Information Security & US & Life & Love & Fashion & Hacking & Passion

Submission Summary:

• Submission details:
• Submission received: 22 April 2010, 21:45:06
• Processing time: 7 min 30 sec
• Submitted sample:
• File MD5: 0x504CB0E268EAB6F47BD35780C537BCB1
• File SHA-1: 0x8EA44DC3C9B379A0E580074C5C325797BFEE83B6
• Filesize: 95,819 bytes
• Alias:
• Trojan.Gen [Symantec]
• Trojan-GameThief.Win32.Magania.dbxc [Kaspersky Lab]
• New Malware.bx [McAfee]
• TrojanDropper:Win32/Frethog.K [Microsoft]
• Dropper/Killav.95819 [AhnLab]

• Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

• Attention! Characteristics of the following security risks were identified in the system:

Security Risk	Description
Trojan-PWS.Magania.AHIW	Trojan-PWS.Magania.AHIW is threat that tries to monitors user activities in hopes to obtain valuable information from the affected user, specifically gaming login informations.
Trojan.Generic	Common Components that may be used by Trojans Small, DRSN Search, Binet, Euniverse, Adrotator and Dloader among others.

• Attention! The following threat categories were identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
	A program that downloads files to the local computer that may represent security risk

 

File System Modifications

• The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Windir%\AhnRpta.exe	69,120 bytes	MD5: 0x388B8FBC36A8558587AFC90FB23A3B99 SHA-1: 0xED55AD0A7078651857BD8FC0EEDD8B07F94594CC	(not available)
2	%System%\anhdo.exe	159,024 bytes	MD5: 0xA7A748E6017E471FC36E9332627C147C SHA-1: 0x1FDF53F443BA029941D14BD3DB566FA0F7C069A5	Worm:Win32/Taterf.B [Microsoft] packed with PE_Patch [Kaspersky Lab]
3	%System%\ansb10.dll %System%\ansb11.dll	64,598 bytes	MD5: 0x34503D6515C78FE759986E73F2482B06 SHA-1: 0xB0D9857230D10193DC0BCE290866266248AADFC2	PWS:Win32/Frethog.gen!G [Microsoft] packed with PE_Patch [Kaspersky Lab]
4	%System%\ansb20.dll	78,270 bytes	MD5: 0x58DBD396A3DF3E1FB0B54EA57242555A SHA-1: 0x30597FA342034EB381EE117941F1BA343207BD91	PWS:Win32/OnLineGames.AH [Microsoft] packed with PE_Patch [Kaspersky Lab]
5	[file and pathname of the sample #1]	95,819 bytes	MD5: 0x504CB0E268EAB6F47BD35780C537BCB1 SHA-1: 0x8EA44DC3C9B379A0E580074C5C325797BFEE83B6	Trojan.Gen [Symantec] Trojan-GameThief.Win32.Magania.dbxc [Kaspersky Lab] New Malware.bx [McAfee] TrojanDropper:Win32/Frethog.K [Microsoft] Dropper/Killav.95819 [AhnLab]
6	%System%\softqq0.dll	64,521 bytes	MD5: 0x39D3F8C3E522F07803A629E68D0B2E35 SHA-1: 0x4C5CE618A8DF1C1E70EC579BB58BA12C2842B391	Downloader [Symantec] TrojanDownloader:Win32/Frethog.C [Microsoft] Win-Trojan/Killav.64521 [AhnLab] packed with PE_Patch [Kaspersky Lab]

• Notes:
• %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
• %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

 

Memory Modifications

• There was a new process created in the system:

Process Name	Process Filename	Main Module Size
AhnRpta.exe	%Windir%\ahnrpta.exe	81,920 bytes

