<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>PentestIT &#8211; davidonzo&#039;s blog</title>
	<atom:link href="https://www.davidonzo.com/category/infosec/pentestit/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.davidonzo.com</link>
	<description>devi apparire ridicolo se vuoi essere preso sul serio</description>
	<lastBuildDate>Wed, 31 May 2017 12:02:26 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=5.4.2</generator>
	<item>
		<title>Some news and specification about infosec.cert-pa.it</title>
		<link>https://www.davidonzo.com/2017/05/31/some-news-and-specification-about-infosec-cert-pa-it/</link>
					<comments>https://www.davidonzo.com/2017/05/31/some-news-and-specification-about-infosec-cert-pa-it/#respond</comments>
		
		<dc:creator><![CDATA[davidonzo]]></dc:creator>
		<pubDate>Wed, 31 May 2017 17:16:23 +0000</pubDate>
				<category><![CDATA[infosec]]></category>
		<category><![CDATA[PentestIT]]></category>
		<guid isPermaLink="false">http://www.davidonzo.com/?p=1436</guid>

					<description><![CDATA[Someone noticed the old Pentest.it is now &#8220;infosec.cert-pa.it&#8221;. Since last time I wrote about it, the service has been improved with new features and sections focused on IoC collection and correlation. What&#8217;s new. Two new modules added to the web application: The BlockList module The Analyzer module Blocklist Module The blocklist module collects IoCs from &#8230; <a href="https://www.davidonzo.com/2017/05/31/some-news-and-specification-about-infosec-cert-pa-it/" class="more-link">Continue reading <span class="screen-reader-text">Some news and specification about infosec.cert-pa.it</span></a>]]></description>
										<content:encoded><![CDATA[<p>Someone noticed the old Pentest.it is now &#8220;infosec.cert-pa.it&#8221;. Since last time I wrote about it, the service has been improved with new features and sections focused on IoC collection and correlation.</p>
<p>What&#8217;s new.<br />
Two new modules added to the web application:</p>
<ul>
<li><a href="https://infosec.cert-pa.it/blocklistcheck.html">The BlockList module</a></li>
<li><a href="https://infosec.cert-pa.it/analyze/submission.html">The Analyzer module</a></li>
</ul>
<h3>Blocklist Module</h3>
<p>The blocklist module collects IoCs from a large number of public lists. The web application allow you to search for URLs, IPs and FQDNs. You can search a single item using the &#8220;Search&#8221; tab. The query result display you if an exact match will be found and also the similar results.</p>
<p><a href="http://www.davidonzo.com/wp-content/uploads/2017/05/block_simple.png"><img class="imgborder aligncenter wp-image-1444 size-medium" src="http://www.davidonzo.com/wp-content/uploads/2017/05/block_simple-300x122.png" alt="text" width="300" height="122" srcset="https://www.davidonzo.com/wp-content/uploads/2017/05/block_simple-300x122.png 300w, https://www.davidonzo.com/wp-content/uploads/2017/05/block_simple-668x271.png 668w, https://www.davidonzo.com/wp-content/uploads/2017/05/block_simple.png 732w" sizes="(max-width: 300px) 100vw, 300px" /></a><br />
Using the &#8220;Bulk Search&#8221; tab you can submit 100 items per query, but in this case only the exact match will be displayed. In any case you can export the results in CSV format.</p>
<p><a href="http://www.davidonzo.com/wp-content/uploads/2017/05/block_bulk.png"><img class="imgborder aligncenter wp-image-1442 size-medium" src="http://www.davidonzo.com/wp-content/uploads/2017/05/block_bulk-300x150.png" alt="" width="300" height="150" srcset="https://www.davidonzo.com/wp-content/uploads/2017/05/block_bulk-300x150.png 300w, https://www.davidonzo.com/wp-content/uploads/2017/05/block_bulk-668x334.png 668w, https://www.davidonzo.com/wp-content/uploads/2017/05/block_bulk.png 707w" sizes="(max-width: 300px) 100vw, 300px" /></a></p>
<h3>Analyzer Module</h3>
<p>The analyzer module consists in a automatic souspicious file analyzer. Any page contains the static analysis of the file and a basic bahavior analysis. The submitted files are taken by OSINT sources (and not only). You can subscribe the RSS feed, if you want to be notified for every submitted file.</p>
