1 / 24

Security Tools Workshop Part I

Security Tools Workshop Part I. Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net. The Disclaimer!.

guri
Télécharger la présentation

Security Tools Workshop Part I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Tools Workshop Part I Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net

  2. The Disclaimer! In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Ernest or Edison, & the other 3rd party vendors whose software is demonstrated as part of this session are not responsible for any subsequent loss or damage whatsoever!

  3. Class Structure • Mile wide, 2.5 feet deep •  Feel free to ask questions at any time • There will be many breaks to play with the tools mentioned • Use the thumb drive provided by Linoma • The BT4 DVD will be used later • Cain and rainbow tables may cause an AV alert as they are used to crack passwords

  4. Problem: Unorganized Response • What should I do? • Who should I call? • Should I shut the system down? • Should I run the virus cleaner? • Should I trust my Anti-virus quarantine? • Should I re-image the system?

  5. People can be Your Greatest Asset Or your Weakest !!

  6. Office Security Tips • Ensure Employees are Security Aware • Adopt an “Acceptable Use” Policy in terms of IT, Email, Internet etc • Ensure Employees are Security Vetted • Wear ID Badges • Question Visitors – “Offer Help” • Secure all Entrances & Exits • Know Emergency Procedures • Secure your Valuables • Laptops, Phones, Keys, IDs Etc

  7. Keeping up Appearances! • Airport Security at its best.. Ok maybe not • The military teaches that the appearance of a hard target can deter attacks

  8. Google Hacking • Various usernames and passwords (both encrypted and in plain text) • Internal documents • Internal site statistics • Intranet access • Database access • Open Webcams • VNC Connections • Mail server access • And much more

  9. Google Advance Operators

  10. Google Hacking Examples! • Site:com filetype:xls "Accounts“ • "vnc desktop" inurl:5800 • inurl:indexFrame.shtml Axis • inurl:hp/device/this.LCDispatcher • site:gov.uk filetype:xls users • site:gov.uk filetype:doc staff • site:co.uk "index of /" +passwd • "Index of /” +.htaccess • site:dk +hotel filetype:xls • site:com +password filetype:xls • Inurl:admin users passwords • inurl:admin intitle:index.of • "Microsoft-IIS/5.0 Server at" intitle:index.of

  11. Don’t Get Google Hacked! • Keep sensitive information off the internet • Be careful how you write your scripts and access your databases • Use robots.txt to let Google know what parts of your website it is ok to index. Specify which parts of the website are “off bounds” • Ensure directory rights on your web server are in order • Monitor your site for common errors • “Google hack” your own website

  12. DNS/Domain Tools • http://serversniff.net/subdomains.php • http://serversniff.net/nsreport.php gcasda.org • http://serversniff.net/content.php?do=httprobots • http://whois.domaintools.com/ • Tools on Thumb Drive • DNS Lookup good DIG tool(GUI)  http://nscan.org/dig.html • Nirsoft’s  http://www.nirsoft.net/utils/whois_this_domain.htmlhttp://www.nirsoft.net/utils/ipnetinfo.html

  13. People/Image Info K12 • http://www.pipl.com • http://www.peekyou.com • http://yoname.com • Image Info: • http://tineye.com • Take sample image from http://www.governor.nebraska.gov/about/index.html

  14. Maltego • Maltego offers to both network and resource based entities the aggregation of information posted all over the internet - whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits

  15. Maltego Hands on • Software located on Thumb drive run against gcasda.org or a site you have permissions to urn it on

  16. Website Testing made easy • Netsparker delivers detection, confirmation and exploitation of vulnerabilities • Exploitation of SQL Injection Vulnerabilities • Getting a reverse shell from SQL Injection vulnerabilities • Exploitation of LFI (Local File Inclusion) Vulnerabilities • Downloading the source code of all the crawled pages via LFI (Local File Inclusion) • Downloading known OS files via LFI (Local File Inclusion)

  17. Netsparker Hands on • The software is located on thumb drive. You can run against 6.110.220.24 or a site you have permissions to run it against

  18. Portable Apps • Process Kill

  19. Things to hack with • So many tools, so little time to install them all: • Great list of security toolshttp://sectools.org/ • Nmaphttp://nmap.org/ • Metasploithttp://www.metasploit.com/ • Wiresharkhttp://www.wireshark.org/ • Kismethttp://www.kismetwireless.net/ • Nessushttp://www.nessus.org/nessus/ • Cainhttp://www.oxid.it/cain.html • Netcat\Ncathttp://netcat.sourceforge.net/ • Ettercaphttp://ettercap.sourceforge.net/ • Niktohttp://cirt.net/nikto2 • Paros Proxyhttp://www.parosproxy.orgBurp Suitehttp://www.portswigger.net/suite/ • XSS Mehttps://addons.mozilla.org/en-US/firefox/addon/7598 • SQL Inject Mehttps://addons.mozilla.org/en-US/firefox/addon/6727?src=reco • Tamper Data https://addons.mozilla.org/en-US/firefox/addon/966

  20. Easy way with Live CDs and VMs • BackTrack (Security OS of Choice) http://www.remote-exploit.org/backtrack_download.html • Samurai WTF (web pen-testing )http://samurai.inguardians.com/ • DEFT Linux (Computer Forensics)http://www.deftlinux.net/

  21. Staying up to date on trends and exploits • Milw0rm http://www.milw0rm.com/ • SANS Internet Storm Centerhttp://isc.sans.org/ • PacketStormhttp://www.packetstormsecurity.org/ • BugTraqhttp://www.securityfocus.com/archive/1 • RootSecurehttp://www.rootsecure.net/

  22. Podcasts: Learn about new tools as they come out • Pauldotcomhttp://www.pauldotcom.com/ • Exotic Liability http://www.exoticliability.com/ • Security Justicehttp://securityjustice.com/ • Securabithttp://www.securabit.com/

  23. Specially built scenarios • De-ICE & pWnOS Live CDshttp://heorot.net/livecds/ • Damn Vulnerable Linuxhttp://www.damnvulnerablelinux.org/

  24. Deliberately vulnerably web apps • Hacme Series from Foundstone (Hacme Travel, Hacme Bank, Hacme Shipping, Hacme Books)http://www.foundstone.com/us/resources-free-tools.asp • WebGoathttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project • Mutillidaehttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

More Related