Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments

  • Title: Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments
  • Author: Matt Burrough
  • Print Length: 218 pages
  • Page Numbers Source ISBN: 1593278632
  • Publisher: No Starch Press
  • Publication Date: July 31, 2018
  • Sold by: Penguin Random House Publisher Services
  • ASIN: B072SS34CP

A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.

You’ll learn how to:

  • Find security issues related to multi-factor authentication and management certificates
  • Make sense of Azure’s services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
  • Discover security configuration errors that could lead to exploits against Azure storage and keys
  • Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
  • Penetrate networks by enumerating firewall rules
  • Investigate specialized services like Azure Key Vault and Azure Websites
  • Know when you might be caught by viewing logs and security events

Packed with real-world examples from the author’s experience as a corporate penetration tester, sample scripts from pen-tests and “Defenders Tips” that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.”

Fair Use Source: B072SS34CP

https://www.amazon.com/Pentesting-Azure-Applications-Definitive-Deployments-ebook/dp/B072SS34CP

Penetration Testing – Pentesting

See also DevSecOps, Cybersecurity, Cybersecurity Glossary, Privacy vs. Surveillance Topics

Penetration testing tools, network admin tools and other useful security tools:

“There are a large amount of penetration testing tools to choose from on the market. The security audit tools below have been selected to cover a range of testing techniques from vuln scanning based testing to network mapping, but the list is by no means complete, as there are hundreds of different tools to use for specific tests. We have also included download links where possible.”

Metaspoit Framework

This is the free version of the metasploit package, one of the best pieces of software around for Windows, Linux and Mac systems. Metasploit allows you to quickly search for and execute exploits against a target.

OpenVAS

OpenVAS is one of the worlds most advanced open source vulnerability scanners. You can read more about the openvas online scanner here. A project contributed by many security professionals globally, this tools gives great accurate scan results, and allows you to manage and report your findings.

Tenable Nessus

Although this is not a free tool, it has a bunch of incredibly effective scan engines that will rank amongst the best of the vulnerability scanners available on the market. Initially developed as an open source project up until 2008.

Snort

Snort is one of the original defsec Intrusion Detection Systems (IDS), going way back to the early security scene on the internet. It’s incredibly effective, be sure to check it out, one of the best HIPS on the market!

BackTrack Download / Kali Linux Download

Formerly BackTrack, the team have now rebranded as Kali Linux, an incredible Live CD or USB security distro, with a large amount of open source tools, bundled into a user friendly Linux distribution.

Netcat > Ncat

Netcat (1998) now essentially replaced by Nmap’s Ncat is a simple TCP/UDP transmitter/receiver, allowing you to capture and listen for connections using it’s port binding feature, with script  and debugging support.

Nmap Download

Nmap is an advanced and extremely fast port scanner, now available in GUI form under the name of Zenmap (http://nmap.org/zenmap/). This tools is great for fast network service and port identification. We have now integrated the Nmap Online Scanner into our set of free penetration testing tools

Wireshark

Unlike NMAP, this tool is an actual network protocol and data packet analyzer which can analyze the Security weaknesses of the traffic in real time. For example, live information and data can be collected from:

  • IEEE 802.11
  • Bluetooth
  • Token Ring
  • Frame Relay
  • IPsec
  • Kerberos
  • SNMPv3
  • SSL/TLS
  • WEP
  • Any Ethernet based connections

Some of the advantages of using Wireshark are that the analyses of the results come out in a form which can even be understood by the client at first glance. With this tool, the Pen Tester can apply such features as color coding to delve and investigate deeper the network traffic flow, as well as to isolate any individual data packet which may be of concern. Wireshark is particularly useful in analyzing the Security risks which are inherent when information and data are posted to forms on Web based applications. Some of these threats include data parameter pollution, SQL injection attacks, and memory buffer overflows. Wireshark can be downloaded for free at www.wireshark.org.” Fair Use Source: https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/top-pentesting-tools

Burp Suite

Burp Suite is a collection of Burp tools developed by portswigger. A fast a powerful vulnerability scanner with scripting support and debuging engines, this is a great security audit tool.

Nikto

Nikto is a free opensource http/s vulnerability scanner, which is extremely fast, light and capable of identifying over 6400 web flaws on common web servers like Apache. We have now implemented the Nikto Scanner Online in our penetration testing tools

W3af – Web Application Attack and Audit Framework (also known as the “W3AF”)

W3af is growing in popularity as it’s another extremely fast web vulnerability framework to help you exploit web applications, be sure to check it out.

