Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5211.001 Week 13 Site:

Published byLisa Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS 5211.001 Week 13 Site:"— Presentation transcript:

1 MIS 5211.001 Week 13 Site: http://community.mis.temple.edu/mis5211sec001f15/ http://community.mis.temple.edu/mis5211sec001f15/

2  In the news  Evasion  Odds and Ends  Next Week 2MIS 5211.001

3  Submitted  http://fortune.com/2015/11/16/anonymous-cyber-war- isis/?xid=soc_socialflow_twitter_FORTUNE http://fortune.com/2015/11/16/anonymous-cyber-war- isis/?xid=soc_socialflow_twitter_FORTUNE  http://thehackernews.com/2015/11/parisattacks-anonymous-isis.html http://thehackernews.com/2015/11/parisattacks-anonymous-isis.html  http://www.ehackingnews.com/2015/06/ddos-apt-attacks-on-corporate- and-banks.html http://www.ehackingnews.com/2015/06/ddos-apt-attacks-on-corporate- and-banks.html  http://www.huffingtonpost.com/scott-j-shackelford/another-back-to-the- future-moment_b_8428352.html?utm_hp_ref=cybersecurity http://www.huffingtonpost.com/scott-j-shackelford/another-back-to-the- future-moment_b_8428352.html?utm_hp_ref=cybersecurity  http://breakingdefense.com/2015/11/army-puts-cyber-soldiers-in-the- mud/ http://breakingdefense.com/2015/11/army-puts-cyber-soldiers-in-the- mud/  http://www.techradar.com/news/phone-and-communications/mobile- phones/major-android-exploit-could-make-millions-of-phones- vulnerable-1308919 http://www.techradar.com/news/phone-and-communications/mobile- phones/major-android-exploit-could-make-millions-of-phones- vulnerable-1308919  http://www.computerworld.com/article/3004837/security/self- encrypting-drives-are-little-better-than-software-based-encryption.html http://www.computerworld.com/article/3004837/security/self- encrypting-drives-are-little-better-than-software-based-encryption.html  http://www.databreachtoday.com/interviews/banks-need-to-prepare- for-more-chase-like-breaches-i-2980 http://www.databreachtoday.com/interviews/banks-need-to-prepare- for-more-chase-like-breaches-i-2980 3MIS 5211.001

4  More  https://threatpost.com/one-badbarcode-spoils-whole- bunch/115362/ https://threatpost.com/one-badbarcode-spoils-whole- bunch/115362/  https://answers.microsoft.com/en- us/windows/forum/windows_10-security/windows-10-and- hipaa-compliance/037e3f2e-8262-42eb-8909- 05832e856645?auth=1 https://answers.microsoft.com/en- us/windows/forum/windows_10-security/windows-10-and- hipaa-compliance/037e3f2e-8262-42eb-8909- 05832e856645?auth=1  https://www.linkedin.com/pulse/does-windows-10-violate- hipaa-steve-hoffenberg https://www.linkedin.com/pulse/does-windows-10-violate- hipaa-steve-hoffenberg  http://krebsonsecurity.com/2015/11/jpmorgan-hackers- breached-anti-fraud-vendor-g2-web-services/ http://krebsonsecurity.com/2015/11/jpmorgan-hackers- breached-anti-fraud-vendor-g2-web-services/  https://threatpost.com/new-moker-rat-bypasses- detection/114948/ https://threatpost.com/new-moker-rat-bypasses- detection/114948/  http://www.techtimes.com/articles/107123/20151116/securit y-researchers-find-metropcs-coding-issue-that-could-have- exposed-customer-data-or-worse.htm http://www.techtimes.com/articles/107123/20151116/securit y-researchers-find-metropcs-coding-issue-that-could-have- exposed-customer-data-or-worse.htm MIS 5211.0014

