This document outlines steps to attack a NASA web server and DNS server as part of a penetration test. It begins with reconnaissance of the web server to identify services, OS, and vulnerabilities. SQL injection is used to extract password hashes from the database. Privilege escalation exploits a file inclusion vulnerability to gain root access. Additional access is maintained through backdoors. The second target, a DNS server, is pivoted to after uploading a Metasploit payload to connect back to the attacker's machine. Information gathering and brute force attacks are then performed.
The impact of a malware infection can be increased by applying 'lateral movement': spreading the infection from the original infected device to other devices within the same network.This paper shares the technical details of some of the most common spreading techniques used by malware, both within the network and to other networks
The Crisis malware is an advanced malware that infects both Windows and Mac computers. It has the ability to steal browser history, contacts, audio/visual recordings and more. It spreads initially through a signed Java applet and then installs core modules and drivers onto the infected system. Both Windows and Mac versions share similar information stealing and command and control capabilities. The Windows version uniquely targets virtual machines by mounting and infecting VM disk images, and can also steal social media and email account information. The malware authors remain anonymous but the code quality suggests it was intended for espionage or private investigation.
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
The purpose of this report is to focus on one particular aspect of a WannayCry malware in order to understand which vulnerability it ex- ploited and how it is spread into the internet. In the report it will be shown EternalBlue attack and how it is possible to take the pc control thanks to DoublePulsar attack and Meterpreter session. Than it is shown a study case in which it is performed a pivoting attack. In the end it is injected simple keyloggers in the machines attacked in order to take some useful informations.
This was a group project which was created by myself, Samy Izebboudjen, Daniel Phan, and Eric Hernandez in which we tested a denial of service SYN flood script against a targeted website on our own local network on a virtual machine. In this project, we also used virtual machines (via VirtualBox) in order to set up our testing environment as well as used Wireshark to analyze the network traffic during the simulation.
This project was conducted during our ISYS-575 (Information Security Management) course at San Francisco State University and the purpose of this project and write-up was to test network security and determine the overall effects a denial of service attack has against a targeted website/network.
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
Now a day frequency of attacks on network is increased. In this, denial of services (DOS) and IP spoofing are more common. It is very difficult to find out these attacks. Denial of services (DOS) and its type Distributed denial of services (DDOS) are significant problem because it is very hard to detect it. Its main aim to shut resource from internet, and make resource unavailable to legitimate users. IP source address forgery, or “spoofing,” is a long-recognized consequence of the Internet’s lack of packet-level authenticity. IP spoofing is very powerful when it implemented with Distributed denial of services (DDOS). In this paper we deal with the information gathering process to do attacks. The information gathering about the weaknesses of the target system and helps to do attack. Lastly we proposed a new model to protect from attacks.
The document provides guidance on penetration testing biometric fingerprint authentication systems. It outlines various potential attack vectors, including local attacks on the fingerprint sensor and USB data manager, as well as remote attacks on the remote IP management, backend database, and fingerprint manager admin interface. The document then details methods for conducting local attacks, such as using a fingerprint logger to steal a print and reproducing fake fingerprints to trick the sensor. It also discusses vulnerabilities in biometric device network protocols and remote administration capabilities. The goal is to evaluate security and identify ways to bypass authentication or steal sensitive user data from biometric systems.
International Conference On Electrical and Electronics Engineeringanchalsinghdm
ICGCET 2019 | 5th International Conference on Green Computing and Engineering Technologies. The conference will be held on 7th September - 9th September 2019 in Morocco. International Conference On Engineering Technology
The conference aims to promote the work of researchers, scientists, engineers and students from across the world on advancement in electronic and computer systems.
The impact of a malware infection can be increased by applying 'lateral movement': spreading the infection from the original infected device to other devices within the same network.This paper shares the technical details of some of the most common spreading techniques used by malware, both within the network and to other networks
The Crisis malware is an advanced malware that infects both Windows and Mac computers. It has the ability to steal browser history, contacts, audio/visual recordings and more. It spreads initially through a signed Java applet and then installs core modules and drivers onto the infected system. Both Windows and Mac versions share similar information stealing and command and control capabilities. The Windows version uniquely targets virtual machines by mounting and infecting VM disk images, and can also steal social media and email account information. The malware authors remain anonymous but the code quality suggests it was intended for espionage or private investigation.
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
The purpose of this report is to focus on one particular aspect of a WannayCry malware in order to understand which vulnerability it ex- ploited and how it is spread into the internet. In the report it will be shown EternalBlue attack and how it is possible to take the pc control thanks to DoublePulsar attack and Meterpreter session. Than it is shown a study case in which it is performed a pivoting attack. In the end it is injected simple keyloggers in the machines attacked in order to take some useful informations.
This was a group project which was created by myself, Samy Izebboudjen, Daniel Phan, and Eric Hernandez in which we tested a denial of service SYN flood script against a targeted website on our own local network on a virtual machine. In this project, we also used virtual machines (via VirtualBox) in order to set up our testing environment as well as used Wireshark to analyze the network traffic during the simulation.
This project was conducted during our ISYS-575 (Information Security Management) course at San Francisco State University and the purpose of this project and write-up was to test network security and determine the overall effects a denial of service attack has against a targeted website/network.
