GLOBAL HONEYPOT TRENDS
|
|
- Doris Elliott
- 8 years ago
- Views:
Transcription
1
2 GLOBAL HONEYPOT TRENDS Elliott Brink October 27 th, 2015
3 Introduction Elliott Brink Senior associate, RAS security and privacy Internal penetration testing External penetration testing Social engineering Speaker at various infosec conferences: DEFCON, GrrCON, BSides Indy, Security Weekly TV Podcast Bachelor of Science, management information systems Bradley University, Peoria, Illinois Former top 10 consulting, prior sysadmin Honeypot crazy (coworkers/friends agree) Available for questions after the talk 3
4 10 second agenda What is a honeypot? Why run one? My research/results Initial results Study of attackers Global trends 4
5 Honeypots: introduction Honeypot: an intentionally vulnerable or fake system designed as a trap for potential attackers There is no good interaction with a honeypot Known accepted standards Outside the scope, majority of time isn t good Just because it isn t good doesn t mean it is bad Traditionally used on external facing side of network However, usage cases do exist for internal honeypots Detection of attacks aside from IDS/Firewall 5
6 Honeypots: introduction Active defense Annoying the attacker Trapping them, wasting their time 6 Winnie the Pooh Disney
7 7
8 8
9 Why run one? Personal: fun (the best reason) Corporate: detection of outside attacks aside from IDS/Firewall Internal detection scenarios possible Academia: research/thesis 9
10 Threat intelligence 10
11 Kippo Kippo: A medium interaction SSH honeypot written in Python (based on Kojoney) Emulates SSH login & full linux system ls, cat, echo, ifconfig, wget, etc. Records username/pass in MySQL Records user interaction Original: 11
12 However For the purposes of this talk, I used Kippo across nine systems located in USA, China, Russia and Singapore Cowrie, based on Kippo with added features 12
13 Kippo visualization Kippo Graph Kippo2ElasticSearch Tango Honeypot Intelligence Allows sending to Splunk instance 13
14 Start of the project January 2014 Raspberry Pi Low powered device Perfect for single use 14
15 Customization /proc/cpuinfo (edit CPU info) /proc/meminfo (edit memory info) Hostname (pick your favorite core banking product) Pre-logon banner 15
16 The first three months ~250,000 password attempts correctly guessed root/ per day 16
17 Top 10 usernames attempted 17
18 Top 10 passwords attempted 18
19 Location based passwords Location based passwords, not as clever as we think 19
20 Last hop of attack 20
21 User input! (what I was waiting for) 21
22 Hack back 22
23 User interaction Person logs in wget The plan: The Matrix 20 th Century Fox 23
24 Enter HFS (or HttpFileServer vx.x Beta) 24
25 Browsing around hacker note taking Huh 25
26 Wordlists (thanks!!) 26
27 27
28 Google hack? Yep (and I indexed those, too) 28
29 Findings Linux local root exploit (circa ) They login as root, and run a local root exploit Script kiddies You ALREADY HAVE ROOT there is no root 2 Windows DDoS exe, botnet etc. SSH backdoor perl/sh scripts SSH key to add to honeypot for continued access 29
30 server.exe 30
31 Freebsd 31
32 Freebsd
33 Oh and also A file containing 1000 SSH username/password Later found one with 5000 And ~3 months ago found one with 80,000 yikes! Winnie the Pooh Disney 33
34 Interesting attackers or Winnie the Pooh Disney AtomiccircuS on DeviantArt 34
35 The Script Kiddie Username changes Password is root every time... Hydra is hard #YOUAREDOINGITWRONG This was from someone in San Francisco/San Jose Success of this is debatable At least no account lockout? 35
36 Everything Under The Sun attackers Using dictionary/dictionary Very noisy, going to be picked up in a heartbeat on a corporate environment (hopefully) Seen worse attacks, but this isn t the best tactic They need to minimize their scope 36 Taken 20 th Century Fox
37 Coincidence? I think not 37
38 Better attackers postgres/changeme postgres/postgres postfix/ postfix/password ftp/password ftp/ftp ftp/admin mysql/mysql 38
39 The bizarre. webfootedhorsef**kerphenomite/loldongs Across all nine systems in the course of a day If a botnet exists with this username and password, I want to buy you a drink Or maybe they figured out it was a honeypot? If so, well done! 39
40 Expand! Russia China (Shanghai) (behind the great firewall) Singapore 40
41 Purchasing international VPS Surprisingly easy, but need to find the right companies Mainland China, hard to find, but exists. Hong Kong is easy. Takes paypal! Russia, easy, paypal Singapore, very easy, paypal All have 3-5 public IPv6 addresses, too 41
42 Cost of project Chicago, free (hosted at home) USA VPS ($12 per year, I have 5) Singapore ($48 per year) Russia (~$38 per year) China (~$76 per year) Total cost: ~$222 Minimal cost for excellent data! 42
