Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Slides:



Advertisements
Similar presentations
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Advertisements

Malware Identification and Classification
By Hiranmayi Pai Neeraj Jain
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Introduction to InfoSec – Recitation 6 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Browser Exploitation Framework (BeEF) Lab
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Cyber Crime Tanmay S Dikshit.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Speaker : Hong-Ren Jiang A Novel Testbed for Detection of Malicious Software Functionality 1.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
MIS Week 2 Site:
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Honeypot and Intrusion Detection System
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Introduction to InfoSec – Recitation 07 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net)
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
Defending Browsers against Drive-by Downloads:Mitigating Heap-Spraying Code Injection Attacks Authors:Manuel Egele, Peter Wurzinger, Christopher Kruegel,
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Introduction to InfoSec – SQLI and jQuery (R9)
Attack signatures derived from Metasploit Final Presentation E. Ramirez A. Zoghbi
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
Internet FTP to network. Preliminary Steps a FTP program is used and executed such as WS_FTP LE Information needed –host name –user id –password.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Introduction to InfoSec – Recitation 3 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net)
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.
By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Final Project: Advanced Security Blade IPS and DLP blades.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Huntsville City School Board
Penetration Testing: Concepts,Attacks and Defence Stratagies
Ilija Jovičić Sophos Consultant.
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
Employee clicks on fake
Secure Software Confidentiality Integrity Data Security Authentication
Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Incident Detection and Response
Stealing Credentials.
Home Internet Vulnerabilities
A Distributed DoS in Action
Metasploit Assignment
Motivation and Problem Statement
WJEC GCSE Computer Science
Introduction to Internet Worm
Presentation transcript:

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Today Metasploit Class pick of one or more advanced topics Other questions on any course topic

Metasploit ””” The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research. ””” -- wikipedia.org page about MetaSploit

Metasploit A community, a body of knowledge A framework you can use to develop your own exploit / shellcode / complex attack scenario A fairly complete penetration testing environment... DEMO Bonanza

Metasploit - recap A community, a body of knowledge A framework you can use to develop your own exploit / shellcode / complex attack scenario A fairly complete penetration testing environment o Network scanning o Network attack o Setting up Phishing websites and sending Spear-Phishing s o Setting up browser exploitation web sites o Once a machine is compromised – A powerful RAT – access local files, download machine information, control the machine, take screenshots Enables further exploitation – o Pivoting to other network elements o Leaving a persistent backdoor

A show of hands… Malware identification and analysis – o Where (Host based, firewalls, offline analysis) o Classification & Identification methods (signatures, tripwires, syscall analysis, code similarities) HoneyPots – o Motivation o Basic approaches o difficulties (polymorphism, packing, VM/debugger identification, conditional payload execution) Exploitation of race condition bugs Use-after-free vulnerabilities and heap spraying Classic heap overflows

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.