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
Now a day frequency of attacks on network is increased. In this, denial of services (DOS) and IP spoofing are more common. It is very difficult to find out these attacks. Denial of services (DOS) and its type Distributed denial of services (DDOS) are significant problem because it is very hard to detect it. Its main aim to shut resource from internet, and make resource unavailable to legitimate users. IP source address forgery, or “spoofing,” is a long-recognized consequence of the Internet’s lack of packet-level authenticity. IP spoofing is very powerful when it implemented with Distributed denial of services (DDOS). In this paper we deal with the information gathering process to do attacks. The information gathering about the weaknesses of the target system and helps to do attack. Lastly we proposed a new model to protect from attacks.
The document provides guidance on penetration testing biometric fingerprint authentication systems. It outlines various potential attack vectors, including local attacks on the fingerprint sensor and USB data manager, as well as remote attacks on the remote IP management, backend database, and fingerprint manager admin interface. The document then details methods for conducting local attacks, such as using a fingerprint logger to steal a print and reproducing fake fingerprints to trick the sensor. It also discusses vulnerabilities in biometric device network protocols and remote administration capabilities. The goal is to evaluate security and identify ways to bypass authentication or steal sensitive user data from biometric systems.
International Conference On Electrical and Electronics Engineeringanchalsinghdm
ICGCET 2019 | 5th International Conference on Green Computing and Engineering Technologies. The conference will be held on 7th September - 9th September 2019 in Morocco. International Conference On Engineering Technology
The conference aims to promote the work of researchers, scientists, engineers and students from across the world on advancement in electronic and computer systems.
This document provides a complete report on a penetration test using Kali Linux with a vulnerable machine available on Vulnhub.com. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). The first chapter introduces a short description about cyber-risks and general IT security nowadays. The second chapter contains the setting for the laboratory in Oracle Virtual Box software to virtualize the attacker machine and the target machine. Furthermore, the subchapters are about the attack narrative, each one according to a specific
step-by-step location. Please notice that this walkthrough might contain spoilers to the actual TV series.
Ultimately, a comment about the vulnerabilities found in this challenge, some recommendations and the major consulted resources and used tools.
Stuxnet was a sophisticated malware targeting industrial control systems that was attributed to nation-state sponsorship. The document discusses techniques for attributing malware through analysis of exploits, code quality, debug symbols, and automation. Attribution aims to profile adversary capabilities and differentiate between state-sponsored and criminal actors. Analysis of Stuxnet found use of older vulnerabilities, custom payloads, and insider knowledge of target systems, suggesting a high level of technical skill and resources from a nation state.
The document discusses various cybersecurity threats and exploitation techniques. It introduces vulnerability scanning tools like Nessus and Nikto that can identify security weaknesses. It also discusses methods for exploiting vulnerabilities, including through SQL injection, Perl/CGI issues, and cross-site scripting (XSS) attacks. The document promotes finding and sharing hacking tricks and exploits from security conferences and communities.
This document describes a wireless network security software that was developed to detect vulnerabilities in Wi-Fi access points and recommend prevention techniques. The software performs common attacks such as MITM, DNS spoofing, DOS and MAC spoofing on access points. It also captures the 4-way handshake to crack the network password using dictionaries or custom wordlists. Based on the results of the attacks, it recommends prevention techniques to secure the access point and increase network security. The software aims to help with penetration testing and security analysis of home, work or public wireless networks configured in infrastructure mode.
Describe briefly the OSI Reference model and its relevance to computer security. [4 Marks]
• Ans 1: The Open System Interconnection Model (OSI) is a standardized framework for describing how computers communicate with each other over a network system. The OSI model also conceptualizes how data flows through a stack of seven layers, beginning with the physical layer and continuing through the datalink, network, transport, session, presentation, and finally the application layer (Simoneau, 2006)
The document discusses the Media Access Control (MAC) address, which is a unique identifier assigned to network interfaces for identification. MAC addresses are permanent and work at the data link layer, unlike IP addresses which can change and work at the network layer. MAC address spoofing involves changing the MAC address to hide a device's identity or bypass access control lists. Intrusion detection systems are also discussed as important tools to detect attacks on networks.
Penetration testing involves assessing an organization's security processes and vulnerabilities by simulating real-world attacks. This is done through methodologies like OSSTMM and standards like CIS guides and ISO 2700x. The goals are to estimate security, gain unauthorized access to systems, and access certain information/data. Approaches include perimeter, wireless, and internal testing from user workstations or network segments. Real attacks aim to hack, while penetration testing is legal and aims to help organizations. Common tools used include Nmap, Metasploit, Cain & Abel, Aircrack, and browser/notepad. Examples demonstrated password cracking, SQL injection exploitation, and privilege escalation in Active Directory. Wireless, social engineering,
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
The document discusses cyber attacks and tools leaked by hacking groups such as Shadow Brokers and WikiLeaks. It summarizes exploits like EternalBlue and EternalRomance used by the WannaCry ransomware attack. It also mentions malware frameworks like AfterMidnight and Assassin leaked in the Vault 7 documents. The document warns of potential future leaks advertised by Shadow Brokers that could impact web browsers, routers, smartphones and operating systems like Windows 10. It stresses the importance of security practices like patching and backups to help prevent damage from newly revealed exploits and attacks.
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and "Google hacking" to find sensitive information online.
Kunal - Introduction to backtrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and hacking web servers through techniques like Google hacking.
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Attackers can use these tools along with techniques like ARP poisoning to conduct remote exploits or hack passwords on Windows systems.
