Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
This document discusses enumeration, which is the process of extracting information about network resources and user accounts. It provides examples of tools used to enumerate different operating systems, including NBTscan for Microsoft OS, null sessions, NetBIOS tools like nbtstat and net view, and Windows tools in Backtrack like Smb4K, DumpSec, and Hyena. For NetWare, it discusses tools like Novell Client. For UNIX systems it discusses the finger utility and using Nessus. It includes screenshots of enumerating devices with these various tools.
This document discusses embedded operating systems and their vulnerabilities. It begins with an introduction to embedded OSs, what they are, and where they are used. It then describes several specific embedded OSs like Windows CE, VxWorks, and various Linux-based systems. It outlines some common vulnerabilities of embedded OSs like being unpatchable and having shared code with more widely used systems. Examples are given of attacks on embedded systems controlling infrastructure. The document concludes with best practices for securing embedded OSs like inventorying all systems, least privileges, encryption, and keeping systems up to date.
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Routers, firewalls, intrusion detection systems, honeypots, and other security devices can be used to protect networks. Routers direct network traffic using routing protocols and access lists. Firewalls control access to internal networks using packet filtering, stateful inspection, and application inspection. Intrusion detection systems monitor network traffic for suspicious activity and generate alerts. Honeypots are decoy systems used to attract and study hackers without exposing real systems to risk. These security devices provide layered defenses to enhance network protection.
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
This document discusses footprinting and social engineering techniques used in ethical hacking. It describes using web tools like Burp Suite and proxies to gather open source intelligence about a target organization from their website and online presence. DNS zone transfers and tools like dig and host are explained to map out a target's network infrastructure. Different social engineering tactics like pretexting, impersonation and tailgating are also outlined. The document provides examples of how hackers use these techniques and recommendations for organizations to prevent such attacks.
CNIT 123: Ch 7: Programming for Security ProfessionalsSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
This document discusses enumeration, which is the process of extracting information about network resources and user accounts. It provides examples of tools used to enumerate different operating systems, including NBTscan for Microsoft OS, null sessions, NetBIOS tools like nbtstat and net view, and Windows tools in Backtrack like Smb4K, DumpSec, and Hyena. For NetWare, it discusses tools like Novell Client. For UNIX systems it discusses the finger utility and using Nessus. It includes screenshots of enumerating devices with these various tools.
This document discusses embedded operating systems and their vulnerabilities. It begins with an introduction to embedded OSs, what they are, and where they are used. It then describes several specific embedded OSs like Windows CE, VxWorks, and various Linux-based systems. It outlines some common vulnerabilities of embedded OSs like being unpatchable and having shared code with more widely used systems. Examples are given of attacks on embedded systems controlling infrastructure. The document concludes with best practices for securing embedded OSs like inventorying all systems, least privileges, encryption, and keeping systems up to date.
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Ch 9: Embedded Operating Systems: The Hidden ThreatSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Routers, firewalls, intrusion detection systems, honeypots, and other security devices can be used to protect networks. Routers direct network traffic using routing protocols and access lists. Firewalls control access to internal networks using packet filtering, stateful inspection, and application inspection. Intrusion detection systems monitor network traffic for suspicious activity and generate alerts. Honeypots are decoy systems used to attract and study hackers without exposing real systems to risk. These security devices provide layered defenses to enhance network protection.
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
This document discusses footprinting and social engineering techniques used in ethical hacking. It describes using web tools like Burp Suite and proxies to gather open source intelligence about a target organization from their website and online presence. DNS zone transfers and tools like dig and host are explained to map out a target's network infrastructure. Different social engineering tactics like pretexting, impersonation and tailgating are also outlined. The document provides examples of how hackers use these techniques and recommendations for organizations to prevent such attacks.
CNIT 123: Ch 7: Programming for Security ProfessionalsSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_S18.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Ch 4: Footprinting and Social EngineeringSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Updated 11-22-17 12:15 PM
This document discusses various ways that back-end components of web applications can be attacked by injecting malicious code or commands. It provides examples of how user input could be used to exploit vulnerabilities in OS commands, scripting languages, file paths, HTTP requests, and SMTP mail services. The key risks are command injection, path traversal, remote file inclusion, XML external entity injection, and HTTP/SMTP parameter injection. The document also offers suggestions for preventing these attacks, such as input validation, output encoding, and limiting file system and network access.
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
The document discusses techniques for fingerprinting operating systems and applications based on their responses during the USB enumeration process. It describes how small differences in the ordering and types of descriptor requests, timing information, and responses to invalid data can be used to identify the OS or application interacting with a USB device. The document also summarizes an exploit against the Windows 8 RNDIS driver that allows overwriting kernel memory by manipulating fields in the USB configuration descriptor.
