Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Boot Camp Intro

Published byMaria de Lourdes Domingos de Sintra Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Boot Camp Intro"— Presentation transcript:

1 Security Boot Camp Intro
9/20/2018

2 Why this course A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter 9/20/2018

3 Who is that Fat Man? What did Mark Do: The most popular 802.11 IDS
Mark holds the following certifications: CISSP and CISM Checkpoint CCSA + CCSE Cisco CCNA + CSSP BA Computing + MBA What did Mark Do: The most popular IDS Invent an IDS collation engine Discover several zero day vulnerabilities Coin the term WAP-GAP The London Hacker survey Contribute to the CEH Cert Expert witness a famous dirty tricks legal action etc etc etc 9/20/2018

4 Outline Overview of the types of hacking tools and platforms used
Sites used by hackers Building your white-hat hacker toolkit 9/20/2018

5 Origination of tools Tools tend to be freely downloadable from the web
Many tools shared via IRC Pirated – commercial tools are also available Many available through peer to peer programs Tools tend to be developed for specific vulnerabilities Provide a link to the ISS hack 9/20/2018

6 Types of tools Network and system scanning/mapping
Vulnerability scanning and testing (Nessus, whisker) Password crackers (Brutus, LC3) Encryption tools Network sniffers War dialling 9/20/2018

7 The Unix hacker toolkit
Nmap – Port Scanner Nessus – Port scanner & Vulnerability assessment Traceroute – with the source route patch or LFT Hping2 – Scanning and tracerouting tool Whisker – Web vulnerability scanner (Nikto is also based on Whisker) Stunnel/SSLPROXY– De-SSL HTTP/s Sniffit – command line sniffer Netcat – raw socket access Tcpdump – command line sniffer Icmptime juggernaut Net::SSLeay – SSL module for PERL (for many tools) John the Ripper – Password cracker Hunt/Sniper – TCP/IP connection hijacking tool nimrod – website enumerator Spike archives Ethereal – sniffer dsniff 9/20/2018

8 The Windows hacker toolkit
Brutus – Brute force utility Mingsweeper – TCP/IP scanning tool Superscan – TCP/IP scanning tool MPTraceroute/LFT SamSpade – Footprinting tool NessusWX – Nessus interface ISS Scanner / Cyber Cop Netstumbler – Wireless LAN Scanner WinDump – tcpdump for Windows Toneloc – War dialling tool Finger – Backdoor tool NetBios Auditing Tool (NAT) Netcat - Enumeration tool Legion – Enumeration tool LC3 (l0phtcrack) 9/20/2018

9 The Windows hacker toolkit cont.
Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler) ToneLoc – Wardialling tool NT resource kit – many tools applicable to NT network enumeration and penetration NMAP (Win32 port) -- available from insecure.org 9/20/2018

10 Denial Of Service tools
From the spike package Land and Latierra Smurf & Fraggle Synk4 Teardrop, newtear, bonk, syndrop Zombies Provide a link to the ISS hack 9/20/2018

11 Network Sniffers tcpdump Sniffit dsniff Observer Sniffer Pro Ethereal
Snoop Provide a link to the ISS hack 9/20/2018

12 Underlying requirements
Certain tools, have pre-requisites before installation Perl SSLeay Open SSL Linux Variations Example: Whisker requires Perl to be installed 9/20/2018

13 Websites Websites where tools can be found : www.securityfocus.com
Provide a link to the ISS hack 9/20/2018

14 Lab Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available Good searches: Denial of service Backdoor / netbus / backoriface vulnerability section Time: 30 minutes 9/20/2018

15 -- Knoppix 3.7 Bootable CD Boots in most Intel/AMD systems
Linux 2.x with basic security tools Also see Trustix, Trinux and Packetmaster on sourceforge 9/20/2018

16 Lab Boot Linux (trinux Knoppix or Packetmasters) and have a play
Time: 35 minutes 9/20/2018

17 A methodology 9/20/2018

18 A network penetration methodology
Test Objective To identify insecure protocols or insecure settings of services related to available protocols or services 9/20/2018

19 Research Phase Objective and Strategy
Objective: Find out technical information about the target site Using external information sources Not touching the target servers Strategy: Review information available from DNS RIPE Netcraft News groups (particularly firewall newsgroups) 9/20/2018

20 Identifying router and firewall
Identify the Web or Mail server Get the Next-Hop before this This will probably be the perimeter router or the firewall PIX does not appear as a hop (Fw1 & NetScreen do) 80% chance it will be NetScreen, PIX or Firewall 1 To figure out which ICMP ( i.e. Address Mask Request) Use TCP Stack finger printing Key ports (258, could be firewall 1) IPSEC Exploit vulnerabilities with pre-written tools 9/20/2018

21 Hacking the servers Scan TCP ports Scan UDP ports
!!! Only HTTP or HTTPS ports should be visible If it is a webserver etc Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits Check Scanner Identify exploits 9/20/2018

22 Security Boot Camp Intro
9/20/2018

Download ppt "Security Boot Camp Intro"

Similar presentations

ETHICAL HACKING.

ETHICAL HACKING.
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
CS682- Network Management and Security Prof. Katz.

CS682- Network Management and Security Prof. Katz.

System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
The Five Most Popular Attacks on the Internet Peter Mell, 1-7-98 National Institute of Standards and Technology Computer Security Division.

The Five Most Popular Attacks on the Internet Peter Mell, National Institute of Standards and Technology Computer Security Division.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
1 COMP 4027 Network Forensics This module draws on Network intrusion management and profiling [electronic resource] / Steven Schlarman. Josh Broadway Hons.

1 COMP 4027 Network Forensics This module draws on Network intrusion management and profiling [electronic resource] / Steven Schlarman. Josh Broadway Hons.
EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Similar presentations

Ads by Google