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
Our technology, work processes, and activities all are depend based on Operation Systems to be safe and secure. Join us virtually for our upcoming "The Hacking Games - Operation System Vulnerabilities" Meetup to learn how hacker can compromise Operation System, bypass AntiVirus protection layer and exploiting Linux eBPF.
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
This document discusses several networking tools, beginning with Wireshark. Wireshark is described as an open-source packet sniffer that allows users to capture and analyze network traffic passing through their computer. It started development in 1998 under the name Ethereal, and was renamed in 2006. The document then moves on to briefly describe Nmap, TCPDump, and Netcat. Nmap is a port scanning tool used for network discovery and security auditing. TCPDump is a command line packet analyzer that prints out network traffic. Netcat is a networking utility that reads and writes data across network connections using TCP or UDP.
BSides Philly Finding a Company's BreakPointAndrew McNicol
We cover modern day hacking techniques to establish a foothold into a target network. This is a great introduction to hacking techniques to those new to pentesting, with hopes of breaking the mindset of "scan then exploit".
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
The document discusses various common security threats and how to mitigate them using Cisco's IOS Firewall features. It describes application-layer attacks, autorooters, backdoors, denial of service attacks, IP spoofing, man-in-the-middle attacks, network reconnaissance, packet sniffers, password attacks, port redirection attacks, Trojan horse attacks and viruses, and trust exploitation attacks. It then outlines Cisco IOS Firewall features like stateful inspection, intrusion detection, firewall voice traversal, ICMP inspection, authentication proxy, destination URL policy management, per-user firewalls, router provisioning, DoS prevention, dynamic port mapping, Java applet blocking, traffic filtering, multi-interface support, NAT, time-
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
The document outlines various techniques that can be used to break into a company's network beyond just scanning for vulnerabilities. It discusses phishing, exploiting web application vulnerabilities, using Responder to poison name resolution and enable man-in-the-middle attacks, SMB relay attacks, and compromising user accounts by combining different vulnerabilities. Specific tools and steps are provided for each technique.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
More Related Content
Similar to Penetration Testing is the Art of the Manipulation
This document provides a complete report on a penetration test using Kali Linux with a vulnerable machine available on Vulnhub.com. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). The first chapter introduces a short description about cyber-risks and general IT security nowadays. The second chapter contains the setting for the laboratory in Oracle Virtual Box software to virtualize the attacker machine and the target machine. Furthermore, the subchapters are about the attack narrative, each one according to a specific
step-by-step location. Please notice that this walkthrough might contain spoilers to the actual TV series.
Ultimately, a comment about the vulnerabilities found in this challenge, some recommendations and the major consulted resources and used tools.
Stuxnet was a sophisticated malware targeting industrial control systems that was attributed to nation-state sponsorship. The document discusses techniques for attributing malware through analysis of exploits, code quality, debug symbols, and automation. Attribution aims to profile adversary capabilities and differentiate between state-sponsored and criminal actors. Analysis of Stuxnet found use of older vulnerabilities, custom payloads, and insider knowledge of target systems, suggesting a high level of technical skill and resources from a nation state.
The document discusses various cybersecurity threats and exploitation techniques. It introduces vulnerability scanning tools like Nessus and Nikto that can identify security weaknesses. It also discusses methods for exploiting vulnerabilities, including through SQL injection, Perl/CGI issues, and cross-site scripting (XSS) attacks. The document promotes finding and sharing hacking tricks and exploits from security conferences and communities.
This document describes a wireless network security software that was developed to detect vulnerabilities in Wi-Fi access points and recommend prevention techniques. The software performs common attacks such as MITM, DNS spoofing, DOS and MAC spoofing on access points. It also captures the 4-way handshake to crack the network password using dictionaries or custom wordlists. Based on the results of the attacks, it recommends prevention techniques to secure the access point and increase network security. The software aims to help with penetration testing and security analysis of home, work or public wireless networks configured in infrastructure mode.
Describe briefly the OSI Reference model and its relevance to computer security. [4 Marks]
• Ans 1: The Open System Interconnection Model (OSI) is a standardized framework for describing how computers communicate with each other over a network system. The OSI model also conceptualizes how data flows through a stack of seven layers, beginning with the physical layer and continuing through the datalink, network, transport, session, presentation, and finally the application layer (Simoneau, 2006)
The document discusses the Media Access Control (MAC) address, which is a unique identifier assigned to network interfaces for identification. MAC addresses are permanent and work at the data link layer, unlike IP addresses which can change and work at the network layer. MAC address spoofing involves changing the MAC address to hide a device's identity or bypass access control lists. Intrusion detection systems are also discussed as important tools to detect attacks on networks.
Penetration testing involves assessing an organization's security processes and vulnerabilities by simulating real-world attacks. This is done through methodologies like OSSTMM and standards like CIS guides and ISO 2700x. The goals are to estimate security, gain unauthorized access to systems, and access certain information/data. Approaches include perimeter, wireless, and internal testing from user workstations or network segments. Real attacks aim to hack, while penetration testing is legal and aims to help organizations. Common tools used include Nmap, Metasploit, Cain & Abel, Aircrack, and browser/notepad. Examples demonstrated password cracking, SQL injection exploitation, and privilege escalation in Active Directory. Wireless, social engineering,
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
The document discusses cyber attacks and tools leaked by hacking groups such as Shadow Brokers and WikiLeaks. It summarizes exploits like EternalBlue and EternalRomance used by the WannaCry ransomware attack. It also mentions malware frameworks like AfterMidnight and Assassin leaked in the Vault 7 documents. The document warns of potential future leaks advertised by Shadow Brokers that could impact web browsers, routers, smartphones and operating systems like Windows 10. It stresses the importance of security practices like patching and backups to help prevent damage from newly revealed exploits and attacks.
