1. Metasploit Framework
– an open source tool for exploit development and penetration testing
Metasploit is well known in the security community. Metasploit has
exploits for both server and client based attacks; with feature packed
communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go to tool if you want to break into a network or computer system.
Defending against Metasploit:
2. Ettercap – a suite of tools for man in the middle attacks (MITM).
Once you have initiated a man in the middle attack with Ettercap use
the modules and scripting capabilities to manipulate or inject traffic
on the fly. Sniffing data and passwords are just the beginning; inject
to exploit FTW!
Defending against Ettercap:
3. sslstrip
– using HTTPS makes people feel warm, fuzzy and secure. Using sslstrip
this security can be attacked, reducing the connection to an unencrypted
HTTP session, whereby all the traffic is readable. Banking details,
passwords and emails from your boss all in the clear. Even includes a
nifty feature where the favicon on the unencrypted connection is
replaced with a padlock just to make the user keep that warm and fuzzy
feeling.
Defending against sslstrip:
4. evilgrade
– another man in the middle attack. Everyone knows that keeping
software updated is the way to stay secure. This little utility fakes
the upgrade and provides the user with a not so good update. Can exploit
the upgrade functionality on around 63 pieces of software including
Opera, Notepad++, VMware, Virtualbox, itunes, quicktime and winamp! It really whips the llamas ass!
Defending against evilgrade:
5. Social Engineer Toolkit
– makes creating a social engineered client side attack way too easy.
Creates the spear phish, sends the email and serves the malicious
exploit. SET is the open source client side attack weapon of choice.
Defending against SET:
6. sqlmap
– SQL Injection is an attack vector that has been around for over 10
years. Yet it is still the easiest way to get dumps of entire databases
of information. Sqlmap is not only a highly accurate tool for detecting
sql injection; but also has the capability to dump information from the
database and to even launch attacks that can result in operating system
shell access on the vulnerable system.
Defending against sqlmap:
7. aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.
Defending against aircrack-ng:
8. oclHashcat
– Need to get some passwords from the hashes you grabbed with sqlmap?
Use this tool to bust them open. Over 48 different hashing algorithms
supported. Will use the GPU (if supported) on your graphics card to find
those hashes many times faster than your clunky old CPU.
Defending against oclHashcat:
9. ncrack
– Brute force network passwords with this tool from Fyodor the creator
of Nmap. Passwords are the weakest link and Ncrack makes it easy to
brute force passwords for RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and
telnet.
Defending against ncrack:
10. Cain and Abel
– Cracking passwords, sniffing VOIP and Man in the Middle (MITM)
attacks against RDP are just a few examples of the many features of this
Windows only tool.
Defending against Cain and Abel:
11. Tor – push your traffic through this onion network
that is designed to provide anonymity to the user. Note your traffic
from the exit node is not encrypted or secured. Make sure you understand
what it does before using it, Tor provides anonymity not encrypted
communication.
Defending against Tor:
Defending against Metasploit:
- Keep all software updated with the latest security patches.
- Use strong passwords on all systems.
- Deploy network services with secure configurations.
Defending against Ettercap:
- Understand that ARP poisoning is not difficult in a typical switched network.
- Lock down network ports.
- Use secure switch configurations and NAC if risk is sufficient.
Defending against sslstrip:
- Be aware of the possibility of MITM attacks (arp, proxies / gateway, wireless).
- Look for sudden protocol changes in browser bar. Not really a technical mitigation!
Defending against evilgrade:
- Be aware of the possibility of MITM attacks (arp attacks, proxy / gateway, wireless).
- Only perform updates to your system or applications on a trusted network.
Defending against SET:
- User awareness training around spear phishing attacks.
- Strong Email and Web filtering controls.
Defending against sqlmap:
- Filter all input on dynamic websites (secure the web applications).
- Use mod_proxy or other web based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).
Defending against aircrack-ng:
- Never use WEP
- When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).
Defending against oclHashcat:
- Passwords are the weakest link. Enforce password complexity.
- Protect the hashed passwords.
- Salt the hashes.
Defending against ncrack:
- Use strong passwords everywhere.
- Implement time based lockouts on network service password failures.
Defending against Cain and Abel:
- Be aware of the possibility of MITM attacks (arp attacks, untrusted proxy / gateway, wireless).
- Use strong passwords everywhere.
Defending against Tor:
- It is possible to implement blocking of Tor exit nodes on your firewall, if Tor traffic is linked to a threat to your environment.
