Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA
|
|
|
- Garry Beasley
- 8 years ago
- Views:
Transcription
1 Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA 1
2 Penetration testing Information Gathering Discovery / Fingerprinting Vulnerability analysis Exploitation Reporting 2
3 Information Gathering Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later. 3
4 I.G types Passive Active 4
5 I.G - Types of information Domain, subdomain/host names User names jdoe Accounts jdoe@target.com Workers names John Doe 5
6 I.G what for? Host/domain information for discovering new targets, to get a description of the host, industrial espionage, etc User names, s, worker names, for performing brute force attacks on available services. 6
7 How can we obtain this kind of info? 7
8 Obtaining host and Domains names - Classic Zone Transfer (active) Whois (passive) Reverse Lookup (active) BruteForce (active++) 8
9 Zone-Transfer - DIG request: weak.dns -t AXFR Tester DNS server 9
10 DNS bruteforce domain: target.com host afrodita.target.com Tester afrodita.target.com has Dictionary afrodita... hermes.. matrix neo... x x DNS server Discoverd hosts: afrodita neo 10
11 Obtaining host and Domains names II Search Engines (passive) Public PGP key servers (passive) 11
12 Obtaining host and Domains names II The PGP public key servers are only intended to help the user in exchanging public keys 12
13 Obtaining host and Domains Search engines subdomain 13
14 Obtaining host and Domains names II subdomains 14
15 Obtaining host and Domains Subdomainer Demo subdomainer 15
16 Obtaining user names - Classic Search engines (passive) Web pages (passive) 16
17 Other sources.. 17
18 Obtaining user names - New sources PgP key servers (passive) Social Networks (passive) Metadata (passive) 18
19 Obtaining user names - New sources Social networks LinkedIn is an online network of more than 15 million experienced professionals from around the world, representing 150 industries. 19
20 Obtaining user names - New sources Current Job Pasts Jobs Education Job description Etc... 20
21 Social networks, correlations zster/images/basic.png 21
22 Obtaining user names theharvester 22
23 Obtaining s theharvester 23
24 Obtaining user names - New sources Metadata: is data about data. Is used to facilitate the understanding, use and management of data. 24
25 Obtaining user names - New sources - Metadata Provides basic information such as the author of a work, the date of creation, links to any related works, etc. 25
26 Metadata - Dublin Core (schema) Content & about the Resource Intellectual Property Electronic or Physical manifestation Title Author or Creator Date Subject Publisher Type Description Contributor Format Language Rights Identifier Relation Coverage 26
27 Metadata - example logo-ubuntu.png logo-kubuntu.png software - Adobe ImageReady size x391 mimetype - image/png software - size x379 mimetype - image/png :/ 27
28 Metadata So where can we get interesting metadata? & 28
29 Metadata Ok, I understand metadata... so what? 29
30 Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites. 30
31 Metagoofil site:nasa.gov filetype:ppt 31
32 Metagoofil Downloaded files ppt 1 ppt 2 ppt 3 libextractor /filtering Results. html ppt n 32
33 Metagoofil Demo 33
34 Metagoofil - results 34
35 Metagoofil - results 35
36 Metagoofil - results z 36
37 Metagoofil - results 37
38 Metagoofil - results 38
39 Metagoofil - results 39
40 Metagoofil & Linkedin results Now we have a lot of usernames, what can i do? 40
41 Using results User profiling Dictionary creation John Doe john.doe jdoe j.doe johndoe johnd john.d jd doe ATTACK! john 41
42 References blog.s21sec.com
43 Any question? 43
44 Thank you for coming 44
A fresh new look into Information Gathering. Christian Martorella IV OWASP MEETING SPAIN
A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i? Christian Martorella Manager Auditoria S21sec CISSP, CISA, CISM, OPST, OPSA OWASP WebSlayer Project Leader
Chris Gates http://carnal0wnage.blogspot.com http://www.learnsecurityonline.com
New School Information Gathering Chris Gates http://carnal0wnage.blogspot.com http://www.learnsecurityonline.com Who Am I? Penetration Tester LearnSecurityOnline.com Security Blogger EthicalHacker.net
gathering Dave van Stein 9 april 2009
Modern information gathering Dave van Stein 9 april 2009 Who Am I Dave van Stein 34 years Functional tester > 7 years Specializing in (Application) Security Testing Certified Ethical Hacker Agenda Goal
How-to: DNS Enumeration
25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
Hacking Techniques & Intrusion Detection