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and "Google hacking" to find sensitive information online.
Kunal - Introduction to backtrack - ClubHack2008ClubHack
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Common attack techniques explored include man-in-the-middle attacks using ARP poisoning, password cracking through tools like John the Ripper, and hacking web servers through techniques like Google hacking.
BackTrack is a Linux distribution focused on penetration testing with over 300 security tools. It allows testing of vulnerabilities like buffer overflows and cross-site scripting through tools like Nmap, Nikto, and Metasploit. Attackers can use these tools along with techniques like ARP poisoning to conduct remote exploits or hack passwords on Windows systems.
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
Our technology, work processes, and activities all are depend based on Operation Systems to be safe and secure. Join us virtually for our upcoming "The Hacking Games - Operation System Vulnerabilities" Meetup to learn how hacker can compromise Operation System, bypass AntiVirus protection layer and exploiting Linux eBPF.
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
This document discusses several networking tools, beginning with Wireshark. Wireshark is described as an open-source packet sniffer that allows users to capture and analyze network traffic passing through their computer. It started development in 1998 under the name Ethereal, and was renamed in 2006. The document then moves on to briefly describe Nmap, TCPDump, and Netcat. Nmap is a port scanning tool used for network discovery and security auditing. TCPDump is a command line packet analyzer that prints out network traffic. Netcat is a networking utility that reads and writes data across network connections using TCP or UDP.
BSides Philly Finding a Company's BreakPointAndrew McNicol
We cover modern day hacking techniques to establish a foothold into a target network. This is a great introduction to hacking techniques to those new to pentesting, with hopes of breaking the mindset of "scan then exploit".
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
The document discusses various common security threats and how to mitigate them using Cisco's IOS Firewall features. It describes application-layer attacks, autorooters, backdoors, denial of service attacks, IP spoofing, man-in-the-middle attacks, network reconnaissance, packet sniffers, password attacks, port redirection attacks, Trojan horse attacks and viruses, and trust exploitation attacks. It then outlines Cisco IOS Firewall features like stateful inspection, intrusion detection, firewall voice traversal, ICMP inspection, authentication proxy, destination URL policy management, per-user firewalls, router provisioning, DoS prevention, dynamic port mapping, Java applet blocking, traffic filtering, multi-interface support, NAT, time-
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
The document outlines various techniques that can be used to break into a company's network beyond just scanning for vulnerabilities. It discusses phishing, exploiting web application vulnerabilities, using Responder to poison name resolution and enable man-in-the-middle attacks, SMB relay attacks, and compromising user accounts by combining different vulnerabilities. Specific tools and steps are provided for each technique.
Similar to Penetration Testing is the Art of the Manipulation (20)
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Introduction of Cybersecurity with OSS at Code Europe 2024
Penetration Testing is the Art of the Manipulation
1. Penetration Testing is
the Art of the Manipulation
Attack & Defense
Author:
JongWon Kim
dikien2012@gmail.com
1
2. Table of Contents
Penetration Testing is the Art of the Manipulation…………………………...............................................1
Table of Contents……….........................................................................................................................2
About Me.................................................................................................................................................3
Planning the Attack.................................................................................................................................5
Staging the Attack (1): WEB Server ................................................................................................5
- Stage 1. Reconnaissance…………………………………………………………………..……..…5
- Stage 2. Information Gathering.………………………………………………….……...................6
- Stage 3. Target Exploitation……………………………………………………………………..….. 8
- Stage 4. Privilege Escalation…………………………………………………………..……………11
- Stage 5. Maintaining Access………………………………………………………..………………18
Staging the Attack (2): DNS Server .....................................................................................................25
- Stage 1. Information Gathering………………………………………………………….….……25
- Stage 2. Post Exploit(Pivot)……………………………………………………………………..….28
Staging the Forensic…………………………………………………………………………………………35
- Stage 1. Web Shell Detection………………………………………………………………………35
- Stage 2. Log Analysis…………………………………………………………………………..……40
- Stage3. Volatility……………………………………………………………………………………44
Staging the Defense: Code Level…………………………………………………………………………..47
Summary...............................................................................................................................................50
Reference………………………………………………………………………………….……………………51
2
3. About Me
Name: JongWon Kim
Blog: http://dikien2012.blogspot.com
LinkedIn: http://kr.linkedin.com/pub/jongwon-kim/45/a40/b07/en
Twitter: @dikien2012
My Experience:
Period Working Experience Personal Experience
2011. 08 C, Linux, CCNA
2011. 09 Windows 2008 Server, Perl
2011. 10 Working as a Math Teacher Reversing
L2,L3,L4, Firewall Configuration
2011. 11
WIFI-Hacking(SWSE)
2011. 12 System Hacking(SMFE)
2012. 01~02 Exploit Code Study using ROP
