An overview of infrastructure security, including access control, firewalls, IDS, IPS, deep packet inspection, advance threat protection, honeypots, and threat intel.
This document provides instructions for building a virtual pentesting environment using Kali Linux and Metasploitable VMs. It discusses setting up a host-only network in VirtualBox for testing vulnerable VMs. It also outlines importing and configuring the Kali and Metasploitable VMs, ensuring they are on the same host-only network and can communicate. Nmap is then used to verify Metasploitable is reachable over the network. The goal is to setup a controlled environment for practicing penetration testing techniques.
The document discusses exploitation techniques used during penetration testing. It defines exploitation as getting unauthorized access or making unauthorized changes. The goal is typically to compromise systems and objectives, such as gaining administrative access to a website. Methods covered include fuzzing applications, accessing file systems and logs, using command injection to execute code, and establishing remote command shells. The exploitation cycle involves using information gained to get more access and make additional changes until objectives are met.
The document provides an overview of ways to secure Windows systems, beginning with general advice like enabling drive encryption with BitLocker or VeraCrypt, using strong passwords, and implementing the principle of least privilege for access control. It discusses Windows tools like Cmd, PowerShell, Windows Event Viewer, and the Windows Registry that can help secure and monitor systems. The document also provides an introduction to Active Directory, including its components, structure, and use of group policy for centralized management. It concludes with an overview of updated Microsoft security tools like Defender Security Center, Exploit Guard, Attack Surface Reduction, and Event Forwarding.
The document discusses a proof of concept for network security monitoring (NSM) in the cloud. It outlines the challenges of cloud NSM due to lack of network visibility. The proposed solution is a server-side NSM client that would capture full packet data and transfer it to a Security Onion server for analysis. The core design principles are to integrate with Security Onion, maintain NSM principles, support multiple platforms, be open source, and ensure security and long-term sustainability. The document describes the basic architecture using WinTAP and OpenVPN to bridge traffic between cloud servers and the Security Onion sensor. It provides details on installation, performance metrics, validation testing, and real world usage scenarios to demonstrate cloud NSM.
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
Network attacks in wired Lan environments
Protection in wired Lan
Layout of modern networks ( wired + wireless )
Difference between wired and wireless security
Most powerful situation to acquire in any network
Wireless attacks
Why NTP ?
Captive portal attacks
Conclusion and some wild thoughts
For complete data to perform this attack please go to the Github link below:
https://github.com/mohitrajain/Wireless_security_beyond_password_cracking
An overview of infrastructure security, including access control, firewalls, IDS, IPS, deep packet inspection, advance threat protection, honeypots, and threat intel.
This document provides instructions for building a virtual pentesting environment using Kali Linux and Metasploitable VMs. It discusses setting up a host-only network in VirtualBox for testing vulnerable VMs. It also outlines importing and configuring the Kali and Metasploitable VMs, ensuring they are on the same host-only network and can communicate. Nmap is then used to verify Metasploitable is reachable over the network. The goal is to setup a controlled environment for practicing penetration testing techniques.
The document discusses exploitation techniques used during penetration testing. It defines exploitation as getting unauthorized access or making unauthorized changes. The goal is typically to compromise systems and objectives, such as gaining administrative access to a website. Methods covered include fuzzing applications, accessing file systems and logs, using command injection to execute code, and establishing remote command shells. The exploitation cycle involves using information gained to get more access and make additional changes until objectives are met.
The document provides an overview of ways to secure Windows systems, beginning with general advice like enabling drive encryption with BitLocker or VeraCrypt, using strong passwords, and implementing the principle of least privilege for access control. It discusses Windows tools like Cmd, PowerShell, Windows Event Viewer, and the Windows Registry that can help secure and monitor systems. The document also provides an introduction to Active Directory, including its components, structure, and use of group policy for centralized management. It concludes with an overview of updated Microsoft security tools like Defender Security Center, Exploit Guard, Attack Surface Reduction, and Event Forwarding.
The document discusses a proof of concept for network security monitoring (NSM) in the cloud. It outlines the challenges of cloud NSM due to lack of network visibility. The proposed solution is a server-side NSM client that would capture full packet data and transfer it to a Security Onion server for analysis. The core design principles are to integrate with Security Onion, maintain NSM principles, support multiple platforms, be open source, and ensure security and long-term sustainability. The document describes the basic architecture using WinTAP and OpenVPN to bridge traffic between cloud servers and the Security Onion sensor. It provides details on installation, performance metrics, validation testing, and real world usage scenarios to demonstrate cloud NSM.
