How do hackers do it?.

Slides:

Advertisements

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Advertisements

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

A Discussion In Penetration Testing Marcial White.

Computer Security and Penetration Testing

Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

The Business of Penetration Testing

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015.

ANTICLICK: INCREASING DESKTOP SECURITY Jason Petrey Computer Electronic Networking Dept. of Technology Eastern Kentucky University.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Module 8 – What's Next?  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.

© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.

System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.

COEN 250 Security Threats. Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Network Security Lewis R. Folkerth, P. E. Consumers Energy Energy Management Systems

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Footprinting and Scanning

James S. Rothfuss, Computer Protection Program COMPUTING SCIENCES NETS Network Equipment Tracking System.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Step 1of 11 Admin Demonstrations Click Here to Start.

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Modern information gathering Dave van Stein 9 april 2009.

Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Cosc 4765 Risk Assessment And Security Auditing. First a Security Plan Policies –A plan must take into account the policy Which almost always leads to.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking.

ETHICAL HACKING

Hacking Windows.

Topic 5 Penetration Testing 滲透測試

Project CTF Yeganeh Safaei Arizona State University

Nessus Vulnerability Scan

Hacking Demo Part 2 Attack Phases

Seminar On Ethical Hacking Submitted To: Submitted By:

Malware and Computer Maintenance

MySQL Exploit with Metasploit

Footprinting and Scanning

Penetration Test Debrief

Wireless Network Security

Hacking Unix/Linux.

WHOIS ANALYSIS Reveals Domain ID information Headquarters location

Footprinting and Scanning

Metasploit assignment

Security Boot Camp Intro

Review Slides, Security +

Preparing for The Present & The Future

Security Essentials for Small Businesses

Metasploit Assignment

Web Application Penetration Testing ‘17

Metasploit Analysis Report Overview

After you log in the webmail system

Using Splunk – A Case Study

Create New User in Database. First Connect the System.

UCAS Reports 2007 From school and home.

Sekolah rendah 1 September – 31 Oktober 2018

Metasploit assignment – Arkadiy Kantor – Mis-5212

Quickbooks Error 108 Call Now Causes of QuickBooks Error 108 Error 108 can occur due to different reasons such as – Bank has generated.

Presentation transcript:

how do hackers do it?

1. gather info on the target host

whois Organization: Fiji ABCDEFG Inc. Admin-Name: Josese Bula Admin-Mailbox: jbula@abcdef.com.fj Tech-Name: Maciu Vinaka Tech-Mailbox: mvinaka@abcdef.com.fj NS1-Hostname: dns1.somenetwork.com.fj NS1-Netaddress: 202.151.23.2

Google Find vulnerabilities, revealing error messages, usernames and sometimes even passwords on your target host, all without ever connecting to it see http://johnny.ihackstuff.com/

2. scan/sniff to find a way in

nmap superscan

tcpdump wireshark (formerly ethereal) dsniff

nessus

3. exploit vulnerabilities

metasploit framework

john the ripper cain and abel thc-hydra

4. cover your tracks

nc -L -d -t -p 23 -e cmd.exe rootkits

edit logs

help! what can i do?

. remove all unnecessary services . firewall services that do not need remote access . actively patch vulnerabilities . use strong passwords most importantly: . educate your users again and again and again

chris hammond-thrasher, cissp hammondthrasher_c@usp.ac.fj