Privacy Information Protection Law
WEB Hacking
2012. 04~09 Security Solution Operation(IPS, WAF,
Database Security
and DB Access Control)
Technical Skills:
Experience in Black and White Box Penetration Testing to identify system vulnerabilities
and test security controls in firewalls, routers, IDS and IPS, and various types of servers,
including Windows and UNIX Web, Mail, FTP, DNS, Domain Controllers and applications
hosted internally
Strong Web Application Assessment Experience such as SQL Injection, Cross Site
Scripting, Cookie Manipulation, and Buffer Overflows
Vulnerability Detection and Remediation
Familiarity with penetration testing tools such as BackTrack and MetaSpolit vulnerability
scanning tools such as pangolin, wireshark, Nexpose, nmap, Acunetix and AppScan
Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web
Application Security Project (OWASP)
Conduct onsite and remote Social Engineering testing including persuasion, phishing,
mock websites, and telephone contact
Experience in Evasion Techniques to bypass firewalls, and intrusion detection
Knowledge of security tools such as IPS, WAF and Database monitoring
Ability to conduct source code reviews with PHP
Familiarity with scripting Python
In familiarity with Windows, Solaris, and AIX
3
4. Familiarity with XML, SOAP, JSON and Ajax and HTML5
Network Switching and Routing (Cisco)
Knowledge of TCP and IP protocols and networking architectures wireless LAN security,
including 802.11 standards
Consulting Skills:
Independence: Self-Managed and Motivated
Team Oriented
Formal policy and procedure documents
Public Speaking
Technical Writing
4
5. Planning the Attack
After 2100 years, human beings put the micro chipset into their brain to get smarter. As all ages do,
disaster occurs. Some bad guys develop the exploit to manipulate human. Computer malwares are
still big trouble and human zombies are created. I am trying to prevent an even worse tragedy to
analysis the malware. However, the trouble is that the malware is protected by some anti-reversing
key. I got some letter from anonymous. It said that there are anti-reversing code and human botnet
lists on NASA‟s database. At the end of letter, it was written on “aliens/toor”. Let‟s explore!!!
A list of Attack Directives is the following:
1) Compromise as much of NASA‟s network as possible
2) Extract data to find out anti-reversing key and the list of Human Zombie
3) Pivot its network
Staging the Attack
Mission 1. Attack WEB Server
Stage 1. Reconnaissance
Scenario:
Ping the host and get the IP address
Use the whatweb to figure out more information from response
I skipped out DNS brute force since it is the virtual host
Attack Detail
Ping the host and get the IP address
[Figure 1. Ping the host]
We can figure out what is the version of PHP, HTTP Server, Country, Admin Email,
and Operation System. It will show more information if you type “-v a=4”
[Figure 2. whatweb]
5
6. Stage 2. Information Gathering
Scenario:
Use the nmap to find services and OS that runs on the server
Use nexpose to get more specific information
Use w3af to figure out what web vulnerabilities are
Attack Detail
-sV and -O option of nmap will give you version and OS information
[Figure 3. Services from nmap]
[Figure 4. OS from nmap]
6
7. This Nexpose results show me 58 vulnerabilities, especially “default SSH password
is toor” is one of the critical things. You can also use Nessus and compare to
Nessus results to increase false positives and false negatives.
[Figure 5. more details from Nexpose]
There are many w3af plugins, but I will use only audit option to save my time
[ Figure 6. w3af: Plugin Setting ]
7
8. There are XSS, command injection, SQL injection, and LFI. On top of that, there is
upload vulnerability but, it can‟t find out. I will use Blind SQL injection vulnerability to
breach database on Stage 3.
[Figure 7. w3af: results]
Stage 3. Target Exploitation
Scenario:
Use the sqlmap to breach database (target is attack_2 payload)
Use hashcat to crack hashes
Attack Detail
Let‟s find out current database user, name, and password, but it wasn‟t able to get a
password with sqlmap. Current user is general@% and database name is members.
It didn‟t turn out to the password of the general user. I will use another tactic to get
the password later.
[Figure 8. Sqlmap: current database user and name]
8
9. Members table have four fields: message, sessions, topics, and users. I guess
users might be user‟s ids and passwords and session is also similar role for
authorization.
[Figure 9. Sqlmap: Members database]
As I expected, there are information related users on members table. I am curious
about message table. What‟s the message? Let‟s dig into there.
[Figure 10. Sqlmap: message table on members database]
Let‟s dump message table on members database. There are two hash values. It
looks like some hints to get human botnet lists and anti-reversing key.
9
10. [Figure 11. Sqlmap: hash values on message table]
Let‟s crack them out using hashcat. Hash values are secret and checkout. I guess
that secret means database name. However, there is a big problem. Sqlmap
doesn‟t show me a table named secret. It means two possibilities. First, there is no
secret table. Second, user named “general” has no authority to look into. I bet
second one and time to privilege escalation to check it out.
[Figure 12. Hashcat: cipher text : clear text]
10
11. Stage 4. Privilege Escalation
Scenario:
Use a fimap to spawn a shell
Use a Expect to get a TTY
Make a Upload page with “MySQL Dumpfile option”
Upload a webshell
Attack Detail
Use a fimap to figure out which parameters have RFI and LFI vulnerabilities.
[Figure 13. Fimap: vulnerable parameters]
11
12. -x option means that it will exploit the target with above output. Choose [1] to exploit
“www.nasa.com”. Choose [1] to take advantage of „rfi‟ parameter. I will use
pentestmonkey‟s reverse shell. Let‟s Choose [2] and put my ip address and port to
connect back to my backtrack.