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
Network attacks in wired Lan environments
Protection in wired Lan
Layout of modern networks ( wired + wireless )
Difference between wired and wireless security
Most powerful situation to acquire in any network
Wireless attacks
Why NTP ?
Captive portal attacks
Conclusion and some wild thoughts
For complete data to perform this attack please go to the Github link below:
https://github.com/mohitrajain/Wireless_security_beyond_password_cracking
This document provides an overview of VPN options including IPsec, OpenVPN, and PPTP. It recommends using IPsec or OpenVPN for site-to-site VPNs and mobile users, with OpenVPN being easier to configure for mobile users. The document dives deeper into IPsec, discussing its modes, usage with IPv6, an example site-to-site configuration, troubleshooting tips, and packet capture for tracing traffic. It announces an upcoming session on March 21st and invites questions and feedback.
This document provides an overview and comparison of Suricata and Snort intrusion detection systems. It discusses features like performance, rule writing, and capabilities. PF_ring and netsniff-ng are introduced as tools for improving packet capture speed. The document also demonstrates how to write Snort rules specifying actions, protocols, IP addresses, ports, directions and other options.
This chapter discusses vulnerability exploitation, including using tools like nmap scripts, Nessus, OpenVAS, Hydra, and Metasploit to identify and exploit vulnerabilities. It emphasizes obtaining tools from reliable sources, testing in a lab environment first, and explaining risks to the client. Metasploit is introduced as a framework for hundreds of exploits and payloads that can be used to deliver a "bomb" via a "bomber." The chapter demonstrates launching Metasploit, exploring exploits and payloads, specifying targets and payloads, executing exploits, and interacting with sessions.
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
This document discusses blackholing from a provider's perspective. It describes how blackholing can be implemented at the provider's upstreams and internet exchange points (IXPs). The document also discusses using FastNetMon for DDoS attack detection and implementing blackholing policies on routers to discard attack traffic in the case of a detected DDoS attack.
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
This document summarizes a hangout on firewalls and virtualization. It discusses types of virtualization, virtual networking options like bridged, NAT, and host-only, and considerations for virtualizing firewalls in production and for testing. Virtual networking is demonstrated for VirtualBox, VMware, ESX, and Hyper-V. While virtual firewalls can work well, having a physical firewall manage the virtualization environment is recommended. Performance and high availability considerations are also covered.
This document provides an overview of key networking components in Amazon Web Services (AWS) including:
- Virtual Private Cloud (VPC) which acts as a virtual data center in the cloud
- Subnets which are ranges of IP addresses within a VPC
- Security groups and Network Access Control Lists (NACLs) which provide security controls
- Route tables which determine traffic routing
- Internet Gateways and NAT Instances/Gateways which control internet access
- VPC Peering which enables connectivity between separate VPCs within AWS
This document describes an open-source solution for improving fast detection of and automating mitigation of DDoS attacks. The solution uses FastNetMon for fast detection of attacks from sFlow, NetFlow, or port mirroring. Metrics and events are stored in InfluxDB for analysis by Morgoth and visualization in Grafana. Net Healer uses policies to trigger actions like blackholing routes in BIRD based on data from Redis and anomalies detected by Morgoth in InfluxDB. This provides faster detection and reaction than traditional hardware appliances alone.
FastNetMon is an open source, cross-platform, and lightweight real-time black hole monitoring system that can detect network anomalies from sFlow, Netflow, or mirrored port data. It has flexible response methods and works with routing protocols like ExaBGP and GoBGP, though its limited documentation and some quirks like inaccurate flow averages require modifications for optimal use.
Hitch TLS is a small and fast TLS terminator that is bundled with Varnish Plus. It allows client-side TLS termination with Varnish Cache Plus handling encryption and decryption. TLS can also be used to encrypt connections to backends by adding ".ssl = 1" to backend definitions in Varnish. Hitch TLS supports features like OCSP stapling, PROXY protocol, and run-time reloads for updating certificates without interrupting service. Performance testing shows it can handle high throughput workloads with good scalability on commodity hardware.
