Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Slides:



Advertisements
Similar presentations
IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Advertisements

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
Chapter 11 Phase 5: Covering Tracks and Hiding. Attrition Web Site  Contains an archive of Web vandalism attacks
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Introduction to Honeypot, Botnet, and Security Measurement
Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.
HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Honeypot and Intrusion Detection System
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Windows Vista Security David Kenney Christopher Lange.
Deploying Honeynets Dodge, Jr., & Ragsdale - Presentation by Janakiram Dandibhotla.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
Cryptography and Network Security (CS435) Part One (Introduction)
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Cracking Techniques Onno W. Purbo
Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
CACI Proprietary Information | Date 1 PD² SR13 Client Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
PRESENTED BY : Bhupendra Singh
Setting up a Printer. ♦ Overview Linux servers can be used in many different roles on a LAN. File and print servers are the most common roles played by.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Seminar On Ethical Hacking Submitted To: Submitted By:
Backdoor Attacks.
Secure Software Confidentiality Integrity Data Security Authentication
Remote Control and Advanced Techniques
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Backtracking Intrusions
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
Lesson 16-Windows NT Security Issues
12/6/2018 Honeypot ICT Infrastructure Sashan
Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.
Bethesda Cybersecurity Club
Honeypots Visit for more Learning Resources 1.
Test 3 review FTP & Cybersecurity
Presentation transcript:

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions

Aktueller Status This lab presents techniques for hackers to cover their tracks Most experienced blackhats follow a series of steps to compromise a system Probe network for weak links through proxy server Use direct or indirect methods Ensure system is not a honeypot Disguise and hide mischievous software Cover tracks by editing log files With this knowledge a system administrator can easily discover the intrusion and attempt to trace the hacker Introduction Lab Content Conclusions Questions

Aktueller Status Background Hackers want to attack anonymously Utilize SOCKS 4 or 5 Proxy Servers Generally chained together and encrypted Tor: Proxychains: Lab layout RedHat 7.2 communicating through RedHat WS 4 Connect to Apache Webserver Section 1: Proxies Introduction Lab Content Conclusions Questions

Aktueller Status Exercise 1.1 (Simulates SOCKS proxy using SSH) Create SSH tunnel: ssh –N –D x Setup Netscape Connect to Apache Webserver: NMAP thru proxy Section 1: Proxies Introduction Lab Content Conclusions Questions

Aktueller Status Background Honeypot system is a trap for malicious hackers Two important types Low-Interaction Honeyd High-Interaction Honeynet Most honeypots use VMware emulate multiple systems on one computer Examine how to detect VMware is running on compromised machine Section 2: HoneyPot Detection Introduction Lab Content Conclusions Questions

Aktueller Status Website devoted to honeypot detection Scoopy_doo Checks target machine register values against known VMware values Runs in Linux and Windows Jerry Uses I/O backdoor in VMware binary Examines value of register EAX Section 2: HoneyPot Detection Introduction Lab Content Conclusions Questions

Aktueller Status Background Once a system has been compromised the hacker must hide his presence One way to do this is by hiding the files the hacker uses to exploit the target machine Linux and Windows machines have different file systems and thus require different hiding mechanisms Undeletable folders are another nuisance administrators face /2001-q2/att-1116/01-THE-END-OF- DELETERS-v2.1.txthttp://archives.neohapsis.com/archives/sf/ms /2001-q2/att-1116/01-THE-END-OF- DELETERS-v2.1.txt Section 3: Hiding Files Introduction Lab Content Conclusions Questions

Aktueller Status Exercise 3.1 (Hiding Files in Linux) Hide files with the “.” method Hide files with ext2hide Section 3: Hiding Files Introduction Lab Content Conclusions Questions

Aktueller Status Exercise 3.2 (Hiding Files in Windows) Hide files with chmod properties Hide files in the Alternate Data Stream in NTFS Section 3: Hiding Files Introduction Lab Content Conclusions Questions

Aktueller Status Background Log files can indicate a machine has been compromised Can also give away “trade secrets” and lead to exploit patches Section 4: Editing & Removing Log Files Introduction Lab Content Conclusions Questions

Aktueller Status Editing logs in Linux Linux logs can be modified with the proper tools Syslogd is ASCII encoded and can be edited with any text editor UTMP, WTMP, and LASTLOG need rootkit tool Section 4: Editing & Removing Log Files Introduction Lab Content Conclusions Questions

Aktueller Status Editing logs in Windows Windows logs modified and cleared with the Event Viewer Logs for application failures and security warnings including failed login attempts Section 4: Editing & Removing Log Files Introduction Lab Content Conclusions Questions

Aktueller Status Background An attacker always wants to attack through indirect machines Hides the compromised machine and therefore the hacker’s whereabouts HP JetDirect allows indirect launching of attacks Section 5: Indirect and Passive Attacks Introduction Lab Content Conclusions Questions

Aktueller Status Exercise 5.1 (HP JetDirect Exploitation) HiJetter: Store files and scripts Create websites: *Printer IP*/hp/device/ Run NMAP attacks through it Section 5: Indirect and Passive Attacks Introduction Lab Content Conclusions Questions

Aktueller Status Conclusion Introduction Lab Content Conclusions Questions Covering your tracks is key for effective hacking Avoid Honeypots to reuse exploits and methods Hiding files and changing log files effectively covers tracks Running scans and attacks behind cover machines helps protect identity

Aktueller Status Questions Introduction Lab Content Conclusions Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.