Your SlideShare is downloading. ×
Session 1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Session 1

1,103
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,103
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack
  • Transcript

    • 1. Security Boot Camp Intro
    • 2. Why this course
      • A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this
      • They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter
    • 3. Who is that Fat Man?
      • What did Mark Do :
      • The most popular 802.11 IDS
      • Invent an IDS collation engine
      • Discover several zero day vulnerabilities
      • Coin the term WAP-GAP
      • The London Hacker survey
      • Contribute to the CEH Cert
      • Expert witness a famous dirty tricks legal action
      • etc etc etc
      • Mark holds the following certifications:
      • CISSP and CISM
      • Checkpoint CCSA + CCSE
      • Cisco CCNA + CSSP
      • BA Computing + MBA
    • 4. Outline
      • Overview of the types of hacking tools and platforms used
      • Sites used by hackers
      • Building your white-hat hacker toolkit
    • 5. Origination of tools
      • Tools tend to be freely downloadable from the web
      • Many tools shared via IRC
      • Pirated – commercial tools are also available
      • Many available through peer to peer programs
      • Tools tend to be developed for specific vulnerabilities
    • 6. Types of tools
      • Network and system scanning/mapping
      • Vulnerability scanning and testing (Nessus, whisker)
      • Password crackers (Brutus, LC3)
      • Encryption tools
      • Network sniffers
      • War dialling
    • 7. The Unix hacker toolkit
      • Nmap – Port Scanner
      • Nessus – Port scanner & Vulnerability assessment
      • Traceroute – with the source route patch or LFT
      • Hping2 – Scanning and tracerouting tool
      • Whisker – Web vulnerability scanner (Nikto is also based on Whisker)
      • Stunnel/SSLPROXY– De-SSL HTTP/s
      • Sniffit – command line sniffer
      • Netcat – raw socket access
      • Tcpdump – command line sniffer
      • Icmptime
      • juggernaut
      • Net::SSLeay – SSL module for PERL (for many tools)
      • John the Ripper – Password cracker
      • Hunt/Sniper – TCP/IP connection hijacking tool
      • nimrod – website enumerator
      • Spike archives
      • Ethereal – sniffer
      • dsniff
    • 8. The Windows hacker toolkit
      • Brutus – Brute force utility
      • Mingsweeper – TCP/IP scanning tool
      • Superscan – TCP/IP scanning tool
      • MPTraceroute/LFT
      • SamSpad e – Footprinting tool
      • NessusWX – Nessus interface
      • ISS Scanner / Cyber Cop
      • N etstumbler – Wireless LAN Scanner
      • WinDump – tcpdump for Windows
      • Toneloc – War dialling tool
      • Finger – Backdoor tool
      • NetBios Auditing Tool (NAT)
      • Netcat - Enumeration tool
      • Legion – Enumeration tool
      • LC3 (l0phtcrack )
    • 9. The Windows hacker toolkit cont.
      • Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler)
      • ToneLoc – Wardialling tool
      • NT resource kit – many tools applicable to NT network enumeration and penetration
      • NMAP (Win32 port) -- available from insecure.org
    • 10. Denial Of Service tools
      • From the spike package
      • Land and Latierra
      • Smurf & Fraggle
      • Synk4
      • Teardrop, newtear, bonk, syndrop
      • Zombies
    • 11. Network Sniffers
      • tcpdump
      • Sniffit
      • dsniff
      • Observer
      • Sniffer Pro
      • Ethereal
      • Snoop
    • 12. Underlying requirements
      • Certain tools, have pre-requisites before installation
      • Perl
      • SSLeay
      • Open SSL
      • Linux Variations
      • Example: Whisker requires Perl to be installed
    • 13. Websites
      • Websites where tools can be found :
      • www. securityfocus .com
      • www. packetstormsecurity . org
      • www. astalavista .box. sk
      • www. securiteam .com
    • 14. Lab
      • Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available
      • Good searches:
        • Denial of service
        • Backdoor / netbus / backoriface
        • http://www. securityfocus .com/ vulnerability section
      • Time: 30 minutes
    • 15. -- Knoppix 3.7
      • Bootable CD
      • Boots in most Intel/AMD systems
      • Linux 2.x with basic security tools
      • Also see Trustix, Trinux and Packetmaster on sourceforge
    • 16. Lab
      • Boot Linux (trinux Knoppix or Packetmasters) and have a play
      • Time: 35 minutes
    • 17. A methodology
    • 18. A network penetration methodology Test Objective To identify insecure protocols or insecure settings of services related to available protocols or services
    • 19. Research Phase Objective and Strategy
      • Objective: Find out technical information about the target site
        • Using external information sources
        • Not touching the target servers
      • Strategy: Review information available from
        • DNS
        • RIPE
        • Netcraft
        • News groups (particularly firewall newsgroups)
    • 20. Identifying router and firewall
      • Identify the Web or Mail server
      • Get the Next-Hop before this
        • This will probably be the perimeter router or the firewall
        • PIX does not appear as a hop (Fw1 & NetScreen do)
        • 80% chance it will be NetScreen, PIX or Firewall 1
      • To figure out which
        • ICMP ( i.e. Address Mask Request)
        • Use TCP Stack finger printing
        • Key ports (258, 259 + 263 could be firewall 1)
        • IPSEC
      • Exploit vulnerabilities with pre-written tools
    • 21. Hacking the servers
        • Scan TCP ports
        • Scan UDP ports
          • !!! Only HTTP or HTTPS ports should be visible
          • If it is a webserver etc
        • Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits
        • Check Scanner
        • Identify exploits
    • 22. Security Boot Camp Intro

    ×