Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: Sam Stelfox <sstelfox () vtc vsc edu>
Date: Mon, 15 Dec 2008 10:49:01 -0500

Your probably going to hate me for this, but I haven't seen it
mentioned. If you know you've been hacked and it's a Windows server you
probably want to rebuild it. If it's a linux server and you have your
server properly jailed good job rebuilding the server is unecessary. If
it's not jailed well once again I would recommend rebuilding. You never
know the extent of the hack, whether they replaced files on your system.
No anti-virus's will not catch everything, they will only catch things
they know about. Make sure you save all the logfiles.

On the vulnerability itself look in your logs for the request errors. I
guarantee that if it's sql injection they found it by generating an
error in one of your pages and they probably took a few trys to get the
injection working the way the wanted to and probably generated more
request errors along the way (the successful attack might've generated
errors depending on your scripts and how they did it).

There is my two cents. Good luck.

harveyfrank wrote:
We've been battling the Chinese for several months now and have gone through
several waves of US  security experts who have failed to stop them. In their
defense, we are not on an unlimited budget and they've gotten us to a point
where it looks as though somewhere among the site's 400 scripts is a SQL
injection vulnerability. 

Automated testing by a few pen test products seems to think we're fine. We
definitely are not.

Is it possible to hire a CEH to find the Chinese-discovered vulnerability
for a few hundred dollars? (We aren't just being cheap, we've blown our wad
on security that hasn't worked.) Would someone with intimate knowledge of
the latest wave of Chinese attacks be required for this job? Besides our
first rate security team that's just been beat, I've tried the $200 pen test
folks and they have all failed. Microsoft security help has also failed. 

Advice (Besides porting to Linux)? Help?

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]