• The following modules were loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
softqq0.dll	%System%\softqq0.dll	Process name: explorer.exe Process filename: %Windir%\explorer.exe Address space: 0x1E80000 - 0x1EA8000
ansb10.dll	%System%\ansb10.dll	Process name: explorer.exe Process filename: %Windir%\explorer.exe Address space: 0x22A0000 - 0x22D1000
softqq0.dll	%System%\softqq0.dll	Process name: dllhost.exe Process filename: %System%\dllhost.exe Address space: 0x2530000 - 0x2558000
softqq0.dll	%System%\softqq0.dll	Process name: IEXPLORE.EXE Process filename: %ProgramFiles%\internet explorer\iexplore.exe Address space: 0x1500000 - 0x1528000
softqq0.dll	%System%\softqq0.dll	Process name: AhnRpta.exe Process filename: %Windir%\ahnrpta.exe Address space: 0x10000000 - 0x10028000
softqq0.dll	%System%\softqq0.dll	Process name: VMwareUser.exe Process filename: %ProgramFiles%\vmware\vmware tools\vmwareuser.exe Address space: 0x10000000 - 0x10028000
softqq0.dll	%System%\softqq0.dll	Process name: AhnRpta.exe Process filename: %Windir%\ahnrpta.exe Address space: 0x890000 - 0x8B8000

• Notes:
• %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

 

Registry Modifications

• The following Registry Keys were created:
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\NOD32KVBIT
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\InprocServer32
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\ProgID
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\Programmable
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\VersionIndependentProgID
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}

• The newly created Registry Values are:
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\NOD32KVBIT]
• KVBIT_2 = "xxxkkmm"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32]
• (Default) = "%System%\softqq0.dll"
• ThreadingModel = "Apartment"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}]
• VcbitExeModuleName = "[file and pathname of the sample #1]"
• VcbitDllModuleName = "%System%\softqq0.dll"
• VcbitSobjEventName = "CVBASDDOOPADSAMN_0"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\VersionIndependentProgID]
• (Default) = "IEHlprObj.IEHlprObj"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\ProgID]
• (Default) = "IEHlprObj.IEHlprObj.1"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}\InprocServer32]
• (Default) = "%System%\ansb20.dll"
• ThreadingModel = "Apartment"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}]
• (Default) = "IEHlprObj Class"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer]
• (Default) = "IEHlprObj.IEHlprObj.1"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj]
• (Default) = "IEHlprObj Class"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID]
• (Default) = "{C8414FA0-BA90-4600-B7EA-0CEFAF5A0636}"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1]
• (Default) = "IEHlprObj Class"
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
• {B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} = "hook dll rising"
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
• anhdo = "%System%\anhdo.exe"

so that anhdo.exe runs every time Windows starts

 

Other details

• Analysis of the file resources indicate the following possible country of origin:

	China

• There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host	Port Number
114.31.57.82	80

• The data identified by the following URLs was then requested from the remote web server:
• http://bebehouse.geniemom.com/images_old/board/play.txt
• http://bebehouse.geniemom.com/images_old/board/copy.rar

 

www.richjustin.com

2010.3.3 Wed

Once Snort is installed, It is required to install the Snort signature rules and keep them up-to-date.
By chance, there is a perl script that will give us some precious help: Oinkmaster.

#apt-get install oinkmaster

Install or update the rules.

To downlaod the Snort rules, we need to create a free account on the Snort website.
The Snort rules are made by Sourcefire and you can get them for free a few days after the commercial subscription release.

Once you are logged into your Snort account, you can get a code at the bottom of the page.


We need this code in the /etc/oinkmaster.conf file.

You need first to know which Snort version you have:

# snort -V

which generates the following output on our test machine:

,,_ -*> Snort! <*-
o" )~ Version 2.3.2 (Build 12)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2004 Sourcefire Inc., et al.

Modify the "url" settings in the /etc/oinkmaster.conf file as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/ snortrules-snapshot-2.3.tar.gz

This will download the snortrules-snapshot-2.4.tar.gz file. The version number in the file name changes depending on the Snort version you have. (2.0, 2.1, 2.2, 2.3, 2.4)

If you have a 2.6.x Snort version, you need to configure the "url" setting as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/ snortrules-snapshot-CURRENT.tar.gz

Let's create a backup folder.