[Figure 14. Fimap: reverse shell]
Netcat is listening on 1000 port for reverse shell
[ Figure 15. Netcat: waiting for a shell]
12
13. I got a shell and checked my id is www-data, but problem is it communicates
without cipher text. It can be detected IPS. Let‟s reduce this possibility with AES
HTTP shell below.
[Figure 16. Reverse shell: id]
[Figure 17. Wireshark: not cipher text]
“su and ssh” didn‟t work properly. Those two instructions are necessary for post
exploitation. Let‟s solve the problem with magic shell.
[Figure 18. Message: must be run from a terminal]
Time to try “aliens/toor” from the letter. With a magic shell, I can use su and ssh
command.
[Figure 19. Magic shell]
13
14. Check the kernel version with “uname -a” to get a root privilege. Download local
exploit source from exploit-db and compile it.
[Figure 20. Download local exploit code]
Execute it and I finally get a root shell and change shell from ”/bin/sh” to “/bin/bash”
for convenience
[Figure 21. Privilege escalation success]
14
15. [Figure 22. Change the shell to bash]
There is a suspicious folder named treasure. Real treasure is over there, database
password, but I am not sure that this user has a super privilege.
[Figure 23. Password for database]
Below is the job for make a webpage to upload webshell. I create two tables.
[ Figure 24. Make two tables]
15
16. Insert some values into each table and save them to “/var/www/upload/”.
[Figure 25. Create a “form.php” ]
[Figure 26. Create a “upload.php” ]
16
17. Choose the file which you would like to prefer and upload and move to
“/var/www/upload/”
[Figure 27. Choose the”r57shell.php” ]
[Figure 28. Move the file in webrooot ]
17
18. Stage 5. Maintaining Access
Scenario:
Use a weevely to make a backdoor with password
Brute force attack to get an ftp credential with metasploit
Traffic Obfuscation: AES HTTP Reverse shell
Attack Detail
Backdoor was created identified by password=complexpassword
[Figure 29. Make a backdoor]
Use a metasploit for brute force attack and get an id and password.
[Figure 30. Make a backdoor]
18
19. Upload the backdoor with FTP
[Figure 31. Upload the backdoor]
I don‟t need r57shell, upload.php and form.php files anymore since backdoor is
uploaded successfully
[ Figure 32. Remove unnecessary files]
Change the privilege to read the backdoor by www-data user
[Figure 33. Change the privilege]
19
20. Connect to the backdoor and check out post exploit modules
[ Figure 34. Weevely: post exploit modules]
Enumerate readable web config files using module “:audit.user_files auto=web “.
Extract credentials from readable file and log in the database with those credentials.
Since this process I have already done, I left it for reader. Let‟s look around internal
network and check out if there is another server. I will exploit 192.168.100.40 on
Mission 2.
[Figure 35. Weevely: Explore internal network]
20
21. Find writable system script to replace with malicious script. First, enumerate
writable user files using module. Second, upload malicious script replacing system
file.
[Figure 36. Weevely: Upload a malicious script]
If you are lazy to above process, Intersect 2.5(post exploit module) will also be very
nice choice. It includes many awesome feature such as backdoor, collecting
credential, internal network, variety of shells and etc. Select modules you would
create and create it with “:create”.
[Figure 37. Intersect: Setting modules]
[Figure 38. Intersect: backdoor file]
21
22. Compare normal shell and AES HTTP Reverse shell. From now, I used pentest
monkey‟s reverse shell and weevely‟s backdoor. Since these two shells
communicate not cipher text, I use AES HTTP Reverse shell with cipher text.
[Figure 39. Fimap: Server setting]
[Figure 40. Fimap: Server Start]
[ Figure 41. AES HTTP Reverse shell communicates with cipher text]
22
23. Upload another webshell to test if this shell works properly. Upload .htaccess to
bypass whitelist extension server side script.
[Figure 42. Upload .htaccess]
Upload another webshell named “c99-bl_hongrae.txt”. The server recognizes “.txt”
extension to “.php” since “.htaccess”.
[Figure 43. Upload the “c99-bl_hongrae.txt”]
23
24. Check it out if the webshell having extension “.txt” works well. It works very well.
[Figure 44. Upload the “c99-bl_hongrae.txt”]
There is 192.168.100.40 which is alive on internal network. Let‟s attack this one
24
25. Mission 2. Attack DNS Server
Stage 1. Information Gathering
Scenario:
Make a payload to communicate metasploit
Upload a payload and pivot 192.168.100.40 with that session
SSH Enumerate and Brute force
Attack Detail
Make a custom payload and waiting for connecting back to 1337 ports
[Figure 45. Make a payload]
[Figure 46. Waiting for a session]
Upload a payload with FTP and give the permission to execute it
[Figure 47. Upload a payload]
25
26. [Figure 48. Change the permission]
[Figure 49. Connecting a Session]
First, enumerate SSH version. It shows SSH-2.0 running on Sun OS
[Figure 50. Enumerate a banner]
26
27. Second, Brute force attack with known password file
[Figure 51. Brute force]
Third, Connect it and it shows that server is for DNS
[Figure 52. SSH Connection]
27
28. Stage 2. Post Exploit
Scenario:
Manipulate the forward zone file
From previous, pivot 192.168.100.40 with compromised web server.