This document discusses various types of forensic duplication including simple duplication that copies selected data versus forensic duplication that retains every bit on the source drive including deleted files. It covers requirements for forensic duplication including the need to act as admissible evidence. It describes different forensic image formats including complete disk, partition, and logical images and details scenarios for each type. Key aspects of forensic duplication covered include recovering deleted files, non-standard data types, ensuring image integrity with hashes, and traditional duplication methods like using hardware write blockers or live DVDs.
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
CNIT 152: 13 Investigating Mac OS X SystemsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
The document describes an incident response case involving the compromise of a company's network. An attacker first gained access via a spear phishing email that exploited a vulnerable version of Adobe Acrobat. They then stole VPN credentials, allowing remote access from their home system. Over several weeks, the attacker performed reconnaissance and stole sensitive engineering data by modifying file permissions. The company's implementation of a SIEM tool helped identify the attacker's activities and multiple compromised accounts. An incident response team was brought in to fully eradicate the threat and secure the network.
The document summarizes two real-world incident response cases. The first case involved a 10-month attack where an attacker exploited an SQL injection vulnerability and eventually stole millions of payment card records over three months. The second case describes a spear phishing email that installed malware, allowing the attacker to compromise VPN credentials and steal sensitive engineering data over several weeks until a SIEM detected anomalous VPN access patterns. Both cases resulted in comprehensive incident response and remediation efforts.
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152 13 Investigating Mac OS X SystemsSam Bowne
This document provides an overview of investigating Mac OS X systems, including analyzing the file system and various system artifacts. It discusses the HFS+ file system structures like the volume header, catalog file, and attributes file. It also covers time stamps, Spotlight indexing, and managed storage revisions. Key directories in the local, system, network, and user domains are outlined. Specific sources of evidence from the user domain like user accounts, shares, and trash are also mentioned. The document discusses tools like OpenBSM for system auditing and various system logs and databases that can be analyzed.
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
For a college course at City College San Francisco.
Based on: "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, ASIN: B00JFG7152
More information at: https://samsclass.info/152/152_F19.shtml
CNIT 152 12. Investigating Windows Systems (Part 3)Sam Bowne
This document discusses various artifacts left on Windows systems after interactive user sessions or malware infections that can be investigated during an incident response. These include LNK files, jump lists, the recycle bin, memory forensics evidence like handles and process injection artifacts, and alternative persistence mechanisms like startup folders, scheduled tasks, and DLL hijacking. Memory analysis tools like Volatility are also mentioned for parsing memory artifacts like process injection and hooks left by malware.
This document discusses three key areas of preparation for effective incident response: preparing the organization, preparing the incident response team, and preparing the infrastructure. It provides details on identifying risks, policies to promote successful IR, educating users, defining the IR team mission, training the team, equipping the team, asset management, hardening hosts, implementing centralized logging, network segmentation, access controls, and documentation. The overall goal is to outline steps organizations can take before an incident occurs to facilitate rapid identification, containment, eradication and recovery.
Multiple intelligence reports have identified significant cybersecurity threats to global email networks from coordinated cyber criminals. Email remains the primary form of business communication, but the rapid growth has fueled security threats like spam, malware, ransomware, and phishing. The document recommends immediate actions for companies to improve their email security such as deploying email security services, blocking suspicious file attachments, educating users, and considering upgrading defenses.
SSL/TLS provides encryption and authentication for secure internet communications. It originated from efforts by IETF, ANSI, and Netscape in the 1990s. SSL/TLS establishes a secure channel through a handshake to negotiate encryption keys before data transfer. SET builds on SSL/TLS to provide additional privacy, authentication, and integrity specifically for online credit card transactions through the use of digital signatures and certificates. It establishes separate encryption for payment and order information that is only revealed to authorized parties.
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_S18.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Ch 4: Footprinting and Social EngineeringSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Updated 11-22-17 12:15 PM
This document discusses various ways that back-end components of web applications can be attacked by injecting malicious code or commands. It provides examples of how user input could be used to exploit vulnerabilities in OS commands, scripting languages, file paths, HTTP requests, and SMTP mail services. The key risks are command injection, path traversal, remote file inclusion, XML external entity injection, and HTTP/SMTP parameter injection. The document also offers suggestions for preventing these attacks, such as input validation, output encoding, and limiting file system and network access.
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
The document discusses techniques for fingerprinting operating systems and applications based on their responses during the USB enumeration process. It describes how small differences in the ordering and types of descriptor requests, timing information, and responses to invalid data can be used to identify the OS or application interacting with a USB device. The document also summarizes an exploit against the Windows 8 RNDIS driver that allows overwriting kernel memory by manipulating fields in the USB configuration descriptor.
