Penetration Testing mailing list archives
Re: Looking for help against Chinese Hacking Team
From: Sam Stelfox <sstelfox () vtc vsc edu>
Date: Mon, 15 Dec 2008 10:49:01 -0500
Your probably going to hate me for this, but I haven't seen it mentioned. If you know you've been hacked and it's a Windows server you probably want to rebuild it. If it's a linux server and you have your server properly jailed good job rebuilding the server is unecessary. If it's not jailed well once again I would recommend rebuilding. You never know the extent of the hack, whether they replaced files on your system. No anti-virus's will not catch everything, they will only catch things they know about. Make sure you save all the logfiles. On the vulnerability itself look in your logs for the request errors. I guarantee that if it's sql injection they found it by generating an error in one of your pages and they probably took a few trys to get the injection working the way the wanted to and probably generated more request errors along the way (the successful attack might've generated errors depending on your scripts and how they did it). There is my two cents. Good luck. harveyfrank wrote:
We've been battling the Chinese for several months now and have gone through several waves of US security experts who have failed to stop them. In their defense, we are not on an unlimited budget and they've gotten us to a point where it looks as though somewhere among the site's 400 scripts is a SQL injection vulnerability. Automated testing by a few pen test products seems to think we're fine. We definitely are not. Is it possible to hire a CEH to find the Chinese-discovered vulnerability for a few hundred dollars? (We aren't just being cheap, we've blown our wad on security that hasn't worked.) Would someone with intimate knowledge of the latest wave of Chinese attacks be required for this job? Besides our first rate security team that's just been beat, I've tried the $200 pen test folks and they have all failed. Microsoft security help has also failed. Advice (Besides porting to Linux)? Help?
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: Looking for help against Chinese Hacking Team, (continued)
- Message not available
- Re: Looking for help against Chinese Hacking Team Mike Hale (Dec 14)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- RE: Looking for help against Chinese Hacking Team Alex Eden (Dec 16)
- Re: Looking for help against Chinese Hacking Team David Glosser (Dec 13)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team Daniel Clemens (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 18)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 15)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 15)
- Message not available
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 16)
- Re: Looking for help against Chinese Hacking Team Adriel T. Desautels (Dec 16)
- Re: Looking for help against Chinese Hacking Team ArcSighter Elite (Dec 16)