Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Published byChristina Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration."— Presentation transcript:

1 Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration / priv. escalation –Stage 3: Establish foothold –Stage 4: Operations and maintenance –Stage 5: Cleanup Dr. Rob Cole, IST 815 Spring 2014

2 DNS Recon DNS is the Internet’s phone book: DNS provides valuable information with little risk to an attacker. Types of DNS recon: –Zone Transfer: copies of full DNS information for an organization available to an attacker if DNS is not properly configured –Forward/reverse brute force lookup: name or IP address guess and lookup DNS recon is facilitated by a wide variety of software tools, e.g. nslookup, host, dig, fierce, dnsenum, dnsmap, etc. Dr. Rob Cole, IST 815 Spring 2014

3 DNS Recon, cont. Dr. Rob Cole, IST 815 Spring 2014 Reverse brute force lookup example

4 Whois Recon Dr. Rob Cole, IST 815 Spring 2014 Domain Name: PSU.EDU Registrant: Pennsylvania State University 114 USB2 University Park, PA 16802-1013 UNITED STATES Administrative Contact: Educause Administrative POC The Pennsylvania State University USB2 University Park, PA 16802 UNITED STATES +1-814-865-4700 dns-admin@psu.edu Technical Contact: Educause Technical POC The Pennsylvania State University USB 2 University Park, PA 16802-1013 UNITED STATES +1-814-865-4700 dns-tech@psu.edu Name Servers: NS1.PSU.EDU 128.118.25.6 NS2.PSU.EDU 128.118.70.6 The whois service provides information about a registered domain including administrative and technical POC details and DNS information. Addresses and phone numbers provide a basis for social engineering and dumpster diving attacks. Output of whois psu.edu command

5 Whois Recon, cont. Dr. Rob Cole, IST 815 Spring 2014 Network associated with 130.203.135.84

6 Fingerprinting Dr. Rob Cole, IST 815 Spring 2014 Fingerprinting: the process of making a determination regarding the characteristics of a remote service or machine by observing traffic originating from that machine. Active: fingerprint based on responses to probe traffic Passive: fingerprint by opportunistically observing traffic “on the wire” (covert) Typically based on target’s implementation of the relevant protocol TCP protocol: operating systems differ in implementation – can be actively or passively fingerprinted (e.g. p0f, nmap tools) HTTP protocol: web servers differ in response to malformed requests – active fingerprinting can ID these (e.g. httprint tool) Requires database of known signatures

7 OS Fingerprinting: p0f Dr. Rob Cole, IST 815 Spring 2014 label = s:unix:Linux:2.6.x sig = *:64:0:*:mss*4,*:mss,nop,ws:df:0 sig = *:64:0:*:mss*4,*:mss,sok,ts,nop,ws:df:0 sig = *:64:0:*:mss*4,*:mss,nop,nop,ts,nop,ws:df:0 sig = *:64:0:*:mss*4,*:mss,nop,nop,sok,nop,ws:df:0 label = s:win:Windows:XP sig = *:128:0:*:65535,0:mss:df,id+:0 sig = *:128:0:*:65535,0:mss,nop,ws:df,id+:0 sig = *:128:0:*:65535,0:mss,nop,nop,sok:df,id+:0 Example TCP Fingerprint (p0f) TTLWindow Size

8 Port Scanning Dr. Rob Cole, IST 815 Spring 2014 Port Scanning: the process of sending probe packets to specific TCP or UDP ports in order to infer what applications are running on a target machine. Various situations can be inferred, depending on the response. Conducted with automated scanners, such as nmap ConditionTCP ResponseUDP Response Host up, port openSYN-ACKDepends on application Host up, port closedRST-ACKICMP port unreachable Host downICMP host unreachable Firewall reject ruleICMP admin prohibited Firewall drop ruleNONE

9 Other Reconnaissance Dr. Rob Cole, IST 815 Spring 2014 We’ve touched on just a few types of reconnaissance. Other forms include: Vulnerability scanning: Attempt to identify security flaws in running systems actively through port scanning and application-specific exploit attempts, e.g. Nessus Dumpster diving: discarded internal phone lists, printer cover sheets with usernames, etc. Open source recon: information publically disclosed on social media, tech support websites, etc. (e.g. code fragments)

Download ppt "Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration."

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
ISA 3200 SUMMER 2010 Chapter 4: Finding Network Vulnerabilities.

ISA 3200 SUMMER 2010 Chapter 4: Finding Network Vulnerabilities.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Port Scanning.

Port Scanning.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.

Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Similar presentations

Ads by Google