Welcome!

How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by David Dodd

In a previous article [1], I described how to obtain a memory image from a Windows computer that would allow forensic analysis. I briefly discussed using F-Response TACTICAL [2] to get the memory image, and then Volatility [3] and Mandiant Redline [4] for further investigation. In this paper, I dive more deeply into Redline and Volatility. To begin, I review a raw memory dump of a known malware variant (see the "Malware Image" box) with Mandiant Redline. After firing up Redline, I chose By Analyzing a Saved Memory File under Analyze Data and browsed to the location of the memory image. Next, I edited my script to include Strings for both Process Listing and Driver Enumeration. Finally, I chose a destination to store the output for future analysis and to analyze memory dumps. Malware Image The malware image I am using in this article is a variant found by the Palo Al... (more)

Metasploit Nessus Bridge on Ubuntu

Nessus is a vulnerability scanner program; it is free for personal use using the nessus for home. They also have a nessus for business which requires a fee. I will be discussing the nessus for home use and using it with the popular metasploit framework. Acquire the latest release of nessus homefeed Nessus-4.4.1-ubuntu1010_i386.deb and register for the activation code. Follow the instructions listed in the document ion for installing with Ubuntu and start to configure. Nessus daemon cant be started until nessus has been registered and the plugin download has occurred. $ sudo /opt... (more)

RDP Exploitation Using Cain

The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server.  RDP is designed to support different types of network topologies and multiple LAN protocols.  Remote Desktop Services formerly know as Terminal Services on Windows 2000 Server allow a server to host multiple, simultaneous client sessions.  Remote Desktop uses Remote Desktop Services technology to allow a single session to run remotely.  Thus a user can connect to a Remote Desktop Session Host server by using Remot... (more)

Planning, Scoping and Recon Techniques

The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking. Introduction During reconnaissance we'll gather information from public sources to learn about the target and try to find what is importan... (more)

Network Security: Arp Cache Poisoning and Sniffing Packets

In a switched network environment packets are sent to their destination port by MAC address. This requires that hardware be able to create and maintain a table associating MAC addresses to ports. In a switched environment packets are only sent to devices that they are meant for. Even in this switched environment there are ways to sniff other devices' packets. One such way is to spoof your MAC address and poison the arp table. Since there is no state information about ARP traffic kept, as it's a simple protocol, the arp cache can be overwritten (unless the entry was explicitly mar... (more)