5  What I noted  http://www.darkreading.com/endpoint/microsoft-invests-$1- billion-in-holistic-security-strategy/d/d-id/1323170? http://www.darkreading.com/endpoint/microsoft-invests-$1- billion-in-holistic-security-strategy/d/d-id/1323170  http://www.theregister.co.uk/2015/11/18/eff_malware_dom ain/ http://www.theregister.co.uk/2015/11/18/eff_malware_dom ain/  http://www.ft.com/cms/s/0/4cabd0fe-8940-11e5-90de- f44762bf9896.html#axzz3rrxc7rTK (? – Cyber Jobs) http://www.ft.com/cms/s/0/4cabd0fe-8940-11e5-90de- f44762bf9896.html#axzz3rrxc7rTK  http://www.independent.co.uk/life-style/gadgets-and- tech/news/paris-attacks-anonymous-operation-isis-activists- begin-leaking-details-of-suspected-extremist-a6737291.html http://www.independent.co.uk/life-style/gadgets-and- tech/news/paris-attacks-anonymous-operation-isis-activists- begin-leaking-details-of-suspected-extremist-a6737291.html  http://www.securityweek.com/security-flaws-lastpass- exposed-user-passwords http://www.securityweek.com/security-flaws-lastpass- exposed-user-passwords  http://www.securityweek.com/university-responds- accusations-fbi-funding-tor-hack http://www.securityweek.com/university-responds- accusations-fbi-funding-tor-hack MIS 5211.0015

6  You are the attacker, you made it in. Now what?  We’ll cover some basics of what an attacker might do once inside MIS 5211.0016

7  The first thing an attacker wants to do after getting in is to ensure they can get back in  Can you create a new privileged account for yourself?  Can you fix the vulnerability you used to get in  Don’t want another attacker stepping on top of you MIS 5211.0017

8  Is logging even turned on?  No, you are in luck  Yes, more work to do  Is logging kept on the box?  Yes, great. Delete it.  No. Check for syslog services sending data out  This tells you there is a logging server somewhere  Also gives you the starting address for the logging server  Maybe you can get in and delete records there MIS 5211.0018

9  Even if you can’t delete records it’s still a gold mine. Every machine worth protecting is sending logs to the service  If you can read the stored data or listen to the data coming in you can grab UserIDs and maybe even passwords MIS 5211.0019

10  The box you break in on should not be the box you launch attacks from  Just like outside, pivot through boxes to use another machine for your attack  If detected, likely only the attacking machine is taken down, not you gateway in to the network MIS 5211.00110

11  Don’t keep the data you steal on your attack machine or your gateway machine  Look for an open file share or a desktop to store what you steal  Don’t use box for anything else, don’t want to call attention to your loot! MIS 5211.00111

12  Break your data up in to blocks  Consider RAR or PAR with error correction  If you lose part of your traffic, you might be able to reconstruct  Don’t be in a hurry  Volume traffic attracts attention  Don’t go to slow  The driver doing exactly the speed limit looks very suspicious  You want your activity to blend in MIS 5211.00112

13  Small volume of data?  Email it  Post to a website  Drop box  Need to worry about Data Loss Protection systems  They look for data matching patterns  SSNs  Account numbers  PII MIS 5211.00113

14  Sensitive data?  Obfuscation  Encryption  Larger volumes?  Fragmentation  Redundancy MIS 5211.00114

15  Can I do some simple data manipulation  Substitute letters for numbers and vice versa  Might confuse DLP  Can I use code words?  Answers depend on what data I’m trying to get out MIS 5211.00115

16  Large volumes of data need to be packaged and broken in to manageable chunks  Compression is your friend as well  In short  Package  Zip  Break in to pieces (RAR)  Here’s a link for RAR if you want to play with it: http://www.rarlab.com/download.htm http://www.rarlab.com/download.htm  Also available in Linux  If you do look a RAR, also look at CRC options MIS 5211.00116

17  Do I need to go to full blown encryption?  Might need to if a robust DLP solution is in place  Can also do encryption as part of fragmentation process MIS 5211.00117