This document summarizes steps for installing and configuring Suricata on Kali Linux for intrusion detection and prevention. It describes setting up Suricata with NFQUEUE to inspect network traffic, configuring rules for file extraction and storage, and various ways of writing rules to detect files based on properties like file extensions, magic bytes, and pixel dimensions. It also provides examples of rules for common file types and quizzes for writing rules to detect specific file attributes.
Protect your edge BGP security made simplePavel Odintsov
SysEleven filters routes to protect its edge by rejecting bogon prefixes and invalid routes. It generates prefix filters automatically based on peer AS sets to apply strict inbound filtering. It also uses RPKI to validate routes and reject invalid announcements. For DDoS mitigation, it uses FastNetMon for detection and FlowSpec to propagate rate limiting filters via BGP to upstream providers for quick attack mitigation in under 2 minutes. Open source tools like bgpq3, aggregate, and GoBGP help implement these solutions in a cost effective manner.
Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools.
Free trial: https://fastnetmon.com/trial/
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
APNIC's Senior Security Specialist Adli Wahid gave a presentation on Linux malware, DDoS agents and bots, based on observations from the Honeynet project at the IX 2020 – Internet Security and Mitigation of Risk Webinar, held online on 15 June 2020.
This document discusses challenges and solutions related to detecting and mitigating DDoS attacks in IPv6 environments. It provides an overview of common attack vectors in IPv6, such as protocol floods, fragmentation attacks, and spoofing. It also addresses issues with using existing monitoring tools in IPv6 networks and proposes protocols like Netflow v9, IPFIX, and sFlow v5 for exporting IPv6 traffic metadata. Specific challenges involving BGP, blackholing, traffic engineering and fastnetmon tool support for IPv6 are examined along with potential solutions.
Nmap is a security scanning tool used to discover hosts and services on a computer network. It sends specially crafted packets to target hosts and analyzes the responses to perform functions like host discovery, port scanning, version detection, and operating system detection. The document provides 20 examples of Nmap commands, such as commands to scan a single host or IP address, scan multiple addresses or ranges, perform specific scans like OS detection or version detection, and save scan output to files.
Netcat is a versatile networking tool that can be used for port scanning, port redirection, listening for incoming connections, and creating remote connections. It allows creating a simple command line chat server by running nc in listen mode on one system and connecting to it from another. Netcat can also identify services running on specific ports by obtaining port banners, and has been used by hackers to create backdoors by launching a shell on a listened port.
This document provides an overview of Nmap Scripting Engine (NSE) for security researchers looking to build NSE scripts. It covers the anatomy of an NSE script including required components like metadata, categories, portrules and actions. It also provides tips for scriptors like specifying the script directory, using debugging mode, and updating the script database. The goal is to provide a kickstart for researchers to learn how to create NSE scripts and proofs-of-concept.
JANOG39 トラフィック可視化 BoF 発表資料
Japanese - https://www.janog.gr.jp/meeting/janog39/program/traffic
English - https://www.janog.gr.jp/meeting/janog39/en/programs/y-bof-traffic
This document discusses network sniffing and capturing login credentials in plain text protocols. It describes setting up a telnet server and client to experiment with sniffing username and password information using tcpdump and ngrep tools on the local network. The document recommends trying the same technique on other protocols like FTP, POP, SMTP and exploring more secure replacement protocols due to vulnerabilities in sending plain text credentials over the network.
In this presentation I will cover the basics of how to perform dictionary attacks against Windows Active Directory accounts safely. Below is an overview of the steps that will be covered:
Identify domains
Enumerate domain controllers
Enumerate users from domain controllers
Enumerate password policy from domain controllers
Perform dictionary attack
More security blogs by the authors can be found @
https://www.netspi.com/blog/
The document provides information on various network analysis and scanning tools including:
- DNStracer which traces DNS queries back through recursive DNS servers.
- Tcptraceroute which performs traceroutes using TCP packets to bypass firewalls in the same way nmap does.
- Nmap which is a security scanning tool used for network inventory, management and auditing through techniques like host discovery, port scanning and OS detection.
- Lanmap which listens to network traffic on an interface and maps the topology of who is communicating with who and how much using various protocols.
