Having your network environment protected with the latest virus protection,
control what software is installed and allowed to run, restrict ingress and
egress network access, protect web browsing, limit user account access,
update security patches, change management practices, etc. All these efforts
are critical to follow in the corporate environment but all will fall short
if you don't have the proper monitoring in place to detect badness on your
network and to respond quickly and effectively when it happens. When your
network has the proper monitoring in place and knowledgeable engineers to
monitor for outbreaks you will begin to have better visibility of how network
traffic flows in your environment. When you understand how traffic flows on
your network you can respond better when badness happens.
I will demonstrate how to use a number of tools to analyze a memory... (more)
Intrusion detection tools that use the libpcap C/ C++ library  for network
traffic capture (such as Snort  and Tcpdump ) can output packet capture
information to a file for later reference. The format of this capture file is
known as pcap. By capturing packet data to a file, an investigator can return
later to study the history of an intrusion attempt – or to turn up other
important clues about clandestine activity on the network.
Of course, the traffic history data stored in a pcap file is much too vast to
study by just viewing the file manually. Security experts use spe... (more)
In a switched network environment packets are sent to their destination port
by MAC address. This requires that hardware be able to create and maintain a
table associating MAC addresses to ports. In a switched environment packets
are only sent to devices that they are meant for. Even in this switched
environment there are ways to sniff other devices' packets. One such way is
to spoof your MAC address and poison the arp table. Since there is no state
information about ARP traffic kept, as it's a simple protocol, the arp cache
can be overwritten (unless the entry was explicitly mar... (more)
When performing a penetration test on a customer’s network by simulating an
attack and trying to find a way inside many forget there is an easier way.
Many networks have well established security protection through firewalls,
Intrusion Detections/ Protections Systems that will alert to your presents.
Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap,
etc will alert many systems. By performing some research on the target and
learn what the company does you can narrow your attack. By using some social
engineering you can email your payload to an inspecting v... (more)
The purpose of this article is to describe some tools and techniques in
performing the planning, scoping, and recon portion of a penetration test. In
covering these tools and techniques the reader will learn how to use them to
find vulnerabilities in their organization and help improve security posture.
Some other names for this first phase of penetration testing are; OSINT (Open
Source Intelligence), Footprinting, Discovery, and Cyberstalking.
During reconnaissance we'll gather information from public sources to learn
about the target and try to find what is importan... (more)