Hacking Techniques & Intrusion Detection Winter Semester 2012/2013 Dr. Ali Al-Shemery aka: B!n@ry Footprinting Walking the trails to a target Outline External Footprinting Identify External Ranges Passive,
NCS490 Penetration Testing. Ronny L. Bull, MS Lecturer Computer Science Department. Spring 2014
NCS490 Penetration Testing Ronny L. Bull, MS Lecturer Computer Science Department Spring 2014 Outline General Overview Target Selection OSINT Covert Gathering Foot-printing Identifying Protection Mechanisms
2010: and still bruteforcing
2010: and still bruteforcing OWASP Webslayer Christian Martorella July 18th 2010 Barcelona Who am I Manager Auditoria CISSP, CISA, CISM, OPST, OPSA,CEH OWASP WebSlayer Project Leader FIST Conference, Presidente
040020305-Penetration Testing 2014
Comprehensive Questions/Practical Based :- 040020305-Penetration Testing 2014 1. Demonstrate the installation of BackTrack using Live DVD. Also list all the steps. 2. Demonstrate the installation of BackTrack
The Power. Chema. of FOCA 3
The Power of FOCA 3 What s a FOCA? 5/25/12 2 Al principio fue el Metadato 5/25/12 3 Metadata, hidden info Mala ges.ón Mala conversión Opciones inseguras & lost data Buscadores Arañas Bases de datos Mala
Targeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
Vinny Hoxha Vinny Hoxha 12/08/2009
Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology
Don t scan, just ask A new approach of identifying vulnerable web applications. 28th Chaos Communication Congress, 12/28/11 - Berlin
Don t scan, just ask A new approach of identifying vulnerable web applications Summary It s about identifying web applications and systems Classical network reconnaissance techniques mostly rely on technical
Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.
Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
SCADA Security Example
SCADA Security Example Christian Paulino and Janusz Zalewski Florida Gulf Coast University December 2012 1. Introduction SCADA systems are always connected to a network, so they are vulnerable to attack.
Penetration Testing in Romania
Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the
A New Era. A New Edge. Phishing within your company
Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security
PURPLE PAPER EXEGESIS OF VIRTUAL HOSTS HACKING BY PETKO PETKOV AND PAGVAC (ADRIAN PASTOR)
PURPLE PAPER EXEGESIS OF VIRTUAL HOSTS HACKING BY PETKO PETKOV AND PAGVAC (ADRIAN PASTOR) VIRTUAL HOST ENUMERATION TECHNIQUES There is a lot that we can say about finding virtual hosts from a given IP
Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
![Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at](/thumbs/33/15826620.jpg "Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at")
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
1. LAB SNIFFING LAB ID: 10
H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB
Security of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP
PKF Avant Edge Penetration Testing Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP What is Penetration Testing (PenTest)? A way to identify vulnerabilities that exists in a system/network that has existing
Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur
Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)
Pwning Intranets with HTML5
Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for
External Network Penetration Test Report
External Network Penetration Test Report Jared Doe jared@acmecompany.com C O N F I D E N T I A L P a g e 2 Document Information Assessment Information Assessor Kirit Gupta kirit.gupta@rhinosecuritylabs.com
Vulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Presenters: Bruce Upton CISSP, CISA, C EH bruce.upton@protectmybank.com Jerry McClurg CISSP, CISA, C EH jerry.mcclurg@protectmybank.com Agenda and Overview:
Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad
Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security
TESTING OUR SECURITY DEFENCES
INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki maria.papadaki@plymouth.ac.uk 1 1 Do we need to test our defences? Can penetration testing help to improve security?
Using Google to Find Vulnerabilities In Your IT Environment
R e p o r t s. I n f o r m a t i o n W e e k. c o m Next M a r c h 2 0 1 2 Using Google to Find Vulnerabilities In Your IT Environment Attackers are increasingly using a simple method for finding flaws
Client logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
ITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
McAfee Certified Assessment Specialist Network
McAfee Certified Assessment Specialist Network Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample
!!!!!!!!!!!!!!!!!!!!!!
