A number of free and open source security tools were released last week at the annual Black Hat security conference in Las Vegas. Here are six that IT managers can use today to quickly identify weak spots in the corporate network:
Evader assesses network security devices’ effectiveness at repelling AETs
AETs, or advanced evasion techniques, were first identified and reported by Evader’s developer, Stonesoft. AETs get known malicious code past network security by combining it and rearranging it with additional strings of code, making it undetectable. Once inside, the malicious code is executed on multiple layers of the network simultaneously.
Stonesoft created a software-based testing environment companies can use to test their network defenses against such threats. Evader launches an attack against the user’s next-generation firewall, intrusion prevention system (IPS) or unified threat management (UTM) product to find unknown vulnerabilities.
AETs are not well understood, which explains why devices from major network security vendors were unable to prevent malware disguised in this way from entering the networks they tested, according to Stonesoft. Companies can download the Evader security tool for free from Stonesoft’s website.
Google Hacking Diggity Suite gets new attack tools
Turns out it’s possible to use Google and Bing search engines to hack your own website for the purpose of gathering vulnerability data and detecting sensitive data leaks. The Google Hacking Diggity Project, an R&D initiative from security firm Stach & Liu, explores how these search engines can be used to find system vulnerabilities.
The latest search engine hacking tools to come out of the project were unveiled at the conference and include two of particular interest to IT managers: NotInMyBackyardDiggity, which performs queries to sniff out sensitive corporate information on third-party websites and cloud storage sites, and PortScanDiggity, which uses Google to scan for open TCP ports on a given network. The entire suite of security tools is available for download on the Stach & Liu website.
Redline provides in-depth analysis to find potentially compromised systems
Suspect your systems are compromised in spite of your best efforts? A free utility from information security firm Mandiant thoroughly audits each node on your network to uncover signs that you’ve been hacked. Redline conducts memory and file analysis and creates a threat assessment profile. The profile identifies suspicious activity that needs further investigation.
The updated version presented at Black Hat 2012 includes improved analysis capabilities and enhanced data collection and configuration. It’s available to download from Mandiant’s website. For more information, visit the Redline user forum.
Vega finds holes in web applications
If you’re looking to shut the door on SQL injections and cross-site scripting attacks, consider using this new security tool, currently in beta release. Vega, from security start-up Subgraph, tests the security of web applications using an automated crawler and vulnerability scanner. It also includes an intercepting proxy for interactive debugging. Not only will it help you find evidence of web-based attacks, it will also uncover sensitive data loss and other vulnerabilities.
WATOBO combines advantages of manual and automated penetration testing for web applications
WATABO, which stands for Web Application Toolbox, was developed by German security consulting firm Siberas. On Sourceforge.net, it’s described as a highly-efficient, semi-automated tool for conducting security audits of web applications. It has a local proxy for analyzing web traffic in addition to automated scanning capabilities for detecting SQL injection and cross-site scripting attacks, among other threats.
The developer cites its most important features as: session management capabilities, the ability to perform vulnerability checks out of the box, inline de-/encoding and smart filter functions for easily navigating the application.
The free, open source application is written in (FX)Ruby and is compatible with Windows, Linux and Mac OS operating systems. It’s available for download on Sourceforge.net.
X-Ray app scans Android devices for vulnerabilities
According to the app’s developer, the speed at which wireless carriers supply updates to their users varies. Therefore, it’s possible for devices to go unprotected for long periods of time. The fragmentation of the Android platform complicates the task of rolling out updates, not to mention the fact that companies have little incentive to fix existing flaws when new devices with the latest system software are already on the shelves. This is a concern for companies that allow their employees to connect their personal Android devices to the company network.
The new X-ray app from Duo Security scans Android devices to discover unpatched flaws in system software. If the app finds a problem, the user can go to Settings>About Phone>System Updates to download the latest version. If an official update isn’t available via System Updates, Duo Security encourages users to contact their carrier for more information, or at the very least, exercise extreme caution when downloading apps.
For a complete list of the security tools demo’d at Black Hat 2012, go to the Arsenal webpage.