“This Pen Testing suite has been created by the software developers at Metasploit, and its main purpose is to find, ascertain, and exploit any Security weaknesses or holes in Web based applications. This package consists of many tools which can root out threats such as:

  • User-Agent Faking
  • Custom Headers to Requests
  • DNS Cache Poisoning (this is also known as “DNS Spoofing,” and it occurs when the DNS Name Servers return an incorrect IP address. As a result, the legitimate network traffic is diverted to the Cyber attacker’s computer)

One of the strongest advantages of the W3AF is that the parameters and variables which were used in one Pen Test instance can be saved quickly and easily into a Session Manager file. As a result, they can be reconfigured and reused quickly for another, upcoming Pen Test on a Web application. Thus, critical time is not wasted into re-entering these parameters and variables again. The results of the Pen Test are displayed in both easy to understand graphical and text based formats. Best of all, its database also consists of the top known threat vectors along with a customizable Exploit Manager to execute an attack and exploit it to its maximum possible. The W3AF has also been created on an open source platform and can be downloaded at this website: http://w3af.org/.” Fair Use Source:
https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/top-pentesting-tools/

John the Ripper

“One of the biggest Cyber Security threats has been and will continue to be is that of the inherent weaknesses of the traditional password. As a result, this is one of the hottest areas in Pen Testing, and thus, many tools have evolved. One of the best-known tools is that of “John the Ripper.” It is also commonly abbreviated as “JTR.” There is nothing too complex about this tool; its elegance is its simplicity in of itself. Pen Testers have used it primarily to launch Dictionary Attacks (this is where the Cyber attacker tries to guess the cipher or the authentication mechanism which is used to lock the password database) to determine any unknown holes weaknesses in the database.

This tool accomplishes this task by taking text string samples from a word list which contains the most complex and most popular words which are found in the traditional dictionary. These samples are then encrypted in the same format as the password which is being cracked, stolen, or hijacked. The output of this analysis is then compared to the actual encryption string to ascertain the vulnerabilities and weaknesses. A strong advantage of this tools is that it can be modified to test for all the varieties of Dictionary Attacks which could occur. A key distinction of the John the Ripper is that be used to Pen Test password databases which are both online and offline. JTR has also been created and developed on an open source platform, and it can be found at this link: http://www.openwall.com/john.” Fair Use Source:
https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/top-pentesting-tools

Arachni Scanner

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. We have implemented the Arachni Scanner Online free edition into our penetration testing tools

WhatWeb Web Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb Web Scanner Online is now available to try in our free penetration testing tools online

BlindElephant Web Scanner

The BlindElephant Web App Fingerprinter attempts to discover the version info by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant Scanner Online is now available and on our free penetration testing tools online portal

TCP Traceroute Online

Perform a TCP traceroute online, allowing you to see the route taken in or out of a network. Traceroute online is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. TCP Traceroute Online has been incorporated into our penetration testing tools online and is now available.

ResolveHost

A simple Linux tool designed to resolve domain names to IP addresses, and IP addresses to domain names. This tool is now in our penetration testing tool suite online, as ResolveHost Online.

IP Calc / IP Calculator

Takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. This tools is now available via IP Calculator Online.

CMSmap

CMSmap is a single python based tool that tests for vulnerabilities in the following CMS platforms, Joomla, Drupal and WordPress. We have integrated CMSmap Online into our free penetration testing tools portal. This tools is now available via the CMSmap Online page.

We highly advising using penetration testing tools ONLY if you know what you are doing with them. When performing a security audit with tools such as these, you need a full understanding of them to interpret the results, please be sure to contact us if you require a professional penetration test conducted on your website.

WPScan Online

WPScan is a blackbox WordPress engine vulnerability scanning tool, capable of auditing weak usernames and passwords, versions and their vulnerabilities, wordpress plugins and various other wordpress checks. You can use WPScan online via our WPScan online tools suite.

OSSEC

OSSEC is one of the best open source Intrusion Detection Systems or HIDS available in network protection and intrusion systems. This tool provides an excellent forensic tool to help spot attacks via notifications and alerting.

NetAdminTools.com

NetAdminTools.com provides a list of Network Administration Tools and Software that is a great Resource for System and Network Administrators when it comes to network management and maintenace. They’ve compiled a large list of tools that will assist you in Monitoring your network and potentially uncovering security risks and issues within your perimeter. If your a Network Engineer or System administrator, these tools will assist in your daily tasks and greatly simplify your life.

Fair Use Source:

One Nation, Under Surveillance – Privacy From the Watchful Eye

As an IT security writer, I think this is such an excellent book that I am using its Table of Contents as a stepping stone to my own extensive Fair Use commentary and vast expansion of these topics.