Infrastructure Security Assessment Methodology January 2014 RSPS01 Version 2.1 RandomStorm - Security Assessment Methodology - RSPS01 Version 2.1-2014 - Page 1 Document Details Any enquires relating to
Penetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010
Penetration Testing Getting the Most out of Your Assessment Chris Wilkinson Crowe Horwath LLP September 22, 2010 Introduction Chris Wilkinson, CISSP Crowe Horwath LLP Product Manager - Penetration Testing
Computer Security and Penetration Testing. Chapter 2 Reconnaissance
Computer Security and Penetration Testing Chapter 2 Reconnaissance Objectives Identify various techniques for performing reconnaissance Distinguish and discuss the methods used in social engineering Discuss
Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing.
Finding Your Way in Testing Jungle A Learning Approach to Web Security Testing. Research Questions Why is it important to improve website security? What techniques are already in place to test security?
Reconnaissance CHAPTER 7 CHAPTER OVERVIEW AND KEY LEARNING POINTS INTRODUCTION INFORMATION IN THIS CHAPTER
CHAPTER 7 Reconnaissance INFORMATION IN THIS CHAPTER Website Mirroring Google Searches Google Hacking Social Media Job Sites DNS and DNS Attacks CHAPTER OVERVIEW AND KEY LEARNING POINTS This chapter will
Penetration: from Application down to OS
April 13, 2010 Penetration: from Application down to OS Getting OS Access Using Lotus Domino Application Server Vulnerabilities Digitаl Security Research Group (DSecRG) www.dsecrg.com Alexandr Polyakov.
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
Department of Computer Science and Technology, UTU 2014
M.Sc. (CA) Semester 3 Course Name & Code: Penetration Testing (040020305) Tedi Heriyanto, Shakeel Ali, BackTrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing is abbreviated as ST,
Exam 1 - CSIS 3755 Information Assurance
Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information
Intel Security Certified Product Specialist Security Information Event Management (SIEM)
Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking
January 2011 Maltego 3 User Guide - Transforms Version 3.0
PATERVA Maltego transforms A reference guide RT 2011/01 Table of Contents 1 Introduction... 7 2 Search engine transforms... 8 2.1 General notes when using search engine transforms... 8 2.2 Problems with
Sample Report. Security Test Plan. Prepared by Security Innovation
Sample Report Security Test Plan Prepared by Security Innovation Table of Contents 1.0 Executive Summary... 3 2.0 Introduction... 3 3.0 Strategy... 4 4.0 Deliverables... 4 5.0 Test Cases... 5 Automation...
THE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business
MIS 5208 Week 4 Cybersecurity & Fraud Ed Ferrara, MSIA, CISSP eferrara@temple.edu Hacking Source: www.youtube.com Computer Crime A cyber breach is any event that intentionally or unintentionally causes
DYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
Securing an Internet Name Server
Securing an Internet Name Server Cricket Liu cricket@verisign.com Securing an Internet Name Server Name servers exposed to the Internet are subject to a wide variety of attacks: Attacks against the name
Pentests: Exposing real world attacks
HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Security Day 2011 Pentests: Exposing real world attacks Renaud Dubourguais
INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
Deciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
ET XXX Introduction to Penetration Testing
ET XXX Introduction to Penetration Testing 2014 Fall Semester Monday, Wednesday, Friday 1:30 2:20 PM Engineering Complex III, Room XXX Instructor Alejandro Baca alejbaca@nmsu.edu 575-646-5789 Course Description
Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box
Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
Demystifying Penetration Testing
Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: debasis_mty@yahoo.com Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration
Penetration Testing Automation System
Universitat Politècninca de Catalunya Final Thesis Penetration Testing Automation System Author: Oriol Caño Bellatriu Supervisor: Manuel Garcia-Cervignon Gutierrez A thesis submitted in fulfilment of the
Vulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
Turning your managed Anti-Virus
Turning your managed Anti-Virus into my Botnet Jérôme NOKIN http://funoverip.net About me # id Jérôme Nokin http://funoverip.net jerome.nokin@gmail.com # job Penetration Tester Verizon Enterprise Solutions
Redefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
Kerem Kocaer 2010/04/14
Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
Honeypot that can bite: Reverse penetration
Honeypot that can bite: Reverse penetration By Alexey Sintsov, Russian Defcon Group #7812 Introduction The objectives of this work are to determine the benefits and opportunities in conducting counter
Penetration Testing. Security Testing
Penetration Testing Gleneesha Johnson Advanced Topics in Software Testing Fall 2004 Security Testing Method of risk evaluation Testing security mechanisms to ensure that their functionality is properly
QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014
QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.