#mkdir /etc/snort/backup

Let us now update the rules. We must be careful not to run oinkmaster as root particularly if your are not in a test environment.
So let's add a user called oinkmaster.

#useradd oinkmaster

Change some permissions to let oinkmaster user run the oinkmaster software:

#chown -R oinkmaster /etc/snort/backup #chown -R oinkmaster /etc/snort/rules #chown -R oinkmaster /var/run/oinkmaster #chmod 644 /etc/snort/snort.conf

Now, it's time to test the oinkmaster perl script under the oinkmaster user.

#su oinkmaster oinkmaster#oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1

The last instruction means that we call the oinkmaster perl script, we put the new rules in the /etc/snort/rules folder and if there is a change in the new rules, the current /etc/snort/rules will be backed up in the /etc/snort/backup folder.

Here is a example of our backup folder after running oinkmaster:

#dir /etc/snort/backup

rules-backup-20060205-163627.tar.gz

The crontab

Since we are quite lazy, we don't want to manually run this script every day.
A little cron will help us.

crontab -e -u oinkmaster 30 00 * * * oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 >> /dev/null 2>&1

This will update the rules each day at 00:30
(The crontab command will update the /var/spool/cron/crontabs/oinkmaster file)

crontab -e will open nano by default. If you want to open vi instead just type:
#export EDITOR=vi

BASE is a graphical interface written in PHP used to display the logs generated by the Snort IDS and sent into the database. It stands for Basic Analysis and Security Engine.
You can find the BASE website here: http://base.secureideas.net/

---

1. DOWNLOAD BASE:

Download the latest version.

We now have to uncompress the files and put them in the correct folder:

#tar -xvf base-1.4.4.tar.gz #mv /home/user/Desktop/base-1.4.4 /var/www/base/

---

2. CONFIGURE BASE:

We need ADOdb (Active Data Objects Data Base) for BASE. AdOdb is in fact a database abstraction library for PHP.
Informations about ADOdb can be found here: http://adodb.sourceforge.net/

Download "ADOdb for PHP": http://adodb.sourceforge.net/#download
Again we now have to uncompress the files and put them in the correct folder:

#tar -xvf adodb504.tgz #mv /home/user/Desktop/adodb /var/www/base

There are two ways to configure BASE:
Either you use a wizard or you change the config file by yourself.

A) Using the wizard

#chown -R www-data /var/www/base/

The change above will be needed to let the web server user (www-data) write in the BASE directory. Open a web browser and select the BASE directory:
http://localhost/base

Here you are entering a wizard:

Step 0: Check if everything is okay to begin the wizard.


Step 1: Language and path to ADOdb: /var/www/base/adodb/ .


Step 2: MySQL settings.


Step 3: BASE authentification settings.


Step 4: Create the MySQL database and tables (click on Create BASE AG).


B) Change the config file

It's not mandatory to use the wizard, you can do everything manually.
The first thing to do is to set the file base_conf.php.dist.
Open base_config.php.dist in the BASE directory and change the lines as shown below.

$DBlib_path="./adodb"; $DBtype="mysql"; $alert_dbname = snort; $alert_host = localhost; $alert_port = ""; $alert_user = snortuser; $alert_password = snortpassword; $archive_dbname = snort; $archive_host = localhost; $archive_port = ""; $archive_user = snortuser; $archive_password = snortpassword;

Then you must rename the file from base_conf.php.dist to base_conf.php

#mv /var/www/base/base_conf.php.dist /var/www/base/base_conf.php

Second thing to do is to import the BASE MySQL tables into the snort database:

# mysql -u root -p snort < /var/www/base/sql/create_base_tbls_mysql.sql

---

3. CONNECT TO BASE:

Just access the BASE web link:
http://localhost/base
You will be prompted for a new password for the admin user.

---

4. BASE GRAPHS:

First we have to install the graphics library php5-gd for handling graphics directly from PHP scripts.

