How secure is your network?

David Dodd

Subscribe to David Dodd: eMailAlertsEmail Alerts
Get David Dodd via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by David Dodd

Nessus is a vulnerability scanner program; it is free for personal use using the nessus for home. They also have a nessus for business which requires a fee. I will be discussing the nessus for home use and using it with the popular metasploit framework. Acquire the latest release of nessus homefeed Nessus-4.4.1-ubuntu1010_i386.deb and register for the activation code. Follow the instructions listed in the document ion for installing with Ubuntu and start to configure. Nessus daemon cant be started until nessus has been registered and the plugin download has occurred. $ sudo /opt/nessus/bin/nessus-fetch –register 'registration code from nessus' Add user $ sudo /opt/nessus/sbin/nessus-adduser Make cert $ sudo /opt/nessus/sbin/nessus-mkcert Start the nessus Daemon $ sudo /etc/init.d/nessusd start Open up web browser to https://localhost:8834, login and complete a policy ... (more)

Planning, Scoping and Recon Techniques

The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking. Introduction During reconnaissance we'll gather information from public sources to learn about the target and try to find what is importan... (more)

Tutorial: OpenSSL Command

The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases. Many Linux distributions have OpenSSL as part of the bundled packages and is most likely located in /usr/bin. To find it on your system type: $ which openssl /usr/bin/openssl $ openssl version OpenSSL 1.0.0a 1 Jun 2010 Versions may vary and currently openssl-1.0.0d Feb 8 is the current version. Most of the examples that are found in this document sh... (more)

Intruder Detection with tcpdump

To capture, parse, and analyze traffic tcpdump is a very powerful tool. To begin a basic capture uses the following syntax. tcpdump -n –i -s -n      tells tcpdump to not resolve IP addresses to domain names and port numbers to service names. -I       tells tcpdump which interface to use. -s      tells tcpdump how much of the packet to record. I used 1515 but 1514 is sufficient for most cases. If you don’t specify a size then it will only capture the first 68 bytes of each packet. A snaplen value of 0 which will use the required length to ... (more)

Performing a Penetration Test on a Customer’s Network

When performing a penetration test on a customer’s network by simulating an attack and trying to find a way inside many forget there is an easier way. Many networks have well established security protection through firewalls, Intrusion Detections/ Protections Systems that will alert to your presents. Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap, etc will alert many systems. By performing some research on the target and learn what the company does you can narrow your attack. By using some social engineering you can email your payload to an inspecting v... (more)