Fair Use Source: B00NU30KP4

https://www.amazon.com/gp/product/B00NU30KP4

Table of Contents:

  • Introduction by Boston T. Party (Kenneth W. Royce)

1 – Why Privacy?

  • We Have Lost Our Country
  • The Paranoid U.s. Government
  • In the Grip of Psychopathological Control
  • Privacy Is Not Shameful
  • The Coming Dark Age…if We Allow It…

2 – Privacy Vs. Paranoia

3 – the Rules

  • Don’t Draw Attention to Yourself
  • Privacy Is Always Complicated
  • Privacy Is Expensive
  • Privacy Is Inconvenient
  • Privacy Is Private
  • Be Consistent. Be Thorough.
  • Work Your Story Out in Advance
  • Always Have a Benign, Logical Explanation
  • Privacy Requires the Spinning of Yarns
  • Be Friendly. Be Relaxed. Be Unremembered.
  • Privacy Requires Your Alertness
  • “what if I Have to Lie?”
  • The Public Face of Privacy

4 – How to Mess Up

  • Learning From a Nazi’s Mistakes

5 – Privacy & Data

  • Your Data Shadow
  • Credit Information
  • Employment Information Service (Eis)
  • Medical Information Bureau (Mib)
  • Government Databanks
  • International Data-sharing
  • Surveillance Cctv Cameras
  • Radio Frequency Id Chips
  • Unchallengeable Government
  • Papers
  • Privacy & Technology

6 – Privacy & People

  • Levels of Intimacy
  • Privacy With the Public
  • Privacy With Your Acquaintances
  • The Acquaintance Neighbor
  • Privacy and Your Friends
  • Relatives
  • Your Spouse
  • Your Children
  • On Trusting People
  • Putting Friendships to the Test
  • When Trust Is Betrayed
  • The Sociopath
  • Sociopaths and Morality
  • The Sociopath’s Characteristic Exploitiveness
  • The Sociopath Always Lies, and How He Does It
  • The Indispensable Pity Ploy
  • Optical Illusions: Sociopath Autostereograms
  • Sociopaths Elsewhere (the “kunlangeta”)
  • Final Thoughts on Sociopaths

7 – the I.d.

  • Using Another’s Id
  • Using Fake Paperwork
  • Total Id Creation
  • The Foreign Id
  • Real Id
  • The Usa Passport
  • Since 2007, All Passports Have an Rfid Chip
  • Is the Ssn Required to Get a Usa Passport?
  • Can the Passport Rfid Chip Be Deactivated?
  • Some Misc. Passport Tips
  • The “enhanced Dl”
  • The National Id in Britain
  • Biometric Id
  • The Final Id: Implanted Chips
  • Your Line in the Sand

8 – Financial Privacy

  • Cash
  • Money Orders
  • Pre-paid Debit Cards
  • Paypal
  • Digital Gold Currencies
  • Exchange Providers
  • Dgc Providers
  • Activating a New Dgc Account
  • Gold & Silver Coins
  • Credit Cards
  • Checks
  • Loans & Mortgages
  • Ira’s, 401k’s & Keogh’s
  • Tips on Preventing Id Theft

9 – Your Mail

  • Receiving Your Mail
  • Sending Your Mail


10 – Telecommunications

  • Methods of Compromise
  • Misc. Telephone Privacy Tips
  • Internet Voice Mail & Fax
  • Voip Telephony
  • Privacy Advantages of Voip
  • Skype
  • Magic Jack
  • Voip Clients to Consider
  • Zfone
  • Cell Phone Privacy Concerns
  • Prepaid Cell Phones Vs. Payphones
  • Prepaid Cell Phones
  • Various Prepaid Cell Phone Providers
  • Cell Phone Privacy Measures
  • Landlines
  • Prepaid Calling Cards
  • What About Pagers?


11 – Passphrases

  • How Passphrases Are Guessed
  • Your Password Is Probably Not Good Enough
  • Creating Memorized Strong Passphrases
  • “bit Strength Threshold”
  • Best Tip: Turn Sentence Into Passphrase
  • Passphrase Generators
  • Using & Protecting Passphrases
  • Test Your Passphrase for Strength and Usage
  • Tips on Protecting Your Strong Passphrases
  • Os and Application Dependencies
  • Passphrase Wallets and Vaults
  • Keylogger Threats
  • Compelled Disclosure


12 – Computer Data

  • Definitions
  • Protecting Your Data
  • Data Encryption
  • Truecrypt
  • File Shredders
  • Monitor Security
  • Printers Can Be Individually Identified
  • Media Devices
  • Backing Up Data
  • Physical Security
  • Keyloggers and Magic Lantern Software
  • If Your Computer Is Seized
  • Encryption and Crossing the Border