# apt-get install php5-gd

Then restart the apache webserver:

# /etc/init.d/apache2 restart

Second thing to do is to download three php PEAR libraries.
PEAR stands for "PHP Extension and Application Repository".

To download and install the librairies easily, the best thing to do is to install the php-pear package:

# apt-get install php-pear

Then we have to install the following packages:
Image_Graph, Image_color and Image_Canvas.

#pear install --force Image_Color #pear install --force Image_Canvas #pear install --force Image_Graph

Since there are some dependencies, you need to install the scripts in the order above.
Now, you have access to the graphs ...

Here are two typical error messages:

1 - Php5-gd is not installed:

PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not build into PHP. Please recompile PHP with the necessary library (--with-gd).

2 - Php-pear and/or its extensions are not installed correctly:

Error loading the Graphing library:
Check your Pear::Image_Graph installation!
Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no graphing operations can be performed.

---

5. BASE OPTIONAL SETTINGS:

To customize the BASE tool, edit /var/www/base/base_config.php

There are two useful settings to activate:

A/Enabling DNS resolution

$resolve_IP= 1;

B/ Enabling colored alerts
Strangely, it seems that when you use the wizard procedure, the lines concerning the colored alerts are lost.
So if you used the manual install procedure, just active the $colored_alerts variable, or (ie: you used the wizard procedure) copy the lines below in your base_config.php file.

/** * This option is used to set if BASE will use colored results * based on the priority of alerts * 0 : no * 1 : yes */ $colored_alerts = 1; // Red, yellow, orange, gray, white, blue $priority_colors = array ('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');

2010.3.3.Wed

Download Snort and uncompress it.

#tar -xvf snort-2.8.3.3.tar.gz

Create two directory, one to store the configuration files, the other one to store the Snort rules.

#mkdir /etc/snort #mkdir /etc/snort/rules

Copy the Snort configuration files inside the /etc/snort/ directory.

#cp snort_inline-2.8.3.3/etc/* /etc/snort/

Copy two files inside our new /etc/snort/rules directory:
- classification.config: defines URLs for the references found in the rules.
- reference.config: includes information for prioritizing rules.

#cp snort-2.8.3.3/etc/classification.config /etc/snort_inline/rules/ #cp snort-2.8.3.3/etc/reference.config /etc/snort_inline/rules/

Create a user called snort to launch Snort:

#useradd snort -d /var/log/snort -s /bin/false -c SNORT_IDS

Create a log directory owned by the snort user:

#mkdir /var/log/snort #chown -R snort /var/log/snort

You need first to use the "configure" command to check the dependancies and prepare Snort to be compiled for MySQL.

#cd snort_inline-2.8.3.3 #./configure --with-mysql

If you installed all the dependencies correcty, the "configure" command must end without any error!
If you have an error message, See below.

Then we compile and install Snort.

#make #checkinstall

See the CheckInstall page for more details about this command.
Below the output on our test system:

checkinstall 1.6.0, Copyright 2002 Felipe Eduardo Sanchez Diaz Duran
This software is released under the GNU GPL.

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values:

0 - Maintainer: [ root@ubuntu ]
1 - Summary: [ Package created with checkinstall 1.6.0 ]
2 - Name: [ snort ]
3 - Version: [ 2.6.1.3 ]
4 - Release: [ 1 ]
5 - License: [ GPL ]
6 - Group: [ checkinstall ]
7 - Architecture: [ i386 ]
8 - Source location: [ snort-2.6.1.3 ]
9 - Alternate source location: [ ]
10 - Requires: [ ]

---

Error messages you can get after the "./configure --with-mysql" command:

Build-essential is not installed

root@ubuntu:/home/po/Desktop/snort-2.6.1.3# ./configure --with-mysql
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... no
checking whether to enable maintainer-specific portions of Makefiles... no
checking for style of include used by make... none
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.