Getting Human Botnet and Anti-Reversing Key
Destroy the machine
Attack Detail
Change company main hompage ip address to my ip address
[Figure 53. Pollute forward zone file]
Setting the compromised web server to attack victims and use CVE-2012-1889
vulnerability with the metasploit
[Figure 54. Metasploit: CVE-2012-1889]
28
29. As soon as clients try to connect company‟s website, they will be in the big trouble.
Even if clients have anti-virus solution, it would be useless since the exploit migrate
very fast
[Figure 55. Antivirus is so slow]
Regardless of anti-virus solution, session was created, and works well
[Figure 56. Metasploit: sessions]
Collecting information of compromised the desktop
[Figure 57. Metasploit: Collecting *.inc]
29
30. “db.inc” looks like curious and opens it. It‟s the password that I am looking for. I am
sure this machine belongs to database administrator.
[Figure 58. Metasploit: found database password]
Check out server name and available tokens
[Figure 59. Metasploit: UID and Tokens]
Check out hash dump and crack it with john
[Figure 60. Metasploit: Hashdump]
30
31. [Figure 61. John: Crack the Hashdump]
Getting more information with “run scraper”
[Figure 62. Metasploit: Getting more Information]
Make a persistent backdoor with “run metsvc –A” and check out that works properly
[Figure 63. Metasploit: Making a backdoor]
31
32. [Figure 64. Metasploit: Backdoor is running]
Run VNC and I found there is a HeidiSQL for administration. I finally was able to get
a secret table. There are human botnet list and decoding key for reverisng.
[Figure 65. Metasploit: VNC]
[Figure 66. VNC: Connecting secret table]
[Figure 67. VNC: Human Botnet List]
32
33. [Figure 68. VNC: Decoding Key]
After getting information, I set up my mind to destroy that machine using bat file
[Figure 69. Bat file]
[Figure 70. Execute a bat file]
[Figure 71. Execute a bat file]
33
34. [Figure 72. Deleting system files]
After rebooting, computer doesn‟t work properly
[Figure 73. Booting Fail]
34
35. Staging the Forensic
Stage 1. Web Shell Detection
Scenario:
First Filter: Web Shell Detector(NeoPI & Emposha)
Second Filter: Manual Job with Grep
Manual Job
Details
I will use the NeoPI to detect whether web shell is uploaded or not. This is basic
NeoPI‟s options. Upload folders are “/tmp/” and “/var/www/upload/”, I will look into
one of them. Let‟s look at “/var/www/” with “./neopi.py /var/www/ -a”, -a means it will
run all test. It will show you 5 different types of results.
[Figure 74. NeoPI: Entropy]
[Figure 75. NeoPI: Longestword]
35
36. [Figure 76. NeoPI: Signature]
[Figure 77. NeoPI: IC]
[Figure 78. NeoPI: Commulative]
At this time, I will use another web shell detector named Emposha to reduce false
positive. Upload it at webroot folder and execute it at the browser. In my opinion,
NeoPI‟s performance is better than Emposha.
[Figure 79. Emposha: Upload at webroot]
36
39. If you find one that is suspicious, you can test it manually with grep instruction. I will
choose one of the files that are suspicious from upper outcome.
[Figure 86. Grep: Command]
[Figure 87. Grep: Evidence(1)]
[Figure 88. Grep: Evidence(2)]
Below are dangerous functions. It can be used with the argument of the grep.
PHP: require(), include(), eval(), exec(), passthru(), system(), fopen(), etc
Python: exec(), eval(), execfile(), compile(), input()
Perl: open(), sysopen(), glob(), system()
C: system(), exec(), strcpy(), strcat(), sprintf()
Java: system.* (system.runtime)
39
40. Stage 2. Log Analysis
Scenario:
Collecting Log files
Analysis
Details
Analysis the utmp with utmp parser. If user log out, this will be wiped out. Wtmp,
lastlog, secure, xferlog, sulog, ~./history, access_log, error_log and other logs can
be analyzed similarly.
[Figure 89. Utmp Analysis(1)]
[Figure 90. Utmp Analysis(2)]
40
41. There is a backdoor and someone tried to use “CVE-2012-2122” to bypass
Authentication
[Figure 91. Bash_History Analysis]
Something was injected into local directory and there will be a suspicious user from
“flush privilege”
[Figure 92. MySQL_History Analysis]
[Figure 92. Apache2 Log Analysis(1): SQL Injection]
41
43. [Figure 97. Log Analysis: Passwd]
[Figure 98. Log Analysis: Service]
[Figure 99. Log Analysis: Hidden files]
On top of that, these following commands will also be worth: “cat /etc/crontab”, “ls
/etc/cron.daily/”, “cat /etc/login.defs | grep -v "#"”, "cat /etc/profile | grep umask”,
“rpcinfo –p”, “ps -ef | grep rpc”, “ps -aux | grep ftp”, “ls -ltrR /var/spool/cron”, and
“crontab -l”
43
44. Stage 3. Volatility
Details
Sorry for missing original memory dump from DBA[figure- ]. Maintaining the
evidence is essential for forensic. However, I forgot to dump the memory when I
destroy DBA‟s machine. I just will show how to extract memory image and analysis
basic commands.
[Figure 100. Moonsol: Dump the memory to protect the evidence(1)]
[Figure 101. Moonsol: Dump the memory to protect the evidence(2)]
44
47. Staging the Defense
I referenced “Essential PHP Security” and “Pro PHP Security” for secure coding. I wrote two page
index.php, vulnerable page and indexs.php, more secure page. I have learned input validation from
user input is extremely important step before query go into database. Checking based on white list is
much better than black list for upload file. I used internal function, regular expression and type
conversion to be secured the code. Also, I did white list checking way as much as possible. Especially,
Restricting length of input value from preventing SQL Injection is a nice idea. I didn‟t apply to secure
token, but it would be better if it was.