13 – Internet Privacy

  • Operating System (Os)
  • Windows
  • Mac
  • Linux
  • Hardware
  • Your MAC Addresses
  • Your Wifi Router
  • Firewalls
  • Browsers
  • Microsoft Internet Explorer (Boo, Hiss!)
  • Googlag Chrome (Boooooo, Hiss!!!!)
  • Opera
  • Mozilla Firefox
  • Brave Browser
  • Misc. Browser Security Tips
  • Email Client
  • IP (Internet Protocol) Address
  • Anonymous Surfing (Proxy Tunnels)
  • Email Providers
  • Search Engines
  • Spyware
  • The FBI’s “cipav
  • Some Misc. Tips for All Users
  • Using Public Computers
  • So, You’re Still Using Windows
  • Why You Should Still Migrate From Windows to Linux or macOS
  • Overview


14 – Get a New Puppy! (Linux)

  • How to Install Puppy Linux


15 – Your Private Home

  • Going From Public to Private
  • Get Your New Place Long Before You Need It
  • Buying a New Place With Privacy
  • Renting a New Place With Privacy
  • The Timing of Your Move
  • The Moving Sequence
  • Once at Your New Place
  • Store Your Extra Stuff


16 – the Census & Acs

  • Historical Census Misuse
  • 1864: Sherman’s March Through Georgia
  • 1942-1946: U.s.a. Internment of Japanese
  • 1933-1945: Nazi Germany and Holocaust
  • Future Census Misuse
  • Individual Re-identification From Aggregates
  • Social Security Numbers Are Next
  • Why Not Also Ask About Gun Ownership?
  • Increasingly Empowered Government
  • Loss or Theft of Census Data
  • American Community Survey
  • Resisting the Census & Acs
  • The Census Bureau Process
  • Don’t Waste Your Time and Energy With…
  • You Can’t Answer What’s Not Been Asked
  • An Intriguing Legal Angle
  • Idea for Rural Properties
  • Create Your Own Form for the “enumerator”
  • Some Sample Questions and Answers


17 – Privacy & Your Guns

  • The Purchase
  • Ownership
  • Buying Accessories
  • Storing Your Guns Privately
  • Shooting Your Guns Privately
  • Selling Your Guns
  • Tracking Ownership
  • The Coming Gun Grab


18 – a Quiet Living

  • Privacy on the Job
  • Start Your Own Business

19 – the Private Car

  • Purchasing Your Car
  • Registering Your Car
  • Using Your Car Privately
  • Privatizing Your Car Travel
  • Cbp Agents at Borders and Checkpoints
  • A Cool Boston Tip on Counter-rousting Gear
  • Selling Your Car


20 – Private Travel

  • The Bus
  • The Train
  • Rental Cars
  • Motels & Hotels
  • Commercial Air Travel
  • TSA “selectee” and “no Fly” Lists
  • The Future of Air Travel and Privacy
  • Buying Your Tickets
  • Packing for Privacy, Comfort, and Convenience
  • Checking in
  • Airport Security Tips
  • International Flights
  • Entering the U.s
  • Clearing U.s. Customs
  • How to Avoid Lost & Found


21 – Private Entities

  • Trusts
  • Tax Avoidance Is Legal
  • The Necessity of Foreign Entities
  • Become Your Own Expert


22 – Privacy’s Future

  • 21st Century Dissenters
  • Two Kinds of People
  • The Masses
  • The Remnant
  • Comparing Extremes
  • “we’re So Sane, We’re Insane.”
  • The Über-remnant
  • The Über-masses
  • Different People – Different Roads
  • Can We Ever Be Free?
  • Where Are the Remnant in All This?
  • Some Final Advice


“12 years in the making, this is the long-awaited sequel to and replacement of the popular 1997 Bulletproof Privacy. Three times the size, it thoroughly covers:

  • healthy privacy vs. paranoia
  • private travel in the 21st Century
  • modern communications and privacy
  • the coming National I.D. Card
  • private money — debit cards, digital gold
  • can your home still be your castle?
  • guns & privacy
  • securing your computer
  • ghosting the Internet
  • use encrypted VoIP for free
  • create robust passphrases
  • Windows: a surveillance virus masquerading as an OS?
  • get a new Puppy . . . Linux!
  • dealing with the intrusive Census and ACS questions
  • earning a discreet living
  • how to buy and sell privately
  • answering the old If you have nothing to hide, then . . . “

See also Database Nation: The Death of Privacy in the 21st Century, Privacy vs Surveillance Bibliography, Privacy vs. Surveillance Topics.