Libnet1-dev is not installed

ERROR! Libpcap library/headers not found, go get it from
http://www.tcpdump.org
or use the --with-libpcap-* options, if you have it installed
in unusual place

Libpcap0.8-dev is not installed

ERROR! Libpcap library/headers not found, go get it from
http://www.tcpdump.org
or use the --with-libpcap-* options, if you have it installed
in unusual place

Libpcre3-dev is not installed

ERROR! Libpcre header not found, go get it from
http://www.pcre.org

Libmysqlclient12-dev is not installed

**********************************************
ERROR: unable to find mysql headers (mysql.h)
checked in the following places
/usr/include
/usr/include/mysql
/usr/local/include
/usr/local/include/mysql
**********************************************

---

2 - CONFIGURE THE SQL DATABASE

Add a password for the MySQL root user:

#mysqladmin -u root password new_root_password

Create the MySQL database and tables in order to receive the Snort logs:

#mysql -u root -p >create database snort;

Since it is dangerous to access the database with the root user, we need to create a user who has only permissions on the snort database:

>grant all on snort.* to snortuser@localhost identified by 'snortpassword';

reload mysql privileges:

>flush privileges; >exit;

Now we have to create the tables inside the snort database:
By chance the tables are already created and we just have to find and import them into the Sql server:

Packaged installation

Find the tables: dpkg -L snort-mysql
We are looking for the create_mysql.gz file, it is normally located in the /usr/share/doc/snort-mysql folder.
Then we have to unzip the file:

#gzip –d /usr/share/doc/snort-mysql/create_mysql.gz

Import the MySql tables:

#mysql -u root -p snort < /usr/share/doc/snort-mysql/create_mysql

Manual installation

#mysql -u root -p snort < schemas/create_mysql

---

3 - CONFIGURE SNORT FOR SQL

We now have to forward the logs into the MySql database:
This is already done by installing the snort-mysql package, we just need only to configure the username and password to access the snort database.
In the /etc/snort/snort.conf file, we have to change the line between (#DBSTART#) and (#DBEND#):

output database: log, mysql, user=snortuser password=snortpassword dbname=snort host=localhost

Always in the same file, uncomment the following lines:

ruletype redalert { type alert output alert_syslog: LOG_AUTH LOG ALERT output database: log, mysql, user=snortuser password=snortpassword dbname=snort host=localhost }

Let's start Snort !!

snort –u snort –c /etc/snort/snort.conf

It means that Snort is started under the snort user and will load the config stored in the /etc/snort/snort.conf file. For security reasons it's always better to run programs without the root user.

If you see the Snort banner, it means that Snort is correctly loaded, if not, carefully read the error message.

We have to add a line inside the /etc/crontab file to start Snort automatically after a reboot:

@reboot root snort -u snort -c /etc/snort/snort.conf >> /dev/null

The first part of the tutorial is over!
This means Snort should be installed along with the programs needed to support it. Now we will need to read the logs generated by Snort and forwarded into the Mysql database. For this we will use the BASE php script and follow its tutorial.

http://www.gamerzplanet.net/forums/soldier-front-hack-downloads/337656-d3d-coding-s-43.html

Ethereal : Capturing the traffic http://www.ethereal.com/distribution/win32/
Nikto : Comprehensive tests against web servers for multiple vulnerabilities http://www.cirt.net/nikto2
Nessus : Remote vulnerability scanner/fingerprinting the OS http://www.nessus.org/nessus/
Winhex : Check Memory Contents http://www.winhex.com/winhex/index-m.html
WebScarab : Web PRoxy: http://www.owasp.org/index.php/Category:OWASP_Project

How much does a penetration test cost?

The cost of a pen test depends on the skill of the testers you engage and the size of the application.

Having said that, we have seen wide variation in pricing – from $5,000 to $50,000. And the higher prices don’t always mean higher quality.

At Plynt, we constantly strive to reduce our costs and pass on part of those benefits to you. Drop us a mail or contact me to get a quote for a security test.