- SPIKE which is a network protocol fuzzer development framework that represents protocols as blocks of binary data and size to allow
This document provides an overview of VPN options including IPsec, OpenVPN, and PPTP. It recommends using IPsec or OpenVPN for site-to-site VPNs and mobile users, with OpenVPN being easier to configure for mobile users. The document dives deeper into IPsec, discussing its modes, usage with IPv6, an example site-to-site configuration, troubleshooting tips, and packet capture for tracing traffic. It announces an upcoming session on March 21st and invites questions and feedback.
This document provides an overview and comparison of Suricata and Snort intrusion detection systems. It discusses features like performance, rule writing, and capabilities. PF_ring and netsniff-ng are introduced as tools for improving packet capture speed. The document also demonstrates how to write Snort rules specifying actions, protocols, IP addresses, ports, directions and other options.
This chapter discusses vulnerability exploitation, including using tools like nmap scripts, Nessus, OpenVAS, Hydra, and Metasploit to identify and exploit vulnerabilities. It emphasizes obtaining tools from reliable sources, testing in a lab environment first, and explaining risks to the client. Metasploit is introduced as a framework for hundreds of exploits and payloads that can be used to deliver a "bomb" via a "bomber." The chapter demonstrates launching Metasploit, exploring exploits and payloads, specifying targets and payloads, executing exploits, and interacting with sessions.
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
This document discusses blackholing from a provider's perspective. It describes how blackholing can be implemented at the provider's upstreams and internet exchange points (IXPs). The document also discusses using FastNetMon for DDoS attack detection and implementing blackholing policies on routers to discard attack traffic in the case of a detected DDoS attack.
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
This document summarizes a hangout on firewalls and virtualization. It discusses types of virtualization, virtual networking options like bridged, NAT, and host-only, and considerations for virtualizing firewalls in production and for testing. Virtual networking is demonstrated for VirtualBox, VMware, ESX, and Hyper-V. While virtual firewalls can work well, having a physical firewall manage the virtualization environment is recommended. Performance and high availability considerations are also covered.
This document provides an overview of key networking components in Amazon Web Services (AWS) including:
- Virtual Private Cloud (VPC) which acts as a virtual data center in the cloud
- Subnets which are ranges of IP addresses within a VPC
- Security groups and Network Access Control Lists (NACLs) which provide security controls
- Route tables which determine traffic routing
- Internet Gateways and NAT Instances/Gateways which control internet access
- VPC Peering which enables connectivity between separate VPCs within AWS
This document describes an open-source solution for improving fast detection of and automating mitigation of DDoS attacks. The solution uses FastNetMon for fast detection of attacks from sFlow, NetFlow, or port mirroring. Metrics and events are stored in InfluxDB for analysis by Morgoth and visualization in Grafana. Net Healer uses policies to trigger actions like blackholing routes in BIRD based on data from Redis and anomalies detected by Morgoth in InfluxDB. This provides faster detection and reaction than traditional hardware appliances alone.
FastNetMon is an open source, cross-platform, and lightweight real-time black hole monitoring system that can detect network anomalies from sFlow, Netflow, or mirrored port data. It has flexible response methods and works with routing protocols like ExaBGP and GoBGP, though its limited documentation and some quirks like inaccurate flow averages require modifications for optimal use.
Hitch TLS is a small and fast TLS terminator that is bundled with Varnish Plus. It allows client-side TLS termination with Varnish Cache Plus handling encryption and decryption. TLS can also be used to encrypt connections to backends by adding ".ssl = 1" to backend definitions in Varnish. Hitch TLS supports features like OCSP stapling, PROXY protocol, and run-time reloads for updating certificates without interrupting service. Performance testing shows it can handle high throughput workloads with good scalability on commodity hardware.
This document summarizes steps for installing and configuring Suricata on Kali Linux for intrusion detection and prevention. It describes setting up Suricata with NFQUEUE to inspect network traffic, configuring rules for file extraction and storage, and various ways of writing rules to detect files based on properties like file extensions, magic bytes, and pixel dimensions. It also provides examples of rules for common file types and quizzes for writing rules to detect specific file attributes.
Protect your edge BGP security made simplePavel Odintsov
SysEleven filters routes to protect its edge by rejecting bogon prefixes and invalid routes. It generates prefix filters automatically based on peer AS sets to apply strict inbound filtering. It also uses RPKI to validate routes and reject invalid announcements. For DDoS mitigation, it uses FastNetMon for detection and FlowSpec to propagate rate limiting filters via BGP to upstream providers for quick attack mitigation in under 2 minutes. Open source tools like bgpq3, aggregate, and GoBGP help implement these solutions in a cost effective manner.
Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools.
Free trial: https://fastnetmon.com/trial/
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
APNIC's Senior Security Specialist Adli Wahid gave a presentation on Linux malware, DDoS agents and bots, based on observations from the Honeynet project at the IX 2020 – Internet Security and Mitigation of Risk Webinar, held online on 15 June 2020.
This document discusses challenges and solutions related to detecting and mitigating DDoS attacks in IPv6 environments. It provides an overview of common attack vectors in IPv6, such as protocol floods, fragmentation attacks, and spoofing. It also addresses issues with using existing monitoring tools in IPv6 networks and proposes protocols like Netflow v9, IPFIX, and sFlow v5 for exporting IPv6 traffic metadata. Specific challenges involving BGP, blackholing, traffic engineering and fastnetmon tool support for IPv6 are examined along with potential solutions.
Nmap is a security scanning tool used to discover hosts and services on a computer network. It sends specially crafted packets to target hosts and analyzes the responses to perform functions like host discovery, port scanning, version detection, and operating system detection. The document provides 20 examples of Nmap commands, such as commands to scan a single host or IP address, scan multiple addresses or ranges, perform specific scans like OS detection or version detection, and save scan output to files.
Netcat is a versatile networking tool that can be used for port scanning, port redirection, listening for incoming connections, and creating remote connections. It allows creating a simple command line chat server by running nc in listen mode on one system and connecting to it from another. Netcat can also identify services running on specific ports by obtaining port banners, and has been used by hackers to create backdoors by launching a shell on a listened port.
This document provides an overview of Nmap Scripting Engine (NSE) for security researchers looking to build NSE scripts. It covers the anatomy of an NSE script including required components like metadata, categories, portrules and actions. It also provides tips for scriptors like specifying the script directory, using debugging mode, and updating the script database. The goal is to provide a kickstart for researchers to learn how to create NSE scripts and proofs-of-concept.
JANOG39 トラフィック可視化 BoF 発表資料
Japanese - https://www.janog.gr.jp/meeting/janog39/program/traffic
English - https://www.janog.gr.jp/meeting/janog39/en/programs/y-bof-traffic
This document discusses network sniffing and capturing login credentials in plain text protocols. It describes setting up a telnet server and client to experiment with sniffing username and password information using tcpdump and ngrep tools on the local network. The document recommends trying the same technique on other protocols like FTP, POP, SMTP and exploring more secure replacement protocols due to vulnerabilities in sending plain text credentials over the network.
In this presentation I will cover the basics of how to perform dictionary attacks against Windows Active Directory accounts safely. Below is an overview of the steps that will be covered:
Identify domains
Enumerate domain controllers
Enumerate users from domain controllers
Enumerate password policy from domain controllers
Perform dictionary attack
More security blogs by the authors can be found @
https://www.netspi.com/blog/
The document provides information on various network analysis and scanning tools including:
- DNStracer which traces DNS queries back through recursive DNS servers.
- Tcptraceroute which performs traceroutes using TCP packets to bypass firewalls in the same way nmap does.
- Nmap which is a security scanning tool used for network inventory, management and auditing through techniques like host discovery, port scanning and OS detection.
- Lanmap which listens to network traffic on an interface and maps the topology of who is communicating with who and how much using various protocols.
- SPIKE which is a network protocol fuzzer development framework that represents protocols as blocks of binary data and size to allow
Nmap is an open source tool that can scan networks to discover available hosts, services on hosts, operating systems and versions running on hosts, types of firewalls and filters in place, and other network details. It works across Linux, Windows, and other platforms. Nmap uses raw IP packets to gather this information, which can help identify security issues but also be used by attackers for reconnaissance. The tool supports various types of scans with different tradeoffs between stealthiness and information discovered. While Nmap has both command line and GUI interfaces, advanced usage requires command line expertise.
Nmap is an open source network scanning tool that can discover available hosts on a network, the services running on them, operating systems and firewalls in use. It uses raw IP packets to map out devices and collect valuable information for both network management and security profiling. Nmap runs on Linux, Windows and other platforms, and offers various scan types from stealthy to more aggressive depending on the information needed. Both command line and GUI interfaces allow users to quickly get started with basic scans, while advanced features require more technical expertise.