[Figure 108. Secure Coding: String Type SQL Injection = Escape Data + Length Restriction]
[Figure 109. Secure Coding: Directory Traversal]
47
48. [Figure 110. Secure Coding: Checking based on White List(1)]
[Figure 111. Secure Coding: Checking based on White List(2)]
48
50. Summary
“If DNS server was compromised from bad guy, what would be happen?” I started to write this paper
with the thought. Recent vulnerabilities from Java, flash, and windows are severely threaten to us
called zero day vulnerability. Of course, I do not think there are companies that allow connecting to
DNS server from anonymous. I make this scenario to show as many as attack types. I hope that this
paper will be securing your valuable assets. I used every tool about web and database on backtrack 5
R3. I compared each of tools and tried to get catch what is the strong point of each of them. My future
work might be making a suitable tool for me and concentrate on improving many advanced
techniques about web hacking. Thank you for reading my study. I always believe that my strong point
is that I have a quick learning skill than my competitors.
50
51. Reference
1. Essential PHP Security by Chris Shiflett (Oct 20, 2005)
2. Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open
Source) by Chris Snyder, Thomas Myer and Michael Southwell (Dec 9, 2010)
3. 데이터베이스 보안 by 조은백(Feb 11, 2011)
4. HTML5&CSS3 실무테크닉 by 조승한, 안종일(Mar 5, 2012)
5. Python,PHP,HTML5,AJAX,JQuery Online Study
6. RFI 방어 입력값 검증 PHP코드정리
7. InfoSec Resources – PT Example
8. Protocol-Level Evasion of Web Application Firewalls | Qualys Security Labs | Qualys Community
9. RFI DDOS 봇넷분석
10. [시스템 해킹] 리눅스 Setuid :: 네이버 블로그
11. [시스템 해킹] 리눅스 backdoor 찾는법과 숨기는법 :: 네이버 블로그
12. Meterpreter_cheat_sheet_v0.1.pdf
13. Post-Exploitation Without A TTY | pentestmonkey
14. 취약한 PHP코드 참조하기
15. htaccess를 이용
16. Apache 가이드 강추
17. MySQL 보안 설정(권한)
18. 40 Beautiful Free HTML5 & CSS3 Templates
19. Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL5 / MySQL323 / MD4 / WPA / WPA2 - Passwords recovery -
Reverse hash lookup Online - Hash Calculator
20. [Linux1] 20일차 - find,grep.. :: 네이버블로그
21. 리눅스-vsftp-설치,설정(root),파일업.. :: 네이버블로그
22. contagio: CVE-2012-1889 Microsoft XML vulnerability - Samples and Analysis by Brian Mariani and Frédéric Bourla
23. John The Ripper Hash Formats | pentestmonkey
24. SkipfishDoc - skipfish - Project documentation - web application security scanner - Google Project Hosting
25. Wooks Home. : PHP Injection
26. Backtrack 5 R3 Metasploit Post Modules (What To Do After You Compromise A System)
27. Python Backdoor - Aes Encrypted Traffic
28. Apache의 access log 관리 방법 :: 네이버 블로그
29. grep 명령어 및 옵션 :: 네이버 블로그
51
52. 30. Metasploit: CVE-2012-2122: mysql취약점인데 이미 패치됨
31. 솔라리스 DNS
32. Fedora VSFTP 업로드
33. mysql 원격
34. sql injection sample code + remode code excution
35. PHP - mySQL 개발자를 위한 보안 팁 .. :: 네이버블로그
36. cyb3r sh3ll - Browse Files at SourceForge.net
37. Xss Trojan Using Evilweb Tool
38. msfpayload
39. su crack ssh bruth force metasploit
40. Nmap Scripting Engine Introduction With Http-Enumeration
41. CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability | The Hacker News
42. hackers 매거진
43. ohdae/Intersect-2.5 · GitHub
44. msfconsole haking ftp + backdors - YouTube
45. SQL Injection/LFI/XSS Exploit Scanner + web shell Hunter - XCode - Yogyafree - YouTube
46. Weevely 0.6 Tutorial - bruteforce and SQL pwnage - YouTube
47. CVE-2012-1889- Microsoft XML Core Services Vulnerability Metasploit Demo - YouTube
48. sqlmap (EuroPython2011) - YouTube
49. FIMAP - AES HTTP Reverse Shell Plugin - YouTube
50. 백도어FIMAP - Local File Inclusion to Remote Code Execution - YouTube
51. SQLMap 페이지변조 js삽입해서 shell of the future하기
52. Information Security: Tutorial: How to scan exp... | SecurityStreet
53. Deface All Sites on Server Without Root - YouTube
54. Programming a Custom Backdoor in Python - YouTube
55. How SQL Injection Attacks Work 유투브 인터뷰
56. Mercury : 시스템 로그 분석
57. Pragmatic Forensics : 잽싸게 올리고 빠지는 utmp parser
58. Memory Acquisition Tools
59. MoonSols Windows Memory Toolkit | MoonSols
60. ToTo : 해킹 후 깔끔하게 로그 지우기
61. Reversing & Malware Analysis Training Part 8 - Malware Memory Foresnics - YouTube
52