<p><a href="http://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze.png"><img class="imgborder aligncenter wp-image-1445 size-medium" src="http://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze-300x137.png" alt="" width="300" height="137" srcset="https://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze-300x137.png 300w, https://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze-768x350.png 768w, https://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze-1024x467.png 1024w, https://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze-668x305.png 668w, https://www.davidonzo.com/wp-content/uploads/2017/05/lates_analyze.png 1186w" sizes="(max-width: 300px) 100vw, 300px" /></a></p>
<p>The easiest way to find information is the use of the dedicated search engine. You can search by MD5, SHA1 and SHA256 just submitting the correspondent hash.</p>
<p><a href="http://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_search.png"><img class="imgborder aligncenter wp-image-1441 size-medium" src="http://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_search-300x261.png" alt="" width="300" height="261" srcset="https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_search-300x261.png 300w, https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_search.png 584w" sizes="(max-width: 300px) 100vw, 300px" /></a></p>
<p>Special searches are available with the use of the following keywords:</p>
<ul>
<li>imphash:$IMPORT_TABLE_HASH</li>
<li>domain:$FQDN</li>
<li>url:$URL_HOSTING_MALWARE</li>
</ul>
<p>The search results page use a permalink structure you can use for further searches. The search results are exportable in CSV format. The CSV link is availables on the same page and reflects the permalink structure of the web search.</p>
<p><a href="http://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results.png"><img class="imgborder aligncenter wp-image-1440 size-medium" src="http://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results-300x114.png" alt="" width="300" height="114" srcset="https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results-300x114.png 300w, https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results-768x293.png 768w, https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results-1024x390.png 1024w, https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results-668x255.png 668w, https://www.davidonzo.com/wp-content/uploads/2017/05/analyzed_results.png 1194w" sizes="(max-width: 300px) 100vw, 300px" /></a></p>
<p>A new way to aggregate data is the use of the tagging system. Occasionally a report includes comments. Often comments are used to add a keywords, making the report aggregable via tag search. Just an example using one of the latest detected threat: <strong><a href="https://infosec.cert-pa.it/analyze/search/0/0/0/0/0/0/tag:EternalRocks.html">#EternalRocks</a></strong>.</p>
<p>Any report can be exported in PDF format, at this time with limited information.</p>
<p>Hope this help.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.davidonzo.com/2017/05/31/some-news-and-specification-about-infosec-cert-pa-it/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Pentest.IT Statistics now provides product family stats</title>
		<link>https://www.davidonzo.com/2015/05/03/pentest-it-statistics-now-provides-product-family-stats/</link>
					<comments>https://www.davidonzo.com/2015/05/03/pentest-it-statistics-now-provides-product-family-stats/#respond</comments>
		
		<dc:creator><![CDATA[davidonzo]]></dc:creator>
		<pubDate>Sun, 03 May 2015 17:10:41 +0000</pubDate>
				<category><![CDATA[infosec]]></category>
		<category><![CDATA[PentestIT]]></category>
		<guid isPermaLink="false">http://www.davidonzo.com/?p=1403</guid>

