Intrusion detection tools that use the libpcap C/ C++ library [1] for network
traffic capture (such as Snort [2] and Tcpdump [1]) can output packet capture
information to a file for later reference. The format of this capture file is
known as pcap. By capturing packet data to a file, an investigator can return
later to study the history of an intrusion attempt – or to turn up other
important clues about clandestine activity on the network.
Of course, the traffic history data stored in a pcap file is much too vast to
study by just viewing the file manually. Security experts use specialized
filtering tools to search through the file for pertinent information. One way
to look for clues in a pcap file is to use the Wireshark protocol analysis
tool [3] and its accompanying command-line utility tshark.
Wireshark is included by default on many Linux distros, and if not, it i... (more)
The purpose of this article is to describe some tools and techniques in
performing the planning, scoping, and recon portion of a penetration test. In
covering these tools and techniques the reader will learn how to use them to
find vulnerabilities in their organization and help improve security posture.
Some other names for this first phase of penetration testing are; OSINT (Open
Source Intelligence), Footprinting, Discovery, and Cyberstalking.
Introduction
During reconnaissance we'll gather information from public sources to learn
about the target and try to find what is importan... (more)
The Microsoft Remote Desktop Protocol (RDP) provides remote display and input
capabilities over network connections for Windows-based applications running
on a server. RDP is designed to support different types of network
topologies and multiple LAN protocols. Remote Desktop Services formerly
know as Terminal Services on Windows 2000 Server allow a server to host
multiple, simultaneous client sessions. Remote Desktop uses Remote Desktop
Services technology to allow a single session to run remotely. Thus a user
can connect to a Remote Desktop Session Host server by using Remot... (more)
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J.
Hudson and licensed under an Apache-style license. OpenSSL has lots of
features but I will cover encoding, checksums, encryption, passwords and pass
phrases.
Many Linux distributions have OpenSSL as part of the bundled packages and is
most likely located in /usr/bin. To find it on your system type:
$ which openssl
/usr/bin/openssl
$ openssl version
OpenSSL 1.0.0a 1 Jun 2010
Versions may vary and currently openssl-1.0.0d Feb 8 is the current version.
Most of the examples that are found in this document sh... (more)
The Metasploit Framework is a penetration testing toolkit, exploit
development platform, and research tool. The framework includes hundreds of
working remote exploits for a variety of platforms. Payloads, encoders, and
nop slide generators can be mixed and matched with exploit modules to solve
almost any exploit-related task. A very nice feature in Metasploit is the
ability to pivot through a Meterpreter session to the network on the other
side. This tutorial walks you through how this is done once you have a
Meterpreter session on a foreign box. We begin right after a client sid... (more)
David J. Dodd is currently in the United States and holds a current 'Top Secret' DoD Clearance and is available for consulting on various Information Assurance projects. A former U.S. Marine with Avionics background in Electronic Countermeasures Systems. David has given talks at the San Diego Regional Security Conference and SDISSA, is a member of InfraGard, and contributes to Secure our eCity http://securingourecity.org. He works for Xerox as Information Security Officer City of San Diego & pbnetworks Inc. http://pbnetworks.net a Service Disabled Veteran Owned Small Business (SDVOSB) located in San Diego, CA and can be contacted by emailing: dave at pbnetworks.net.
David Honan
Alex Henthorn-Iwane
Mark van Rijmenam
Dan Ushman
Randy Roberts
Ross Brouse
Swarup Biswas
Snehil Taparia
Sudhi Sinha
Pankaj Mittal
