", it could have sort of a heartbeat back to the target to detect if there has been a service crash or IPS interference. Ideally, it could run the check from separate IP addresses to differentiate between the two. The below file is a simple interactive perl script as a proof of concept to this theory. As I get more development cycles I would like to expand on this idea. As opposed to writing a whole new port scanner maybe just create a script to kick off and monitor the tried and true Nmap scanner.

StatefulTCPScanner.pl
Updated Version
IntelliScan0.02.pl

Social Engineering Repository

2007-11-13T03:46:05Z

Please visit and contribute to the Social Engineering Repository. In its current state it is just a framework to input and share information. I am hoping with time it can become a central repository for all things Social Engineering. It is designed to be a database of scripts, tools, attack theories, and prevention methods that one could use to assess their environment's susceptibility to social engineering attacks. Feel free to use what ever you would like and Please Contribute!

Social Engineering Repository

Updated: ToorCon 9 Presentation with Notes/Commentary

2007-11-08T03:22:44Z

Security Experiment's founder, Paul Battista presented recently at the 9th annual security conference, ToorCon in San Diego, CA. You can find his slides here Overlooked SQL Injection 20071021.pdf. Full notes/commentary:

WiFi ATM

2007-10-25T22:28:05Z

This picture was taken by Joseph Rivela right outside of New York City on Interstate 87. I don't think they really meant they have a wireless ATM machine but I would not be surprised if we saw one in the near future. I am sure it would not take long to hack.

View image

30 Second Double Locked Handcuff Escape

2007-10-25T03:26:33Z

I pick out of double locked handcuffs with only a safety pin. More details on methods to come soon.

http://www.youtube.com/v/6bCJOhweJvA

Welcome to Security Experiment

2007-10-24T06:00:47Z

Security Experiment is a recently developed security research group where you can find all things security. We will discuss recent research projects on topics such as web, network, host, and physical security. Enjoy your stay!