Beruflich Dokumente
Kultur Dokumente
www.hellowww.hello-engineers.blogspot.com
Hacker Mentality
Map your network regularly Sniff and Baseline your network know what type of data needs to be going across your system Know what types of paths are open to your data WIFI, USB, BlueTooth, Remote Acess Web 2.0 Mobile device access
HACKER MENTALITY
Hackers are motivated by various factors:
Ego Curiosity and challenge Entertainment Political beliefs Desire for information Thrill of gaining privileged access Own the system long term (Trojans, backdoors) Attempt to compromise additional systems A "trophy" to gain status
Hacker Stratification
Tier I
Tier II IT savvy Ability to program or script Understand what the vulnerability is and how it works Intelligent enough to use the exploit code and tools with precision Motivated by the challenge but primarily curiosity, some ego Tier III Script Kiddies Few real talents Ability to download exploit code and tools written by others Very little understanding of the actual vulnerability Randomly fire off scripts until something works Motivated by ego, entertainment, desire to hurt others
When using Microsoft GPOs use hash instead of Path Use Windows Run Use IP Address instead of Name Use U3 Devices or Portable Apps Right Click Make shortcut to c drive if you hide C drive Use Bluetooth to make file transfers to windows system32 if they have USB access they own it Use MS-Access to make a Macro run CMD Shutdown i
2009 saw the first iPhone worm -- most attacks were near-identical to prior years, changing only the victims and the level of sophistication
FBI estimated small and medium businesses have lost $40 million to cybercrime since 2004
VIRUS CREATION
Anyone can do it!
MIS-CONFIGURATIONS
Easily guessed passwords Admin/no password Admin/username same as password Admin/password Common user/pass combinations oracle/oracle
Metasploit
DEMO TIME
All resources on my site es-es.net
U3 POCKETKNIFE
Steal passwords Product keys Steal files Kill antivirus software Turn off the Firewall And more
For details see http://wapurl.co.uk/?719WZ2T
CUSTOMIZING U3
You can create a custom file to be executed when a U3 drive is plugged in The custom U3 launcher runs PocketKnife So all those things are stolen and put on the flash drive
18
BACKTRACK IN VM U3 DEVICE
PASSWORDS CRACKING
NTPassword RESET any admin pwd to blank http://home.eunet.no/pnordahl/ntpasswd/ Cain and Able Back Track 4 (BT4) http://www.backtrack-linux.org/downloads/ Default Password List http://tinyurl.com/39teob Paid Password Tools http://www.brothersoft.com/downloads/crack-password.html http://www.elcomsoft.com/index.html http://www.accessdata.com/
DEFENSE
Several Vendors on the show floor have options to limit or block USB
24
25
THE LIST
Tools I use!
NETWORKING SCANNING
MS Baseline Analyzer 2.1 http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889eecf997eb18e9&displaylang=en http://www.mikrotik.com/thedude.php http://www.wtcs.org/snmp4tpc/getif.htm http://www.softperfect.com/ http://www.hping.org http://www.zenoss.com http://www.tcpdump.org and http://www.winpcap.org/windump/ http://www.lantricks.com/ The Dude (Mapper and traffic analyzer great for WIFI) Getif (Network SNMP discovery and exploit tool) SoftPerfect Network Scanner HPing2 (Packet assembler/analyzer) ZENOSS (Enterprise Network mapping and monitoring) TCPDump (packet sniffers) Linux or Windump for windows LanSpy (local, Domain, NetBios, and much more)
Security Space
http://tinyurl.com/cbsr Other Firewall options Untangle www.untangle.com Smooth Wall www.smoothwall.org IPCop www.ipcop.org
More Tools:
Soft Perfect Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. Very easy to use; http://tinyurl.com/2kzpss wraps a friendly GUI interface around the command-line switches needed to copy files between Windows and Unix/Linux http://tinyurl.com/yvywqu Highly configurable, flexible network resource monitoring tool http://www.nagios.org Another layer to block proxies and adult sites; http://www.opendns.com/ Removes unused files and other software that slows down your PC; http://www.ccleaner.com/ A fast, safe and reliable tool to shred company files; http://www.fileshredder.org/ Full Enterprise performance and network management software. This is designed for data center and large networks but can be used on for small shops as well. (works with Nagios); http://www.groundworkopensource.com WinSCP
Google (Get Google Hacking book) The Google Hacking Database (GHDB)
http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index
Autoruns / Sysinternals Suite shows the programs that run during system boot up or login http://tinyurl.com/3adktf Step by step security training http://tinyurl.com/bzvwx
Network Scanner find open ports (I prefer version 3)
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/sup erscan.htm
Iron Geek
SuperScan 4
EventSentry Allows you to consolidate and monitor event logs in real-time, http://tinyurl.com/2g64sy
WELL-WORN TOOLS :
Wireshark
Packet sniffer used to find passwords and other important network errors going across network SSL Passwords are often sent in clear text before logging on
http://tinyurl.com/yclvno
Metasploit
Hacking/networking security made easy
http://www.metasploit.com/
Read notify
Registered email
http://www.readnotify.com/
Virtual Machine
For pen testing
http://tinyurl.com/2qhs2e
DIGITAL FORENSICS
First and foremost: I am not a lawyer. Always consult your local law enforcement agency and legal department first!
www.e-fense.com
ANTI-FORENSICS
Be Aware of activity in the Anti-Forensics area!! There are active efforts to produce tools to thwart your forensic investigation.
Sysinternals
EVENT LOG
Acquire key data
Use to document unauthorized file and folder access
ACCESSCHK*
Acquire key data
Shows what folder permissions a user has Provides evidence that user has opportunity
PSLOGGEDON*
Acquire key data
Shows if a user is logged onto a computing resource
ROOTKIT REVEALER
Acquire key data
Reveals rootkits, which take complete control of a computer and conceal their existence from standard diagnostic tools
PSEXEC
Acquire key data
Allows investigator to remotely obtain information about a users computer - without tipping them off or installing any applications on the users computer
SHAMELESS PLUG
Presentations on my site located at www.es-es.net Manage & Secure Your Wireless Connections www.gcasda.org http://tinyurl.com/y9oywob http://tinyurl.com/yfh7d6t http://tinyurl.com/ygtsgft Check out the presentation given this morning To learn more about GCA (Georgia Cumberland Academy) Face-Saving Tools for Managers 20 great Windows open source projects E-Crime Survey 2009