How to Discover Open Ports Using Metasploit’s Built-in Port Scanner

One of the first steps in reconnaissance is determining the open ports on a system. Nmap is widely considered the undisputed king of port scanning, but certain situations call for different tools. Metasploit makes it easy to conduct port scanning from directly inside the framework, and we’ll show you three types of port scans: TCP, SYN, and XMAS.
What Is Port Scanning?
Port scanning is the process of probing a range of ports in order to determine the state of those ports — generally open or closed. There are 65,536 available ports on a host, with the first 1,024 ports being reserved for… more

Link: https://null-byte.wonderhowto.com/how-to/discover-open-ports-using-metasploits-built-port-scanner-0186829/

Laforge – Security Competition Infrastructure Automation Framework

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a custom loader to do multi-dimensional, non-destructive configuration overlay. A good analogy to this is Docker – when you build a Docker container, it builds it up layers at a time. It’s this power that has inspired us to build Laforge. It’s certainly a niche` project, but we certainly have found an incredible use for it.FeaturesCross platformPortable – installs as a stand alone native executable.Use what you enjoy – Bring Your Own Scripting Language (Y)Fast.Build once, clone to n number of teams (security competitions paradigm)Collaborative – makes working in distributed groups very efficientFAQWhat is Laforge?Laforge is a framework that lets you design and implement security competitions in a scalable, collaborative, and fun way! You write configurations in Laforge Config Language and use the CLI tool to inspect, validate, build, and connect to remote infrastructure with. Historically, it’s primarily supported Terraform as it’s “backend" (generates sophisticated terraform configurations), but this will be changing rapidly over the coming weeks and months. Laforge currently powers all of the infrastructure management for the National Collegiate Penetration Testing Competition and has supported game deployments of >1400 unique nodes.Why was it created?Three reasons:Security professionals aren’t the most well versed with operations/infrastructure/devops tools. They have a steeper than most learning curve, especially when asking volunteers to try and figure it out in their off work time. To make it easier for people, we wanted to make a tool that basically did the hard part for them.As we dug in, we noticed that the commonly used automation frameworks available had a number of painpoints when it came to building security competition infrastructure. There are things that have to occur in security competitions that aren’t supported in the real world:wide compatibility with lots of operating systems and softwareMass "clone" ability – snapshot a game infra and clone it 10-20x – one for each team.Flexibility to deploy the same stacks to a wide set of possible infrastructure – VMWare, AWS, GCP, etc.Because competitions deserve it! We work with some of the most passionate people on these projects and anything that can make our shared experience better is a win win in our book.Why not current DevOps tools?No need to go into a flame war over this tool or that. We frankly like them. Our biggest complaint across the board is that given how fragmented they are, it’s hard to ever be really good at any one of them. We enjoy Terraform and it’s been our primary backend since the beginning.How does it scale?We have used the various iterations of LaForge to generate competition environments with hundreds of total hosts for almost 30 teams. In short, it can scale as large as your imagination (and budget / resources) allows. Furthermore, we have used this tool across a team of over 15 volunteer developers each working on their own components and have used that feedback in the most recent versions.What about performance?Depending on the complexity of your environment, building LaForge output may take seconds or minutes. In the end you will spend more time spinning up systems in the environment of your choice with Terraform or Vagrant than you will generating the relevant configurations for either of them.Is it production-ready?If by production, you mean developing live competition environments, LaForge has been used for over three years in a "production" capacity. If you mean live systems at your company or organization, it will probably work well, but use at your own risk.Installation$ go get github.com/gen0cide/laforge/cmd/laforgeQuick Startlaforge configurelaforge initlaforge example Object ModelsNetworkScriptEnvironmentAMIDNS RecordIdentityCommandRemote FileHostRoadmapReplace YAMLLanguage DefinitionConfiguration SemanticsParser & LexerDependency Chaining & MgmtLoaderGraph RelationshipsObject DefinitionsReplace CLIbuild subcommandconfigure subcommanddeps subcommanddownload subcommanddump subcommandenv subcommandexample subcommandexplorer subcommandinit subcommandquery subcommandserve subcommandshell subcommandstatus subcommandupload subcommandReplace Rendering EngineBuilder interface designedNew BuildEngine doneBuildIssue error typevalidations packagenull builder implementation (spec as of now)Template engine WIPBackendsTerraformVagrantNative (pure scripts & laforge)AWS-SDKDockerBugsIt’s literally an alpha preview, there definitely are some.EnhancementsPerformanceExplore more concurrency pipelines in the loader and builderUI/UX ImprovementsMore documentation +++More examples ++Laforge Web UIMoonshotsLaforge Server & GatewayCnditional Logic in SyntaxRemote IncludesHall of Famementors, contributors, and great friends of Laforge@1njecti0n@emperorcow@vyrus001@bstax@cmbits@tomk@brianc@rossja@kos@dcam@davehughes@mbm@maus@javutoAcknowledgementsNational CPTC and the CPTC Advisory Board who’s been so patient with me as I worked through this.Rochester Institute of Technology For giving us a place to expiriment and advance both the technology as well as the workforce of our industry.Download Laforge

Link: http://feedproxy.google.com/~r/PentestTools/~3/VXa3BkeqvAM/laforge-security-competition.html

Top 9 Things to Do After Installing Kali Linux

Kali Linux, by default, probably doesn’t have everything you need to get you through day-to-day penetration testing with ease. With a few tips, tricks, and applications, we can quickly get started using Kali like a professional white hat.
Most Linux distributions are highly customizable. This makes personalizing your penetration testing distribution a bit daunting. With just a few commands, we can automate tasks, install our favorite software, create additional user accounts, properly configure anonymity software, and optimize our interactions with terminals. There are just a few things we… more

Link: https://null-byte.wonderhowto.com/how-to/top-9-things-do-after-installing-kali-linux-0186450/

Rick Holland, Digital Shadows – Enterprise Security Weekly #104

Rick Holland has more than 15 years’ experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing. Full Show NotesVisit http://securityweekly.com/esw for all the latest episodes! Hosts
The post Rick Holland, Digital Shadows – Enterprise Security Weekly #104 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/wCHyYJmDA84/

CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication

CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.

Link: https://packetstormsecurity.com/files/149190/CA20180829-02.txt