Network scanning with Nmap for Noobs and Ninjas - This slide was presented at Null Delhi monthly security meet by Nikhil and Jayvardhan.
https://www.facebook.com/nullOwaspDelhi/
The document discusses using Nmap to perform network scanning and reconnaissance. It provides an overview of Nmap, describing common scan types like TCP and UDP scans. It also covers useful Nmap options for tasks like service and operating system detection. The document demonstrates the Nmap Scripting Engine for tasks like vulnerability scanning and brute force attacks. It provides examples of commands for different scan types and scripts.
Nmap is an open source network scanning tool that can discover hosts on a network, services running on hosts, operating systems in use, and vulnerabilities. It uses raw IP packets to determine details about targets. Nmap runs on Linux, Windows, and other platforms and has both command line and graphical interfaces. Common scan types include TCP connect, SYN stealth, UDP scans, and operating system detection to reveal details about targets on a network.
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
Nmap Scripting Engine and http-enumerationRobert Rowley
Nmap is a network scanning tool that scans hosts and networks for open ports. The Nmap Scripting Engine (NSE) allows Nmap to perform additional checks and functions beyond basic port scanning. NSE uses the Lua programming language to write scripts for tasks like service detection, vulnerability testing, and malware detection. Popular NSE scripts scan for vulnerabilities like SQL injection, fingerprint web servers and applications, perform service/version detection, and more. The NSE community develops and shares new scripts on the Nmap site to continually improve Nmap's scanning abilities.
Nmap is a free and open-source tool used for network discovery and security auditing. It can discover hosts and services on a computer network by sending packets and analyzing responses. Some key capabilities of Nmap include host discovery, port scanning, service and OS detection. It has a variety of scan types and options that allow users to customize scans for different needs such as speed or stealth. Nmap also includes Nmap Scripting Engine (NSE) which provides scripts for tasks like vulnerability detection and service enumeration.
This document is a presentation report submitted by four students at M. S. Ramaiah Institute of Technology for their 5th semester Data Communication course. It discusses the network scanning tool Nmap, describing its features for host discovery, port scanning, OS detection and more. It then provides details of performing a port scanning experiment with Nmap, explaining the different port states Nmap can detect and demonstrating TCP and UDP scan types.
1. To perform active OS fingerprinting, use Nmap's "-O" flag followed by the target IP address. This sends probe packets to the target and analyzes the responses to determine the operating system.
2. For passive fingerprinting, sniff the network traffic without making contact with targets. Analyze characteristics like TCP/IP stack implementation to fingerprint operating systems.
3. Nmap is a useful tool for active fingerprinting as it has a large database of OS fingerprints. Passive fingerprinting can be done using a network sniffer without alerting targets. Both methods provide ways to remotely determine operating systems without access to
Nmap is a network scanning tool that can discover hosts and services on a network. It can scan TCP and UDP ports, perform OS and version detection, and has both command line and GUI interfaces. Nmap allows specification of target hosts by IP address, CIDR notation for subnets, or hostname. It provides information about open ports and common services, and can detect vulnerabilities.
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
The document discusses Nmap, a free and open source tool for network discovery and security auditing. It describes Nmap's scanning techniques like SYN scans, ping scans, UDP scans, and version detection. It also covers options for detecting the operating system, specifying hosts and ports to include or exclude from scans, getting real-time information through verbose mode and packet tracing, and logging scan results in different formats.
The document discusses footprinting techniques for security auditors. It covers gathering publicly available information about targets through tools like Whois, DNS lookups, search engines and network mappers to identify domains, IP addresses, systems and names. It then discusses active footprinting using port scanners like NMAP to detect open ports and services, identify operating systems and check for vulnerabilities. NMAP scripts can automate tasks like banner grabbing, HTTP enumeration and vulnerability detection for services like MySQL. Other tools mentioned include Maltego, Shodan, Censys and the NSE script library for more advanced information gathering.
Zenmap is a graphical frontend for the Nmap security scanner that aims to make Nmap easier for beginners and experienced users to use. It provides features like saving frequently used scans as profiles, comparing scan results, and storing recent scans in a searchable database. The purpose of Zenmap is not to replace Nmap but to enhance its usability. It allows interactive viewing of scan results and topology mapping.
