Web Application firewall to Train Attacks - Raptor WAF

Raptor is an Open Source Tool, yout focus is study of attacks and find intelligent ways to block attacks.

Raptor is made in pure C, don’t use regex or other common ways to block attacks, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and bypasses at wafs.

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...

• You can block XSS, SQL injection attacks and path traversal with Raptor
• You can use blacklist of IPs to block some users at config/blacklist ip.txt
• You can use IPv6 and IPv4 at communications
• At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.
• At the future SSL/TLS...

to run:

$ git clone https://github.com/CoolerVoid/raptor_waf
$ cd raptor_waf; make; bin/raptor

Example

Up some HTTPd server at port 80

$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt

you can test at http://localhost:8883/test.php

Look the docs

https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf

Tests:

509 of attacks, detect and block 349, 68% of attacks blocked

Download Raptor

Read More

Sandboxed Execution Environment - SEE

Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.

The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments.

Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file.

Audience

SEE is for automating tests against unknown, dangerous or unstable software tracking its activity during the execution.

SEE is well suited for building modular test platforms or managing executable code with a good degree of isolation.

SEE allows to write sandboxed tests both for quick prototyping and for running on production environment.

Installation

SEE is available as Python package on the Python Package Index (PyPI).

It's user's responsibility to install and setup the hypervisors intended to be controlled with SEE.

Please refer to the documentation to see how to setup and configure each hypervisor.

Supported hypervisors

SEE is build on top of libvirt's APIs, therefore all hypervisors supported by libvirt can be controlled through SEE.

SEE comes with a basic support for QEMU, VirtualBox and LXC, to add more hypervisor or customize the basic ones see the code contained in see/context.

Principles

SEE is an event-driven, plugin-based sandbox provider for synchronous and asynchronous test flow control.

                                                                  +----------+
                                                                  |          |
                                                          +-------| SEE Hook |
                                                          |       |          |
                                                          |       +----------+
              +-----------------+       +---------+       |       +----------+
              |                 |       |         |       |       |          |
User -------> | SEE Environment |-------| Sandbox |-------+-------| SEE Hook |
              |                 |       |         |       |       |          |
              +-----------------+       +---------+       |       +----------+
                                                          |       +----------+
                                                          |       |          |
                                                          +-------| SEE Hook |
                                                                  |          |
                                                                  +----------+

A SEE Environment encapsulates all the required resources acting as a handler for the User. The Sandbox is controlled by the Hooks which act as plugins, Hooks communicate and co-ordinate themselves through Events.

Each Hook has direct access to the Sandbox which exposes a simple API for it's control and libvirt's APIs for more fine grained control.


Links

Project page.
https://pypi.python.org/pypi/python-see
Project documentation.
https://pythonhosted.org/python-see
Libvirt project page.
https://libvirt.org
Presentation on PyCon Finland 2015.
https://www.youtube.com/watch?v=k185OMivqbQ

Download SEE

Read More

A Practical Guide to Networking and Security in iOS 8

Book Description:

This book describes how to use your iPhone, iPod touch, or iPad with iOS 8 on Wi-Fi and cellular/mobile networks securely, making connections with ease while protecting your data. It also covers Bluetooth networking, tracking an iOS device, using AirDrop and AirPlay, and solving connection problems.





Source: allitebooks

By Offensive Sec

Read More

Network Attacks and Defenses: A Hands-on Approach

Book Description:

The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laboratory environment.

Topics covered in the labs include:

Content Addressable Memory (CAM) table poisoning attacks on network switches
Address Resolution Protocol (ARP) cache poisoning attacks
The detection and prevention of abnormal ARP traffic
Network traffic sniffing and the detection of Network Interface Cards (NICs) running in promiscuous mode
Internet Protocol-Based Denial-of-Service (IP-based DoS) attacks
Reconnaissance traffic
Network traffic filtering and inspection
Common mechanisms used for router security and device hardening
Internet Protocol Security Virtual Private Network (IPsec VPN) security solution protocols, standards, types, and deployments
Remote Access IPsec VPN security solution architecture and its design, components, architecture, and implementations
These practical exercises go beyond theory to allow students to better anatomize and elaborate offensive and defensive techniques. Educators can use the model scenarios described in this book to design and implement innovative hands-on security exercises. Students who master the techniques in this book will be well armed to counter a broad range of network security threats.





Source: allitebooks

By Offensive Sec

Read More

Advanced API Security

Book Description:

Advanced API Security is a complete reference to the next wave of challenges in enterprise security – securing public and private APIs.

API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential.





Source: allitebooks

By Offensive Sec

Read More

Android Hacker’s Handbook

Book Description:

As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world’s foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.

If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.





Source: allitebooks

By Offensive Sec

Read More

Android Security Internals

Book Description:

There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals – until now.

In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security sys­tem. Elenkov describes Android security archi­tecture from the bottom up, delving into the imple­mentation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration.





Source: allitebooks

By Offensive Sec

Read More

Anti-Hacker Tool Kit - 4th Edition

Book Description:

Fully revised to include cutting-edge new tools for your security arsenal, Anti-Hacker Tool Kit, Fourth Edition reveals how to protect your network from a wide range of nefarious exploits. You’ll get detailed explanations of each tool’s function along with best practices for configuration and implementation illustrated by code samples and up-to-date, real-world case studies. This new edition includes references to short videos that demonstrate several of the tools in action. Organized by category, this practical guide makes it easy to quickly find the solution you need to safeguard your system from the latest, most devastating hacks.




Source: allitebooks

By Offensive Sec

Read More

Building Virtual Pentesting Labs for Advanced Penetration Testing

Book Description:

A penetration test, also known as pentest, is a method of assessing computer and network security by replicating an attack on a computer system or network from the outside world and internal threats. With the increase of advanced hackers and threats to our virtual world, pentesting is an absolute necessity.

Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you how to build your own labs and give you a proven process to test these labs; a process that is currently used in industry by global pentesting teams. You will also learn a systematic approach to professional security testing, building routers, firewalls, and web servers to hone your pentesting skills.

What you will learn from this book
* Build routers, firewalls, and web servers to hone your pentesting skills
* Deploy and then find the weaknesses in a firewall architecture
* Construct a layered architecture and perform a systematic process and methodology to use for conducting an external test
* Get introduced to several of the different security testing methodologies
* Design monitored environments and evade them
* Create complex architecture
* Bypass antivirus and other protection
* Practice methods of evasion against today’s top defenses
* Leverage the client configuration

Approach
Written in an easy-to-follow approach using hands-on examples, this book helps you create virtual environments for advanced penetration testing, enabling you to build a multi-layered architecture to include firewalls, IDS/IPS, web application firewalls, and endpoint protection, which is essential in the penetration testing world.

Who this book is written for
If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pentesting labs in varying industry scenarios, this is the book for you. This book is ideal if you want to build and enhance your existing pentesting methods and skills. Basic knowledge of network security features is expected along with web application testing experience.





Source: allitebooks

By Offensive Sec

Read More