18  Recall from beginning of course when we talked about TCP/IP, ping, etc…  Ping can carry data  Replies can carry data  DNS can carry data MIS 5211.00118

19  If you can get physical access consider:  Cellular data connection  Point to Point WiFi  Printing  Your own SAN Storage MIS 5211.00119

20  The card that I use, and the one recommended by the testers I know is from the Alfa line  I have these two:  AWUS051NH-802-11b-802-11a-802-11g-Wireless  AWUS036H-802-11g  Both are high power (1000mw) and work with wireless pen testing tools MIS 5211.00120

21  What is Tor Onion Routing?  Tor is a distributed overlay network which anonymizes TCP-based applications (e.g. web browsing, secure shell, instant messaging applications.)  Clients choose the circuit paths  Messages are put in cells and unwrapped at each node or onion router with a symmetric key.  The ORs only know the successor or predecessor but not any other Onion Router. MIS 5211.00121

22  Tor is an overlay network  Each router has a user-level process w/o special privileges.  Each onion router maintains a TLS connection to every other onion router.  Each user runs local software called onion proxy (OP) to fetch directories, establish circuits across the network, and handle connections from users.  Each router maintains a long-term & short term onion identity key. These are used to sign TLS certificates which sign the OR’s router descriptor(summary of keys, address, bandwidth,etc.) MIS 5211.00122

23 MIS 5211.00123 http://www.iusmentis.com/society/pri vacy/remailers/onionrouting/

24 MIS 5211.00124 http://www.iusmentis.com/society/pri vacy/remailers/onionrouting/

25 MIS 5211.00125 http://www.iusmentis.com/society/pri vacy/remailers/onionrouting/

26  https://www.torproject.org/ https://www.torproject.org/  http://www.iusmentis.com/society/privacy/ remailers/onionrouting/ http://www.iusmentis.com/society/privacy/ remailers/onionrouting/  http://www.onion-router.net/ http://www.onion-router.net/ MIS 5211.00126

27  This was covered when we talked about nmap  There are tools that just do a ping of a list of addresses  However:  Be careful if you look for one of these tools  Lots of “free” download sites  Can be done straight from command line:  Try: C:\> FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply“  Pings all addresses in range 10.10.10.1-255 MIS 5211.00127

28  Yet another “Free” POS (piece of software)  See remarks from previous page MIS 5211.00128

29  Old school technique of calling successive phone numbers to see if a modem answers  If modem does answer, some tools will attempt to try basic attacks to see if they work  Tools are still used, but generally don’t find much as they are ineffective in modern VOIP phone networks MIS 5211.00129

30  No class next week  Test 2 in two weeks  Only material from Evasion will be testable  If there are “Any” questions between now and then write, text, or call. MIS 5211.00130

31 ? MIS 5211.00131

Download ppt "MIS 5211.001 Week 13 Site:"

Similar presentations

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Internet Online Safety How to have FUN and Stay in Control.

Internet Online Safety How to have FUN and Stay in Control.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
MIS 5211.001 Week 7 Site:

MIS Week 7 Site:
How to make it easy for you customers to find and research you and your services!

How to make it easy for you customers to find and research you and your services!
CONNECTION SETTINGS FOR USE WITH THE MOTION COMPUTING MODEL-F5 TABLET COMPUTER AKA: SIMON October 8, 2011 (And other useful information.)

CONNECTION SETTINGS FOR USE WITH THE MOTION COMPUTING MODEL-F5 TABLET COMPUTER AKA: SIMON October 8, 2011 (And other useful information.)
Digital Certificate Installation & User Guide For Class - 2 Certificates.

Digital Certificate Installation & User Guide For Class - 2 Certificates.
Web server and web browser It’s a take and give policy in between client and server through HTTP(Hyper Text Transport Protocol) Server takes a request.

Web server and web browser It’s a take and give policy in between client and server through HTTP(Hyper Text Transport Protocol) Server takes a request.
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

Similar presentations

Ads by Google