					<description><![CDATA[Finally I decide to release some new feature for Pentest.IT Statistics. Dozens of minor bugs have been fixed. Some minor changes as the use of the modern &#60;datalist&#62; instead of &#60;select&#62; to avoid too long select lists. But just one real news: you can now get statistics for a specific product family. &#160; Some example: &#8230; <a href="https://www.davidonzo.com/2015/05/03/pentest-it-statistics-now-provides-product-family-stats/" class="more-link">Continue reading <span class="screen-reader-text">Pentest.IT Statistics now provides product family stats</span></a>]]></description>
										<content:encoded><![CDATA[<p>Finally I decide to release some new feature for <a href="http://stats.pentest.it/">Pentest.IT Statistics</a>. Dozens of minor bugs have been fixed. Some minor changes as the use of the modern &lt;datalist&gt; instead of &lt;select&gt; to avoid too long select lists. But just one real news: <strong>you can now get statistics for a specific product family</strong>.</p>
<p><a href="http://stats.pentest.it/"><img class=" size-full wp-image-1404 aligncenter" src="http://www.davidonzo.com/wp-content/uploads/2015/05/stats.pentest.png" alt="stats.pentest" width="646" height="472" srcset="https://www.davidonzo.com/wp-content/uploads/2015/05/stats.pentest.png 646w, https://www.davidonzo.com/wp-content/uploads/2015/05/stats.pentest-300x219.png 300w" sizes="(max-width: 646px) 100vw, 646px" /></a></p>
<p>&nbsp;</p>
<p>Some example:</p>
<ul>
<li><a href="http://stats.pentest.it/graphsp/microsoft-internet_explorer-2015.html">Internet Explorer &#8211; 2015</a></li>
<li><a href="http://stats.pentest.it/graphsp/adobe-flash_player-2015.html">Adobe Flash Player &#8211; 2015</a></li>
<li><a href="http://stats.pentest.it/graphsp/oracle-jdk-2015.html">Oracle JDK &#8211; 2015</a></li>
</ul>
<p>Remember: all URLs are <a href="http://nvd.nist.gov/cpe.cfm">CPE compliance</a>!</p>
<p>&nbsp;</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.davidonzo.com/2015/05/03/pentest-it-statistics-now-provides-product-family-stats/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Pentest.IT new version and FAQ(s)</title>
		<link>https://www.davidonzo.com/2015/04/26/pentest-it-new-version-and-faqs/</link>
					<comments>https://www.davidonzo.com/2015/04/26/pentest-it-new-version-and-faqs/#respond</comments>
		
		<dc:creator><![CDATA[davidonzo]]></dc:creator>
		<pubDate>Sun, 26 Apr 2015 10:26:51 +0000</pubDate>
				<category><![CDATA[infosec]]></category>
		<category><![CDATA[PentestIT]]></category>
		<guid isPermaLink="false">http://www.davidonzo.com/?p=1395</guid>

					<description><![CDATA[As you can see, Pentest.IT has a new look and feel and some new feature available. Dozens of minor bugs have been fixed. To avoid too long select lists in search forms, the &#60;selecte&#62; element has been replaced by the newest &#60;datalist&#62; element. Many thanks to Bootstrap Framework developers, that make web design something possibile &#8230; <a href="https://www.davidonzo.com/2015/04/26/pentest-it-new-version-and-faqs/" class="more-link">Continue reading <span class="screen-reader-text">Pentest.IT new version and FAQ(s)</span></a>]]></description>
										<content:encoded><![CDATA[<p>As you can see, <a href="http://www.pentest.it">Pentest.IT</a> has a new look and feel and some new feature available. Dozens of minor bugs have been fixed. To avoid too long select lists in search forms, the &lt;selecte&gt; element has been replaced by the newest &lt;datalist&gt; element.</p>
<p>Many thanks to <a href="http://getbootstrap.com/">Bootstrap Framework developers</a>, that make web design something possibile also to me!</p>
<p>This is first time I write FAQ for this service. Considering I&#8217;m the main (and only) developer there&#8217;s no question I need to do, but maybe a lots of questions I should reply to. So, feel free to ask for more details in the comments below.</p>
