Presentation is loading. Please wait.

Presentation is loading. Please wait.

EVAPI - Enumeration Auburn Hacking club https://goo.gl/aXX18b.

Published byHerta Walter Modified over 5 years ago

Similar presentations

Presentation on theme: "EVAPI - Enumeration Auburn Hacking club https://goo.gl/aXX18b."— Presentation transcript:

1 EVAPI - Enumeration Auburn Hacking club

2 https://goo.gl/aXX18b This Week
CCleaner started serving malware when you downloaded updates in August – recently acquired by Avast in July

3 EVAPI Enumeration Vulnerability Scanning Access Privilege Escalation
Implant Recap what EVAPI is and means – compare it to software process (not a waterfall) Talk about what Enumeration is

4 Enumeration Environment
Internal Networking Outside a Network ~ Wireless Outside a Network ~ Other Internal network = finding networking devices (other boxes, servers, etc) Outside network: Finding wireless, or finding other things (SDR, Bluetooth, etc)

5 Networking World Subnet Packets IP Address Port Routing
Quickest Introduction to Networks anyone has ever seen Port Routing

6 Basic Bitch Networking Tools
Ipconfig / Ifconfig Ping Tracert / Tracepath / Traceroute Nslookup Netstat Ssh / telnet / puTTy

7 Port Scanning Probing Ports -> Analyzing Results
Open vs Filtered vs Closed Secure on Wire vs Insecure      SSH vs Telnet / SFTP vs FTP

8 Popular Types of Port Scans
ARP Scan TCP Scans Vanilla, SYN, FIN, IDENT, XMAS, ACK UDP ICMP Scans Address Resolution Protocol (ARP) scan: In this technique, a series of ARP broadcast is sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment. This scan helps us to map out the entire network. Vanilla TCP connect scan: It is the basic scanning technique that uses connect system call of an operating system to open a connection to every port that is available. TCP SYN (Half Open) scan: SYN scanning is a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection. These scans are called half open because the attacking system doesn’t close the open connections. TCP FIN Scan: This scan can remain undetected through most firewalls, packet filters, and other scan detection programs. It sends FIN packets to the targeted system and prepares a report for the response it received. TCP Reverse Ident Scan: This scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports. TCP XMAS Scan: It is used to identify listening ports on the targeted system. The scan manipulates the URG, PSH and FIN flags of the TCP header. TCP ACK Scan: It is used to identify active websites that may not respond to standard ICMP pings. The attacker uses this method to determine the port status by acknowledgment received. UDP ICMP Port Scan: This scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable.

9 Fingerprinting Active vs Passive Detection of modification of packets
Service Information  Banner grabbing Active (most common): sending data to a system to see how the system responds.  Passive: examining traffic on the network to determine the operating system rather than generating network traffic by sending packets to them Common techniques are based on analyzing: IP TTL values. IP ID values. TCP Window size. TCP Options (generally, in TCP SYN and SYN+ACK packets). DHCP requests. ICMP requests. HTTP packets (generally, User-Agent field).

10 Tools nmap Mass-scan Nessus / Vuln Scanners Specific Tools
Zenmap, sparta Mass-scan Nessus / Vuln Scanners Specific Tools Snmpwalk, arp-scan, etc

11 On-The-Line Information Gathering
Man in the Middle Wireshark Packet Inspection / Analysis aka Sniffing Wtf is a packet

12 WiFi World Basically the last world with less wires SSIDS, Channels,
Increases attack surface SSIDS, Channels,  WEP vs WPA2 Second Tier Auth Protocols

13 Everything else Radio Frequencies SDR Over the air protocols Zigbee
Bluetooth NFC

14 Contact Info, Website, etc, etc, etc auctf.github.io

Download ppt "EVAPI - Enumeration Auburn Hacking club https://goo.gl/aXX18b."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Deff Arnaldy 0818 0296 4763 1.

Deff Arnaldy
Port Scanning.

Port Scanning.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

Similar presentations

Ads by Google