This document discusses various types of forensic duplication including simple duplication that copies selected data versus forensic duplication that retains every bit on the source drive including deleted files. It covers requirements for forensic duplication including the need to act as admissible evidence. It describes different forensic image formats including complete disk, partition, and logical images and details scenarios for each type. Key aspects of forensic duplication covered include recovering deleted files, non-standard data types, ensuring image integrity with hashes, and traditional duplication methods like using hardware write blockers or live DVDs.
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
CNIT 152: 13 Investigating Mac OS X SystemsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
The document describes an incident response case involving the compromise of a company's network. An attacker first gained access via a spear phishing email that exploited a vulnerable version of Adobe Acrobat. They then stole VPN credentials, allowing remote access from their home system. Over several weeks, the attacker performed reconnaissance and stole sensitive engineering data by modifying file permissions. The company's implementation of a SIEM tool helped identify the attacker's activities and multiple compromised accounts. An incident response team was brought in to fully eradicate the threat and secure the network.
The document summarizes two real-world incident response cases. The first case involved a 10-month attack where an attacker exploited an SQL injection vulnerability and eventually stole millions of payment card records over three months. The second case describes a spear phishing email that installed malware, allowing the attacker to compromise VPN credentials and steal sensitive engineering data over several weeks until a SIEM detected anomalous VPN access patterns. Both cases resulted in comprehensive incident response and remediation efforts.
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152 13 Investigating Mac OS X SystemsSam Bowne
This document provides an overview of investigating Mac OS X systems, including analyzing the file system and various system artifacts. It discusses the HFS+ file system structures like the volume header, catalog file, and attributes file. It also covers time stamps, Spotlight indexing, and managed storage revisions. Key directories in the local, system, network, and user domains are outlined. Specific sources of evidence from the user domain like user accounts, shares, and trash are also mentioned. The document discusses tools like OpenBSM for system auditing and various system logs and databases that can be analyzed.
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
For a college course at City College San Francisco.
Based on: "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, ASIN: B00JFG7152
More information at: https://samsclass.info/152/152_F19.shtml
CNIT 152 12. Investigating Windows Systems (Part 3)Sam Bowne
This document discusses various artifacts left on Windows systems after interactive user sessions or malware infections that can be investigated during an incident response. These include LNK files, jump lists, the recycle bin, memory forensics evidence like handles and process injection artifacts, and alternative persistence mechanisms like startup folders, scheduled tasks, and DLL hijacking. Memory analysis tools like Volatility are also mentioned for parsing memory artifacts like process injection and hooks left by malware.
This document discusses three key areas of preparation for effective incident response: preparing the organization, preparing the incident response team, and preparing the infrastructure. It provides details on identifying risks, policies to promote successful IR, educating users, defining the IR team mission, training the team, equipping the team, asset management, hardening hosts, implementing centralized logging, network segmentation, access controls, and documentation. The overall goal is to outline steps organizations can take before an incident occurs to facilitate rapid identification, containment, eradication and recovery.
Multiple intelligence reports have identified significant cybersecurity threats to global email networks from coordinated cyber criminals. Email remains the primary form of business communication, but the rapid growth has fueled security threats like spam, malware, ransomware, and phishing. The document recommends immediate actions for companies to improve their email security such as deploying email security services, blocking suspicious file attachments, educating users, and considering upgrading defenses.
SSL/TLS provides encryption and authentication for secure internet communications. It originated from efforts by IETF, ANSI, and Netscape in the 1990s. SSL/TLS establishes a secure channel through a handshake to negotiate encryption keys before data transfer. SET builds on SSL/TLS to provide additional privacy, authentication, and integrity specifically for online credit card transactions through the use of digital signatures and certificates. It establishes separate encryption for payment and order information that is only revealed to authorized parties.
This is an introductory presentation to SSL and the basics of secure communication over the web. It walks over the concepts of how SSL works and the various methods for implementing a safe communication channel. It explains the mechanisms of web negotiation, before starting any web transaction between remote hosts.
Electronic mail security requires confidentiality, authentication, integrity, and non-repudiation. Privacy Enhanced Mail (PEM) and Pretty Good Privacy (PGP) provide these security services for email. PEM uses canonical conversion, digital signatures, encryption, and base64 encoding. PGP provides authentication via digital signatures and confidentiality through symmetric encryption of messages with randomly generated session keys. Secure/Multipurpose Internet Mail Extensions (S/MIME) also supports signed and encrypted email to provide security.
PGP and S/MIME are two standards for securing email. PGP uses asymmetric encryption and digital signatures to provide authentication, confidentiality, and compression of messages. It utilizes public/private key pairs and trust is established through signatures on public keys. S/MIME is an Internet standard that provides similar security services to MIME messages as PGP, using PKI/certificates and industry standard algorithms. Both standards encrypt messages and attach digital signatures to authenticate senders and guarantee message integrity.