Nmap is a free and open-source tool for network discovery and security auditing. It can be used to discover hosts and services on a computer network by scanning target hosts and performing port scanning, version detection, and OS detection. System administrators, network engineers, and auditors use Nmap for security auditing, compliance testing, asset management, and network/system inventory. While Nmap provides useful information for hardening network security, it can also be used maliciously for reconnaissance, so permission should be obtained before using it on networks.
IP network scanning involves gathering information about devices on a network such as which hosts are active and which services and ports are open. The document discusses common scanning techniques including ping sweeps to discover active hosts, port scanning to identify open ports, and methods for detecting operating systems and software versions running on remote hosts. It provides examples using the free and open-source nmap tool, which is considered the standard for port scanning and network discovery.
Nmap is a security tool used to discover hosts on a network, the services running on them, and operating system details. It performs host discovery using ping scans, port scanning to identify open ports and services running, and OS detection using TCP/IP fingerprinting. Nmap sends crafted packets and compares the responses to fingerprints to determine the likely OS. It has options for different scan types, port ranges, and detection methods and provides insights into network security and available services.
The document discusses Python jails (PyJails), which are CTF problems that provide a limited Python interpreter. The goal is typically to call restricted functions like os.system() or open() to access files. Common solutions leverage attributes of Python objects like __class__, __globals__, and __builtins__ to access the open() function despite restrictions. The document then provides an in-depth explanation of these Python object attributes and how they allow constructing a solution to bypass the restrictions in a PyJail.
This document provides information about the Computer Security Group (CSG) Spring 2022 kickoff event. It introduces CSG as a weekly security-focused student group. It also describes the Scholarship for Service program, lists the CSG leadership team, and advertises upcoming technical talks on topics like embedded systems, Python, anonymity, and fuzzing. Members are encouraged to attend weekly meetings, join the Discord server, and suggest additional talk topics.
This document provides an introduction to cloud computing, including what cloud is, its benefits and drawbacks, common cloud service models (SaaS, PaaS, IaaS), major cloud providers, and common cloud computing services. Key cloud computing services discussed include compute services (like AWS EC2 and Google Compute Engine), databases, storage, and additional AI/ML and serverless services. The document also highlights some free cloud credits and resources available for students.
1. The document discusses various methods for gaining domain administrator privileges on a Windows domain, including exploiting the domain's architecture, abusing Active Directory services like Kerberos, and cracking Kerberos tickets.
2. It provides three attack scenarios: leveraging internal access and the BloodHound tool, performing an NTLM relay attack against WebDAV to setup delegation, and directly cracking Kerberos tickets by requesting tickets for service principal names.
3. The document recommends demonstrating these attacks against a test environment to gain hands-on experience compromising a Windows domain from different starting points.
Python is an interpreted programming language that can be used for many purposes including security related tasks. It was created in the late 1980s by Guido van Rossum and named after the Monty Python comedy group. There are differences between Python versions 2.7 and 3.0, such as print becoming a function in 3.0. Python has an interactive shell environment that allows users to run commands and an extensive standard library including data types like lists, tuples, sets and dictionaries. Libraries like pwntools and PyCryptodome provide functionality for tasks like exploit development and cryptography.
This document provides an introduction and overview of various topics related to cybersecurity including programming languages, operating systems, networks, penetration testing tools, defensive tools, and security certifications. It also lists upcoming cybersecurity events at the school including an intern fair, career fair, engineering week, capture the flag competition, and security operations center competition. Students are invited to sign in using a QR code or URL to participate in resume critiques and learn more.
Bash is a command line shell that allows users to interact with and manage a Linux operating system. It can be used to edit files and system configurations, monitor and manage processes, run scripts, and more. Common bash commands include ls to list directories, cd to change directories, cat to output file contents, and man to view command manuals. The demo section provides a hands-on experience using bash commands.
1. The document discusses web exploitation and provides tips for assessing what functionality a server may have and how to test for vulnerabilities.
2. It lists common server-side technologies like PHP, Python, NodeJS that have been exploited in past events, and encourages researching assumed functionality and how others may have previously exploited similar systems.
3. The document emphasizes that web exploitation involves searching and researching to understand what a server can do in response to inputs, as its functionality may not always be obvious, in order to discover ways to read files or execute code remotely.
This document provides an overview of network exploitation, including types of networks, network environments, internal vs external networks, network enumeration tools, and attack routing. It announces upcoming events and provides details about local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), corporate and personal network environments, using Nmap and Nessus for scanning, and pivoting through internal networks from external points.
