How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by David Dodd

The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking. Introduction During reconnaissance we'll gather information from public sources to learn about the target and try to find what is important to the target. How they do business, technical infrastructure, architecture, products, and configuration information. These actions may seem harmless at the time and may be overlooked by security administrators as "network noise", but don't count on it. A target with well funded resources ... (more)

Capture File Filtering with Wireshark

Intrusion detection tools that use the libpcap C/ C++ library [1] for network traffic capture (such as Snort [2] and Tcpdump [1]) can output packet capture information to a file for later reference. The format of this capture file is known as pcap. By capturing packet data to a file, an investigator can return later to study the history of an intrusion attempt – or to turn up other important clues about clandestine activity on the network. Of course, the traffic history data stored in a pcap file is much too vast to study by just viewing the file manually. Security experts use spe... (more)

Malware Analysis | Part 1

Having your network environment protected with the latest virus protection, control what software is installed and allowed to run, restrict ingress and egress network access, protect web browsing, limit user account access, update security patches, change management practices, etc. All these efforts are critical to follow in the corporate environment but all will fall short if you don't have the proper monitoring in place to detect badness on your network and to respond quickly and effectively when it happens. When your network has the proper monitoring in place and knowledgeable... (more)

Malware Analysis | Part 2

In a previous article [1], I described how to obtain a memory image from a Windows computer that would allow forensic analysis. I briefly discussed using F-Response TACTICAL [2] to get the memory image, and then Volatility [3] and Mandiant Redline [4] for further investigation. In this paper, I dive more deeply into Redline and Volatility. To begin, I review a raw memory dump of a known malware variant (see the "Malware Image" box) with Mandiant Redline. After firing up Redline, I chose By Analyzing a Saved Memory File under Analyze Data and browsed to the location of the memory... (more)

Metasploit Nessus Bridge on Ubuntu

Nessus is a vulnerability scanner program; it is free for personal use using the nessus for home. They also have a nessus for business which requires a fee. I will be discussing the nessus for home use and using it with the popular metasploit framework. Acquire the latest release of nessus homefeed Nessus-4.4.1-ubuntu1010_i386.deb and register for the activation code. Follow the instructions listed in the document ion for installing with Ubuntu and start to configure. Nessus daemon cant be started until nessus has been registered and the plugin download has occurred. $ sudo /opt... (more)