Este documento describe un ensayo de flexión realizado con probetas de madera y hierro. Se detallan los materiales utilizados, como una máquina de ensayos universal y un reloj comparador. El procedimiento incluye medir las dimensiones de las probetas, colocarlas en la máquina y aplicar una fuerza controlada mientras se mide la deformación. Los cálculos permiten determinar el módulo de elasticidad y la resistencia a la flexión de cada material.
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
The document discusses email security flaws and various techniques for encrypting email communications. It describes how email is currently sent in plain text over outdated protocols, revealing metadata in headers. Encryption methods like Public Key Infrastructure (PKI) and Pretty Good Privacy (PGP) aim to address these issues using public/private key encryption and decentralized authentication. Applications like GNU Privacy Guard have implemented these techniques, while future development focuses on end-to-end encryption and usability in projects like the Dark Mail Project.
Websense offers several email security solutions to address modern threats. Their solutions leverage the Websense ThreatSeeker Intelligence Cloud and Advanced Classification Engine (ACE) to detect known and unknown malware, spam, and targeted attacks. Key capabilities include gateway threat analysis, point-of-click URL sandboxing, behavioral file sandboxing, and built-in data loss prevention. Websense solutions can be deployed in the cloud, on-premises with appliances, or in a hybrid model.
This document discusses email security and encryption. It explains that email travels through unprotected networks and is exposed to attacks. It describes how email privacy aims to protect email from unauthorized access. Some remedies discussed are encrypting communication between servers using TLS and SASL authentication. The document also discusses using public-key cryptography for email encryption with tools like PGP and S/MIME, which can encrypt email content and add digital signatures for authentication. S/MIME is described as a security enhancement to the MIME email standard that provides encrypted and signed data functionality.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
The document discusses desktop and server security, focusing on securing Windows 7 and Windows 8 desktops. It provides steps for configuring security settings and features in Windows like the User Account Control, Internet Explorer security, Windows Firewall, services, AppLocker, BitLocker, and the registry. It emphasizes the importance of only making one change at a time, backing up the registry first, and obtaining configuration recommendations from trusted sources. New features in Windows 8 like secure boot and measured boot are highlighted which help strengthen security during the boot process against rootkits and bootkits.
The document discusses email security and best practices. It notes that email is essential for daily work but poses security risks like unauthorized access, data leakage, and malware infiltration. It recommends configuring email servers securely, establishing policies for email use and retention, monitoring for anomalies, and educating users on secure email practices. Overall, the document emphasizes the importance of securing email infrastructure while enabling effective and appropriate use of email to meet business objectives.
Database security aims to protect data from unauthorized access through various security controls. This includes restricting access (secrecy), ensuring data integrity, and maintaining data availability. Common threats include accidental issues like hardware/software errors and natural disasters, as well as deliberate actions by authorized or unauthorized users. Microsoft Access provides security features like user accounts, permissions, and database passwords to control access and protect data.
Web security involves protecting information transmitted over the internet from attacks like viruses, worms, trojans, ransomware, and keyloggers. Users can help secure themselves by using antivirus software, avoiding phishing scams, and reporting spam. Larger attacks often involve botnets, which are networks of infected computers that can overwhelm websites and services with traffic through distributed denial of service attacks.
This document provides an overview of operating system security. It discusses the key components and functions of an operating system including multitasking, resource management, user interfaces, and more. It then examines the security environment of an operating system including services, files, memory, authentication, authorization, and vulnerabilities. Finally, it outlines best practices for securing an operating system such as installing only necessary software, configuring users and permissions properly, applying patches and updates, and performing regular security monitoring, backups and testing.
This document provides an overview of a training course on system and network security for Windows 2003/XP/2000. It discusses what the course will cover, including the native security features of these Windows operating systems, how to lock down and secure Windows systems, and vulnerabilities and countermeasures. It also summarizes new and modified security features in Windows Server 2003 such as the Common Language Runtime, Internet Connection Firewall, account behavior changes, and enhancements to Encrypted File System, IPSec, authorization manager, and IIS 6.0.
Domain 3: Security Engineering
Virtualization and Distributed Computing
System Vulnerabilities, Threats and Countermeasures
Cornerstone Cryptographic Concepts
History of Cryptography
Types of Cryptography
Cryptographic Attacks
Implementing Cryptography
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
The document discusses security baselines and hardening systems and networks. It covers topics like disabling unused services, using security templates to configure Windows settings, implementing group policy for domain configurations, and applying patches and filters to harden applications, operating systems, databases, and network devices. The document also defines several common acronyms related to information security.
Presentation about securing the environment that the Blackboard Learn application runs on. Includes:
* IPS/IDS
* Database Security Recommendations
* Load Balancer
etc.