1. The document discusses the steps of a penetration test against a target machine called Celestial on the Hack the Box platform.
2. It outlines reconnaissance, enumeration through Nmap scanning, exploitation to gain initial access, escalation of privileges from user to root, establishing persistence, and clean-up to remove traces of access.
3. The target is an Linux machine at IP 10.10.10.85, and the session will walk through each step of the penetration test process.
This presentation gives an overview of many different encryption and encoding schemes. The content ranges from simple encodings, such as ASCII text represented as decimals to classical ciphers, such as Caesar and Vigenere ciphers to modern encryption standards, such as the Data Encryption Standard (DES) and Advanced Encryption Standard (AES). For modern encryption, there are many different implementation flaws that are discussed in the presentation as well as a few ideas for how to correct those flaws. At the end of the presentation, some thought questions are provided.
We continue where we left off from Part 1. This section covers 2 main topics, debugging libraries and fuzzer design. For debugging libraries we go over PyDBG and WinAppDbg, discussing basic to intermediate examples, and when you might want to use one instead of the other. After that, fuzzer design is discussed, including goals, design choices, architecture, etc. Some code samples are shown from my fuzzer, along with a github link for those who are interested.
This document provides an introduction to software exploitation on Linux 32-bit systems. It covers common exploitation techniques like buffer overflows, format strings, and ret2libc attacks. It discusses the Linux memory layout and stack structure. It explains buffer overflows on the stack and heap, and how to leverage them to alter control flow and execute arbitrary code. It also covers the format string vulnerability and how to leak information or write to arbitrary memory locations. Tools mentioned include GDB, exploit-exercises, and Python. Overall it serves as a crash course on the basic techniques and concepts for Linux exploitation.
This is part 1 of fuzzing, an introduction to the subject. This presentation covers some of theory and thought process behind the subject, as well as an introduction to environment variable fuzzing and file format fuzzing.
The document summarizes how to exploit a heap-based buffer overflow vulnerability in the Protostar Heap 3 challenge. It describes using the Doug Lea malloc implementation, modifying chunk size metadata to change program execution, overwriting pointers to hijack control flow, and crafting 12-byte shellcode to jump to a "winner()" function and complete the exploit.
We introduce the fundamentals of dynamic memory allocation and highlight several exploitable properties. These ideas are put into practice in a set of heap overflow challenges from exploit-exercise.com's Protostar VM. We walk through the first three. Other uses of heap space such as heap spraying are mentioned.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
3. What is Enumeration
Gathering the follow:
● Usernames, Group names, Hostnames
● Network shares
● Services and Versions
● DNS, SNMP, SMB
Reason for gathering:
● To get initial access
● To perform lateral movement
● To make exploitation easier
4. Tools for Enumeration
● Nmap -- Network mapping and port scanner
● Nessus/Openvas -- Services, vulnerability, leak scanner
● gobuster/dirb -- Directory bruteforcer
● Nikto -- Web server scanner
● WPScan -- WordPress scanner
● Searchsploit -- connected to exploit.db to search for exploits
5. !!!!WARNING!!!!
● Enumeration can get you banned from
services and can be considered illegal
activity
● SCAN -> http://scanme.nmap.org/
For practice
6. Nmap
● Nmap -sP <IPADDRESS>/<SUBNET> = Ping scans the networks, listing machines that respond
to ping
● Nmap -p 1-65535 -sV -sS <IPADRESS> = Full TCP port scan finding services and versions
● Nmap -v -sS -A <IPADDRESS> = Prints verbos output, runs stealth syn scan, finds OS and
detects version
● Nmap -sV -Pn -oX target.xml <IPADDRESS> = Scans for open ports and service version with no
pings sent to target then saves output to target.xml
7. Searchsploit
● Searchsploit --nmap target.xml = Search for
exploits with the nmap output
● Quick and easy way to see exploits without
scanning the target twice
8. Nessus / Openvas
Pros:
● Scans everything you specified
● Can show vulnerabilities and types
● Multiple ip’s at once
Cons:
● Sends a lot of data to target
● Can be slow depending on target
● Target can block your IP
13. Gobuster / Dirb / Dirbuster
Pros:
● Finding obscure directories
● Finding information quickly
● Enumerating the entire file server
Cons:
● Very Loud
● Can cause IP Ban
● Can often prove to be useless