<p><a href="http://www.pentest.it"><img class=" size-large wp-image-1398 aligncenter" src="http://www.davidonzo.com/wp-content/uploads/2015/04/pentestit-1024x502.png" alt="pentestit" width="600" height="294" srcset="https://www.davidonzo.com/wp-content/uploads/2015/04/pentestit-1024x502.png 1024w, https://www.davidonzo.com/wp-content/uploads/2015/04/pentestit-300x147.png 300w, https://www.davidonzo.com/wp-content/uploads/2015/04/pentestit-668x328.png 668w, https://www.davidonzo.com/wp-content/uploads/2015/04/pentestit-900x442.png 900w, https://www.davidonzo.com/wp-content/uploads/2015/04/pentestit.png 1168w" sizes="(max-width: 600px) 100vw, 600px" /></a></p>
<h3><strong>What is the Pentest.IT&#8217;s mission?</strong></h3>
<p>Pentest.IT has not specific mission. You have to consider it just as an aggregation center for public CVEs. The purpose (not the mission) is to help people and organizations in the vulnerability management process.</p>
<h3><strong>What does it mean <a href="https://cve.mitre.org/">CVE</a>?</strong></h3>
<p>CVE is the acronym for &#8220;Common Vulnerabilities and Exposures&#8221;. The <a href="https://cve.mitre.org/">MITRE</a> () defines CVEs has &#8220;<em>&#8230;a dictionary of publicly known information security vulnerabilities and exposures</em>&#8220;.</p>
<h3><strong>What is a <a href="https://cve.mitre.org/about/terminology.html">Vulnerability and an Exposure</a>?</strong></h3>
<p>A &#8220;<strong>vulnerability</strong>&#8221; is a mistake in software that can be directly used by a hacker to gain access to a system or network.<br />
An &#8220;<strong>exposure</strong>&#8221; is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.<br />
The different between vulnerability and explosure is that the first one is usable to compromise a system. An exposure, even if is not usable itself to hack a system, is usually an important component of a successful attack.</p>
<h3><strong>What does it mean <a href="https://cwe.mitre.org/">CWE</a>?</strong></h3>
<p>CWE is the acronym for &#8220;<strong>Common Weakness Enumeration</strong>&#8220;. CWE provides a dictionary of commons software weaknesses. When a CWE is associated to a CVE entry the vulnerability is more detailed in its weak point. By this way it should be easiest apply security solution such as logical or physical security.<br />
Note that a CWE entry describe just a weak point. It doesn&#8217;t specify how an attacker could gain advantage by the vulnerability. The attack methodologies are listed by the CAPEC dictionary.</p>
<h3><strong>What does it mean <a href="https://capec.mitre.org/">CAPEC</a>?</strong></h3>
<p>CAPEC is the acronym for &#8220;<strong>Common Attack Pattern Enumeration and Classification</strong>&#8220;. CAPEC provides a dictionary of commons attack methodologies with the scope of understanding how a real attack can be performed and a better defence strategy could be applied.<br />
CAPEC are usually mapped to one or more CWE entries.</p>
<h3><strong>What does it mean <a href="https://nvd.nist.gov/cpe.cfm">CPE</a>?</strong></h3>
<p>CPE is the acronym for &#8220;<strong>Common Platform Enumeration</strong>&#8220;. As <a href="https://nvd.nist.gov/cpe.cfm">NVD</a> report, it consist on a &#8220;&#8230;structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name&#8221;.<br />
<strong>Understanding CPE syntax is necessary to use Pentest.IT features as well!</strong></p>
<h3><strong>What is <a href="https://www.first.org/cvss">CVSS</a>?</strong></h3>
<p>CVSS is the acronym for &#8220;<strong>Common Vulnerability Scoring System</strong>&#8220;. Its value can be in a range between 0 and 10. Grater value stay for greater risks. Actually CVEs are mapped to CVSSv2 Base Score. More information about CVSS are available in <a href="https://www.first.org/cvss/cvss-guide#i2.1">first.org website</a>.</p>
<h3><strong>What is a patch?</strong></h3>
<p>In this scenario a patch is a piece of software applied to another one, designed to fix a vulnerability or a generic software flaw.</p>
<h3><strong>What are the available informations provided by Pentest.IT?</strong></h3>
<p>The service provides the followind items:</p>
<ul>
<li>Full list of published vulnerabilities with an associate RSS feed for the latest 25 items;</li>