Taking Control of Access to Your IBM i Systems and DataPrecisely
The days when the IBM i was isolated from other systems and configuring security was a relatively simple matter are long gone. As the IBM i has become interconnected with other systems, the way in which it can be accessed have grown – and the task of protecting it from intrusion has become more complex. To ensure the security of your organization’s critical data and applications, and to comly with increasingly strict IT security regulations, you must control the numerous means by which your IBM i systems can be accessed.
Watch this 15-minute webcast to learn how exit points provided by the IBM i OS can be used to monitor and secure access to IBM i systems and data.
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEric Vanderburg
The document discusses tools for assessing vulnerabilities on Microsoft systems, including the Microsoft Baseline Security Analyzer (MBSA), Winfingerprint, and HFNetChk. It describes vulnerabilities in Microsoft operating systems and services like NetBIOS, SMB/CIFS, IIS, and SQL Server. The document provides best practices for securing Microsoft systems such as keeping systems patched, using antivirus software, enabling logging, and disabling unused services.
The document provides an overview of operating systems, including processes, threads, interprocess communication, deadlocks, and scheduling. It discusses the evolution of operating systems from first to fourth generation. Key concepts covered include processes, files, system calls, command interpreters, and signals. Operating system structures like monolithic, layered, and client-server models are summarized. Common interprocess communication problems like the bounded buffer, readers-writers, and dining philosophers problems are also briefly outlined. Finally, it discusses process scheduling algorithms, deadlock conditions and strategies to handle deadlocks.
How we breach small and medium enterprises (SMEs)NCC Group
This document summarizes common techniques used to breach small and medium enterprises. It discusses how networks are typically assessed through discovery, vulnerability assessment, exploitation, and post-exploitation. It then outlines several weaknesses that are commonly leveraged, including lack of security patches, default credentials, excessive network footprint, lack of network segregation, exceptions in configurations, and failure to implement whitelisting over blacklisting. Specific scenarios are provided for each to illustrate how access can be gained and privilege escalated within a network. The document stresses the importance of security fundamentals like patching, access control, and network segmentation.
This document discusses operating system structures. It covers operating system services, user interfaces, system calls, system programs, design and implementation, structure, debugging, generation, and booting. The key points are:
- Operating systems provide services like process and resource management, file systems, I/O, and protection. They have user interfaces like command lines and GUIs.
- System calls are the programming interface to OS services. They are implemented via system call tables. Common types include process, file, device, and protection calls.
- Operating systems are structured in various ways like layered, microkernel, and hybrid approaches. Modern OSes use modules and dynamic loading.
- System programs provide user interfaces
This document provides an overview of Linux system administration. It discusses what Linux is, its properties, basic commands, an introduction to Linux operating system characteristics, popular Linux distributions like Debian, SUSE, Ubuntu, and duties of a system administrator including installing and configuring servers and applications, creating and maintaining user accounts, backing up and restoring files, monitoring and tuning performance, configuring a secure system, and using tools to monitor security.
The document outlines a 12-step program for developing network security strategies. It discusses identifying network assets and security risks, analyzing security requirements and tradeoffs, developing a security plan and policy, implementing technical security strategies, and maintaining security. It also covers securing different parts of the network like internet connections, servers, remote access, services, and wireless networks using mechanisms like firewalls, authentication, encryption, and wireless security protocols.
- Computer Management post graduate with over 10 years of experience as a System and Network Administrator.
- Recognized for technical troubleshooting skills to rapidly resolve challenging issues.
- Has experience managing both Windows and Linux systems and networks, along with certifications in Microsoft, Cisco, and other technologies.
The document discusses techniques for operating system security including authentication, authorization, and confinement. It describes the goals of safely sharing resources while preventing unauthorized access to private data or interference between programs. The trusted computing base and security techniques like reference monitors, access control lists, and capabilities are explained. Later sections cover implementing authentication through passwords, public keys, and biometrics and how authorization works using access control matrices. The challenges of confinement and running untrusted code securely are also discussed.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities in Windows systems. It also outlines vulnerabilities in various Microsoft services and protocols like SMB, IIS, and SQL Server. The document concludes with best practices for securing Microsoft systems like regular patching, antivirus software, logging and monitoring, and disabling unused services.
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
This document discusses tools and techniques for assessing and hardening Microsoft systems against common vulnerabilities. It describes Microsoft tools like the Microsoft Baseline Security Analyzer (MBSA) that can identify vulnerabilities related to patches, passwords, and insecure configurations. It also discusses vulnerabilities in Microsoft operating systems, services like IIS and SQL Server, and protocols like SMB/CIFS. The document provides best practices for securing Microsoft systems such as regular patching, antivirus software, logging and monitoring, disabling unused services, and enforcing strong passwords.
