Security monitoring - with open source penetration testing tools
Talk given at Velocity Europe. This is an extended version of my previous security monitoring talk given at Monitorama. This talk contains even more examples and a new section on security monitoring as part of the development process.
Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] Vampire Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Found ] Xzibit Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Gareth Rushgrove
>> nosetests -v rkhunter-librato-test.py rkhunter-libratoo-test.test_beastkit_not_installed ... ok --------------------------------------------------------- Ran 1 test in 1.585s OK Gareth Rushgrove
rspec audit-rspec.rb -f d my application dependencies should have no vulnerable gems (FAILED - 1) should have a safe version of ruby on rails ! Finished in 0.03949 seconds 2 examples, 1 failure Gareth Rushgrove
Starting Nmap 5.21 ( http://nmap.org ) at 2013-09-18 15:09 BST Nmap scan report for monitorama.eu (141.101.116.49) Host is up (0.17s latency). Hostname monitorama.eu resolves to 2 IPs. Only scanned 141.101.116.49 Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 24.18 seconds Gareth Rushgrove
1) the monitorama.eu website should have one port open Failure/Error: @open_ports.should have(1).items expected 1 items, got 12 # ./nmap-rspec.rb:24:in `block (2 levels) in (required)>' ! Finished in 2.47 seconds 2 examples, 1 failure Gareth Rushgrove
+ +[+] 2 issues were detected. + +[+] [1] Trusted -- Cross-Site Scripting (XSS) +[~] ~~~~~~~~~~~~~~~~~~~~ +[~] ID Hash: +[~] Severity: High +[~] URL: http://victim/pictures/search.php +[~] Element: form +[~] Method: GET +[~] Tags: xss, regexp, injection, script +[~] Variable: query +[~] Description: +[~] Client-side code (like JavaScript) can be injected + into the web application which is then returned to + the user's browser. This can lead to a compromise + of the client's system or serve as a pivoting + point for other attacks. + Gareth Rushgrove