<li>Published vulnerabilities for any specific vendor with an associate RSS feed for the latest 25 items;</li>
<li>Published vulnerabilities for a specific software with full CPE notation and an associate RSS feed for the latest 25 items;</li>
<li>Published vulnerabilities for specifics product family (go to &#8220;<a href="#productfamily">The concept of Product Family</a>&#8220;) with an associate RSS feed for the latest 25 items;</li>
<li>Full list of &#8220;Common Weakness Enumeration&#8221;;</li>
<li>Full list of &#8220;Common Attack Pattern Enumeraion and Classification&#8221;.</li>
</ul>
<p><a name="productfamily"></a></p>
<h3><strong>The concept of &#8220;Product Family&#8221;</strong></h3>
<p>Pentest.IT consider a &#8220;product family&#8221; as the aggregation of all vulnerabilities regarding a specific vendor and a specific product. In the CPE notation, two version of the same product have differents CPE entries (of course). But consider the case on you manage a set of machines where various version of the same software (aka CPE product) are installed (this happens often in the real world).<br />
To aggregate these informations in a single view use this feature.</p>
<h3><strong>Permalinks structure for HTML resources</strong></h3>
<p>Pentest.IT has a basic set of API based on the permalinks structures.</p>
<ul>
<li>Single CVE entry: /cve-YYYY-CODE.html (<a href="http://www.pentest.it/cve-2015-0876.html">example</a>);</li>
<li>Focus on specific vendor: /vendor-CPE_VENDOR.html (<a href="http://www.pentest.it/vendor-wordpress.html">example</a>);</li>
<li>All CVE for a specific vendor: /vendorcve-CPE_VENDOR.html (<a href="http://www.pentest.it/vendorcve-wordpress.html">example</a>);</li>
<li>Focus on a specific product family: /product/family/CPE_VENDOR:CPE_PRODUCT.html (<a href="http://www.pentest.it/product/family/wordpress:wordpress.html">example</a>);</li>
<li>All CVE for a specific product family: /product/family/all/CPE_VENDOR:CPE_PRODUCT.html (<a href="http://www.pentest.it/product/family/all/wordpress:wordpress.html">example</a>);</li>
<li>Focus on a specific CPE dictionary entry: /cvesoftware/CPE_PART:CPE_VENDOR:CPE_PRODUCT:CPE_VERSION:CPE_UPDATE:CPE_EDITION:CE_LANGUAGE.html (<a href="http://www.pentest.it/cvesoftware/a:microsoft:.net_framework:4.5:::.html">example</a>).</li>
</ul>
<h3><strong>Permalinks structure for RSS feed resources</strong></h3>
<p>Pentest.IT provides the following RSS feed:</p>
<ul>
<li>Latest 25 vulnerabilities: <a href="http://www.pentest.it/cve.rss">http://www.pentest.it/cve.rss</a>;</li>
<li>Specific vendor vulnerabilities: /vendor-CPE_VENDOR.rss (<a href="http://www.pentest.it/vendor-wordpress.rss">example</a>);</li>
<li>Product family vulnerabilities: /product/family/CPE_VENDOR:CPE_PRODUCT.rss (<a href="http://www.pentest.it/product/family/wordpress:wordpress.rss">example</a>);</li>
<li>Specific CPE entry: /cvesoftware/CPE_PART:CPE_VENDOR:CPE_PRODUCT:CPE_VERSION:CPE_UPDATE:CPE_EDITION:CPE_LANGUAGE.rss (<a href="http://www.pentest.it/cvesoftware/a%3Acisco%3Afiresight_system_software%3A5.3.1.1%3A%3A%3A.html">example</a>).</li>
</ul>
<h3><strong>Pentest.IT has the ability to map in a single view all available attributes:</strong></h3>
<ul>
<li>CVE Code</li>
<li>Published date</li>
<li>Updated date</li>
<li>Description</li>
<li>CVSS score and details</li>
<li>Affected OS(s)/Application(s)/Hardware(s)</li>
<li>Affected product family</li>
<li>References</li>
<li>CWE reference and related CAPEC</li>
<li>MS Patches (only for Microsoft related CVEs)</li>
<li>Related CVEs</li>
<li>JSON data representation</li>
</ul>
<h3><strong>RESTful API for CVE entries</strong></h3>
<p>Pentest.IT has the ability of give you all CVE informations in a single JSON stream. Use the following permalink structure:</p>
<ul>
<li>http://www.pentest.it/cve-AAAA-CODE.json (<a href="http://www.pentest.it/cve-2015-3043.json">example</a>).</li>
</ul>
]]></content:encoded>
					
					<wfw:commentRss>https://www.davidonzo.com/2015/04/26/pentest-it-new-version-and-faqs/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