Essential Layers of IBM i Security: IBM i Security ConfigurationPrecisely
Learn practical, sound practices for properly configuring security settings within the IBM i OS, keep the OS and PTFs up to date and user profile management considerations.
Attack All the Layers - What's Working in Penetration TestingNetSPI
The document discusses techniques for attacking different layers during a penetration test. It covers attacking protocols like ARP, NBNS, SMB, PXE and DTP. It also discusses attacking passwords by cracking hashes, dictionary attacks, and dumping passwords in cleartext. Additionally, it covers attacking applications, bypassing endpoint protection, and escalating privileges on Windows systems locally and within a domain. The overall message is that penetration testers should attack all layers of the stack during a test to fully evaluate security.
Attack All The Layers - What's Working in Penetration TestingNetSPI
The document discusses techniques for attacking different layers during a penetration test. It covers attacking protocols like ARP, NBNS, SMB, PXE and DTP. It also discusses attacking passwords by cracking hashes, dictionary attacks, and dumping passwords in cleartext. Application attacks like SQL injection and directory traversals are mentioned. Bypassing endpoint protection through code injection and modifying application whitelisting is covered. Windows privilege escalation techniques like exploiting insecure service configurations and dumping credentials from memory are also summarized. The conclusions state that most networks and protocols have vulnerabilities but can be fixed through proper controls and patching.
Similar to CNIT 123: 8: Desktop and Server OS Vulnerabilites (20)
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.
This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.
This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.
The document discusses the Diffie-Hellman key exchange protocol. It describes how Diffie-Hellman works by having two parties agree on a shared secret over an insecure channel without transmitting the secret itself. It also covers potential issues like using proper cryptographic techniques to derive keys from the shared secret and using safe prime numbers to prevent attacks.
This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.
This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.
This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.
This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.
This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.
This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes:
1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag.
2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication.
3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer.
4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.
The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.
Live data collection on Windows systems can be done using prebuilt kits like Mandiant Redline or Velociraptor, by creating your own scripted toolkit using built-in and free tools to collect processes, network connections, system logs and other volatile data, while following best practices like testing your methods first and being cautious of malware on investigated systems.
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...EduSkills OECD
Andreas Schleicher, Director of Education and Skills at the OECD presents at the launch of PISA 2022 Volume III - Creative Minds, Creative Schools on 18 June 2024.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
This presentation was provided by Rebecca Benner, Ph.D., of the American Society of Anesthesiologists, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
1. Hands-On Ethical Hacking
and Network Defense
Second Edition
Chapter 8
Desktop and Server OS Vulnerabilities
Last updated 3-14-15
Last updated 10-6-16
2. Objectives
• After reading this chapter and completing the
exercises, you will be able to:
– Describe vulnerabilities of Windows and Linux
operating systems
– Identify specific vulnerabilities and explain ways to fix
them
– Explain techniques to harden systems against
Windows and Linux vulnerabilities
4. Windows OS Vulnerabilities
• Many Windows OSs have serious vulnerabilities
– Windows 2000 and earlier
• Administrators must disable, reconfigure, or uninstall
services and features
– Windows XP, Vista; Server 2003, 2008, and 2012;
Windows 7, 8, and 10
• Most services and features are disabled by default
6. Windows File Systems
• File system
– Stores and manages information
• User created
• OS files needed to boot
– Most vital part of any OS
• Can be a vulnerability
7. File Allocation Table
• Original Microsoft file system
– Supported by nearly all desktop and server OS's
– Standard file system for most removable media
• Other than CDs and DVDs
– Later versions provide for larger file and disk sizes
• Most serious shortcoming
– Doesn't support file-level access control lists (ACLs)
• Necessary for setting permissions on files
• Multiuser environment use results in vulnerability
8. NTFS
• New Technology File System (NTFS)
– First released as high-end file system
• Added support for larger files, disk volumes, and ACL
file security
• Subsequent Windows versions
– Included upgrades for compression, journaling, file-
level encryption, and self-healing
• Alternate data streams (ADSs)
– Can “stream” (hide) information behind existing files
• Without affecting function, size, or other information
– Several detection methods
10. Remote Procedure Call
• Interprocess communication mechanism
– Allows a program running on one host to run code on
a remote host
• Worm that exploited RPC
– Conficker worm
• Microsoft Baseline Security Analyzer
– Determines if system is vulnerable due to an RPC-
related issue
14. NetBIOS
• Software loaded into memory
– Enables computer program to interact with network
resource or device
• NetBIOS isn’t a protocol
– Interface to a network protocol
• NetBios Extended User Interface (NetBEUI)