Information Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
Audience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD
Penetration Testing University of Sunderland CSEM02 Harry R Erwin, PhD Resources Qinetiq Information Security Foundation Course (2002) Tittle, Stewart, and Chapple, 2004, CISSP: Certified Information Systems
Switching Your DNS WiredTree
Switching Your DNS Switching your DNS Now that you have your new account with us it is time to start planning on moving your current hosting over to your new server. This getting started guide covers switching
Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.
Tools for penetration tests 1 Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. What is a penetration test? Goals: 1. Analysis of an IT-environment and search
Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names
DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure
Eight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
EVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
Radware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
Intelligence Gathering. n00bpentesting.com
Intelligence Gathering Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Target Selection and OSINT Scenario Lab Tw0 - Footprinting What s Next? 3 3 3 4 4 4 5 5 13 17 2 Prerequisites
Bust a cap in a web app with OWASP ZAP
The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,
CLEO NED Active Directory Integration. Version 1.2.0
CLEO NED Active Directory Integration Version 1.2.0 CLEO NED Active Directory Integration Manual v1.2.0 Copyright c 2010 Lancaster University Network Services Limited. All rights reserved. Microsoft, Windows,
Enabling Office 365 Services
Exam : 70-347 Title : Enabling Office 365 Services Version : DEMO 1 / 5 1.You are the Microsoft Lync administrator for a company that uses Lync Online. The company has mandated that employees may use Lync
Vulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
Security A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
Penetration Testing Scope Factors
1 NZ PAPER LINUX AND WEB APPLICATION SECURITY Penetration Testing Scope Factors April 20, 2013 Zeeshan Khan NZPAPER.BLOGSPOT.COM 2 Abstract: This paper contains the key points of penetration testing. All
Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour
Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals
User Guide to the Content Analysis Tool
User Guide to the Content Analysis Tool User Guide To The Content Analysis Tool 1 Contents Introduction... 3 Setting Up a New Job... 3 The Dashboard... 7 Job Queue... 8 Completed Jobs List... 8 Job Details
Attack Frameworks and Tools
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet
Talk-101 User Guide. DNSGate
Talk-101 User Guide DNSGate What is DNSGate? DNSGate is a management interface to allow you to make DNS changes to your domain. The interface supports A, CNAME, MX and TXT records. What is DNS? DNS stands
APT A%ribu*on and DNS Profiling. Frankie Li ran2@vxrl.org Twi4er: @espionageware
APT A%ribu*on and DNS Profiling Frankie Li ran2@vxrl.org Twi4er: @espionageware Agenda APT A4ribu
Penetration Testing SIP Services
Penetration Testing SIP Services Using Metasploit Framework Writer Version : 0.2 : Fatih Özavcı (fatih.ozavci at viproy.com) Introduction Viproy VoIP Penetration Testing Kit Sayfa 2 Table of Contents 1
ER/Studio Enterprise Portal 1.0.2 User Guide
ER/Studio Enterprise Portal 1.0.2 User Guide Copyright 1994-2008 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A. All rights
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains
What is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
Tutorial: How to Use SQL Server Management Studio from Home
Tutorial: How to Use SQL Server Management Studio from Home Steps: 1. Assess the Environment 2. Set up the Environment 3. Download Microsoft SQL Server Express Edition 4. Install Microsoft SQL Server Express
Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015 Matthias Deeg BSidesVienna 0x7DF 1 Who am I? Dipl.-Inf. Matthias Deeg Expert IT Security Consultant CISSP, CISA,
The following topics describe how to manage policies on the Management Center:
The following topics describe how to manage policies on the Management Center: Policy Deployment, page 1 Policy Comparison, page 8 Policy Reports, page 10 Out-of-Date Policies, page 11 Policy Warnings,