– Fast, efficient network protocol
– Allows NetBIOS packets to be transmitted over TCP/IP
– NBT is NetBIOS over TCP
15. NetBIOS (cont’d.)
• Systems running newer Windows OSs
– Vista, Server 2008, Windows 7, and later versions
– Share files and resources without using NetBIOS
• NetBIOS is still used for backward compatibility
– Companies use old machines
16. Server Message Block
• Used to share files
– Usually runs on top of:
• NetBIOS
• NetBEUI, or
• TCP/IP
• Several hacking tools target SMB
– L0phtcrack’s SMB Packet Capture utility and
SMBRelay
• It took Microsoft seven years to patch these
17. Server Message Block (cont’d.)
• SMB2
– Introduced in Windows Vista
– Several new features
– Faster and more efficient
• Windows 7
– Microsoft avoided reusing code
– Still allowed backward capability
• Windows XP Mode
– Spectacular DoS vulnerabilities
• Links Ch 8za-8zc
19. Common Internet File System
• Standard protocol
– Replaced SMB for Windows 2000 Server and later
– SMB is still used for backward compatibility
– Described as just a renaming of SMB by Wikipedia
(link Ch 8z)
• Remote file system protocol
– Enables sharing of network resources over the
Internet
• Relies on other protocols to handle service
announcements
– Notifies users of available resources
20. Common Internet File System (cont’d.)
• Enhancements
– Locking features
– Caching and read-ahead/write-behind
– Support for fault tolerance
– Capability to run more efficiently over dial-up
– Support for anonymous and authenticated access
• Server security methods
– Share-level security (folder password)
– User-level security (username and password)
21. Common Internet File System (cont’d.)
• Attackers look for servers designated as domain
controllers
– Severs handle authentication
• Windows Server 2003 and 2008
– Domain controller uses a global catalog (GC) server
• Locates resources among many objects
22. Domain Controller Ports
• By default, Windows Server 2003 and 2008 domain
controllers using CIFS listen on the following ports
– DNS (port 53)
– HTTP (port 80)
– Kerberos (port 88)
– RPC (port 135)
– NetBIOS Name Service (port 137)
– NetBIOS Datagram Service (port 139)
– LDAP (port 389)
– HTTPS (port 443)
– SMB/ CIFS (port 445)
– LDAP over SSL (port 636)
– Active Directory global catalog (port 3268)
23. Null Sessions
• Anonymous connection established without
credentials
– Used to display information about users, groups,
shares, and password policies
– Necessary only if networks need to support older
Windows versions
• To enumerate NetBIOS vulnerabilities use:
– Nbtstat, Net view, Netstat, Ping, Pathping, and Telnet
commands
24. Web Services
• IIS installs with critical security vulnerabilities
– IIS Lockdown Wizard
• Locks down IIS versions 4.0 and 5.0
• IIS 6.0 and later versions
– Installs with a “secure by default” mode
– Previous versions left crucial security holes
• Keeping a system patched is important
• Configure only needed services
25. SQL Server
• Many potential vulnerabilities
– Null System Administrator (SA) password
• SA access through SA account
• SA with blank password by default on versions prior to
SQL Server 2005
– Gives attackers administrative access
• Database and database server
26. Buffer Overflows
• Data is written to a buffer and corrupts data in
memory next to allocated buffer
– Normally, occurs when copying strings of characters
from one buffer to another
• Functions don't verify text fits
– Attackers run shell code
• C and C++
– Lack built-in protection against overwriting data in
memory
27. Passwords and Authentication
• Weakest security link in any network
– Authorized users
• Most difficult to secure
• Relies on people
– Companies should take steps to address it
28. Passwords and Authentication (cont’d.)
• Comprehensive password policy is critical
– Should include:
• Change passwords regularly
• Require at least six characters (too short!)
• Require complex passwords
• Passwords can’t be common words, dictionary words,
slang, jargon, or dialect
• Passwords must not be identified with a user
• Never write it down or store it online or in a file
• Do not reveal it to anyone
• Use caution when logging on and limit reuse
29. Passwords and Authentication (cont’d.)
• Configure domain controllers
– Enforce password age, length, and complexity
• Password policy aspects that can be enforced:
– Account lockout threshold
• Set number of failed attempts before account is
disabled temporarily
– Account lockout duration
• Set period of time account is locked out after failed
logon attempts
• Disable LM Hashes
31. Tools for Identifying Vulnerabilities in
Windows
• Many tools are available
– Using more than one is advisable
• Using several tools
– Helps pinpoint problems more accurately
32. Built-in Windows Tools
• Microsoft Baseline Security Analyzer (MBSA)
– Capable of checking for:
• Patches
• Security updates
• Configuration errors
• Blank or weak passwords
36. Using MBSA
• System must meet minimum requirements
– Before installing
• After installing, MBSA can:
– Scan itself
– Scan other computers remotely
– Be scanned remotely
38. Best Practices for Hardening Windows
Systems
• Penetration tester
– Finds and reports vulnerabilities
• Security tester
– Finds vulnerabilities
– Gives recommendations for correcting them
39. Patching Systems
• Best way to keep systems secure
– Keep up to date
• Attackers take advantage of known vulnerabilities
• Options for small networks
– Accessing Windows Update manually
– Configure Automatic Updates
• Options for large networks
– Systems Management Server (SMS)
– Windows Software Update Service (WSUS)
• Third-party patch management solutions
40. Antivirus Solutions
• Antivirus solution is essential
– Small networks
• Desktop antivirus tool with automatic updates
– Large networks
• Require corporate-level solution
• Antivirus tools
– Almost useless if not updated regularly
41. PUPs (Potentially Unwanted
Programs)
• Programs that come bundled with freeware
• Not technically viruses or illegal
• Most antivirus won't block them by default
43. Enable Logging and Review Logs
Regularly
• Important step for monitoring critical areas
– Performance
– Traffic patterns
– Possible security breaches
• Can have negative impact on performance
• Review regularly
– Signs of intrusion or problems
• Use log-monitoring tool
44. Disable Unused Services and Filtering
Ports
• Disable unneeded services
• Delete unnecessary applications or scripts
– Unused applications are invitations for attacks
• Reducing the attack surface
– Open only what needs to be open, and close
everything else
• Filter out unnecessary ports
– Make sure perimeter routers filter out ports 137 to
139 and 445
45. Other Security Best Practices
• Other practices include:
– Delete unused scripts and sample applications
– Delete default hidden shares
– Use different naming scheme and passwords for
public interfaces
– Be careful of default permissions
– Use appropriate packet-filtering techniques
– Use available tools to assess system security
– Disable Guest account
46. Other Security Best Practices (cont’d.)
• Other practices include (cont’d.):
– Rename (or disable) default Administrator account
– Make sure there are no accounts with blank
passwords
– Use Windows group policies
– Develop a comprehensive security awareness
program
– Keep up with emerging threats
55. Linux OS Vulnerabilities
• Linux can be made more secure
– Awareness of vulnerabilities
– Keep current on new releases and fixes
• Many versions are available
– Differences ranging from slight to major
• It’s important to understand basics
– Run control and service configuration
– Directory structure and file system
– Basic shell commands and scripting
– Package management
56. Samba
• Open-source implementation of CIFS
– Created in 1992
• Allows sharing resources over a network
– Security professionals should have basic knowledge
of SMB and Samba
• Many companies have a mixed environment of
Windows and *nix systems
• Used to “trick” Windows services into believing *nix
resources are Windows resources
57. Tools for Identifying Linux
Vulnerabilities
• CVE Web site
– Source for discovering possible attacker avenues
Table 8-4 Linux vulnerabilities found at CVE
58. Tools for Identifying Linux
Vulnerabilities (cont’d.)
• OpenVAS can enumerate multiple OSs
– Security tester using enumeration tools can:
• Identify a computer on the network by using port
scanning and zone transfers
• Identify the OS by conducting port scanning
• Identify via enumeration any logon accounts
• Learn names of shared folders by using enumeration
• Identify services running
60. Figure 8-6 OpenVAS revealing a security hole resulting from a Firefox vulnerability
61. Figure 8-7 OpenVAS revealing a security hole resulting from a DHCP
client vulnerability
62. Checking for Trojan Programs
• Most Trojan programs perform one or more of the
following:
– Allow remote administration of attacked system
– Create a file server on attacked computer
• Files can be loaded and downloaded
– Steal passwords from attacked system
• E-mail them to attacker
– Log keystrokes
• E-mail results or store them in a hidden file the attacker
can access remotely
63. Checking for Trojan Programs (cont’d.)
• Linux Trojan programs
– Sometimes disguised as legitimate programs
– Contain program code that can wipe out file systems
– More difficult to detect today
• Protecting against identified Trojan programs is easier
• Rootkits containing Trojan binary programs
– More dangerous
– Attackers hide tools
• Perform further attacks
• Have access to backdoor programs
64. More Countermeasures Against Linux
Attacks
• Most critical tasks:
– User awareness training
– Keeping current
– Configuring systems to improve security
65. User Awareness Training
• Inform users
– No information should be given to outsiders
• Knowing OS makes attacks easier
– Be suspicious of people asking questions
• Verify who they are talking to
• Call them back
66. Keeping Current
• As soon as a vulnerability is discovered and posted
– OS vendors notify customers
• Upgrades
• Patches
– Installing fixes promptly is essential
• Linux distributions
– Most have warning methods
67. Secure Configuration
• Many methods to help prevent intrusion
– Vulnerability scanners
– Built-in Linux tools
– Free benchmark tools
• Center for Internet Security
– Security Blanket
• Trusted Computer Solutions