43 More sensors = more data ~18 million password guess attempts (thus far) ~900k unique More user interaction Broader range of attackers 43
44 Russia, China and Singapore Added international sensors Further sensor analysis designed to answer important questions: Are there geographic differences in the attackers depending on country? China is main aggressor for USA, is USA main aggressor for China? Does anyone care about attacking Singapore? (the answer is apparently no, because there are barely any attacks ) 44
45 China VPS Honeypot Spooky Random netstat entries by default apt-get update; apt-get upgrade signals reinstall of the GRUB boot loader Need to further investigate this, had latest version from what I could tell Two IPs port scanning me every 30 seconds Owned by China telecom company Heartbeat across the network? All of IPv4? China has strange laws about port 80 Need something called ICP license for port 80 Change HTTP to 8080 or HTTPS is apparently okay 45
46 Country per unique IP (China VPS) Note: country per unique IP Take into account probes as mentioned and China gets ~95%+ 46
47 Honorable mentions (less than 1% of attacks) 47
48 China VPS interesting item No initial surge in successes per day 48
49 Singapore VPS Very few attacks, ~600k total password guesses Distinct IPs: ~5600 As opposed to most USA systems with 13k+ Primary Attackers Hong Kong ~50% Japan ~25% China ~10% Miscellaneous others remaining ~15% Interesting: 21 root password change attempts 49
50 Singapore VPS Separate system validates initial surge of successes upon hitting the Internet 50
51 Russia VPS Decent amount of attacks, ~1.5mil total Distinct IPs: ~4900 Primary Attackers Hong Kong ~60% Unknown IPs ~30% Miscellaneous others remaining ~10% Gap in statistics, many IPs with no known origin Interesting: GeoIP spread slightly different than USA systems 51
52 What s next? Guide to deploy a Kippo honeypot on your own Wordlist of all unique guessed passwords on website: More sensors across the world! Malware analysis Different types of sensors RDP Honeypot (began to implement some) 52
53 53
54 54
55 RSM US LLP 1 South Wacker Chicago, Illinois This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM and the RSM logo are registered trademarks of RSM International Association. The power of being understood is a registered trademark of RSM US LLP RSM US LLP. All Rights Reserved.
Global Honeypot Trends
Global Honeypot Trends Adventures with Kippo! Elliott Brink @ebrinkster /usr/bin/whoami Elliott Brink (@ebrinkster) Senior Penetration Tester at McGladrey (soon to be ) Internal Penetration Testing External
More informationProject Artillery Active Honeypotting. Dave Kennedy Founder, Principal Security Consultant https://www.trustedsec.com davek@trustedsec.
Project Artillery Active Honeypotting Dave Kennedy Founder, Principal Security Consultant https://www.trustedsec.com davek@trustedsec.com About the Speaker Founder, Principal Security Consultant at TrustedSec.
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationLogs and Tactical Defence. Allan Stojanovic David Auclair University of Toronto #include <disclaimer.h>
R A O M Logs and Tactical Defence Allan Stojanovic David Auclair University of Toronto #include Our Environment Six /16 IPv4 networks one /32 IPv6 network (393,204 Ipv4s and 4,294,967,296
More informationNetwork Security In Linux: Scanning and Hacking
Network Security In Linux: Scanning and Hacking Review Lex A lexical analyzer that tokenizes an input text. Yacc A parser that parses and acts based on defined grammar rules involving tokens. How to compile
More informationAuthor: Sumedt Jitpukdebodin. Organization: ACIS i-secure. Email ID: materaj@gmail.com. My Blog: http://r00tsec.blogspot.com
Author: Sumedt Jitpukdebodin Organization: ACIS i-secure Email ID: materaj@gmail.com My Blog: http://r00tsec.blogspot.com Penetration Testing Linux with brute force Tool. Sometimes I have the job to penetration
More informationUSE HONEYPOTS TO KNOW YOUR ENEMIES
USE HONEYPOTS TO KNOW YOUR ENEMIES SHERIF MOUSA (EG-CERT) 9 MAY 2012 WHAT ARE WE GOING TO TALK ABOUT? What exactly happens on the end of your Internet connection. Open Source tools to set up your own Honeypot
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationVoipSwitch Security Audit
VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has
More informationEvading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant
Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of contents Table of contents...
More informationWhy is a strong password important?
Internet Security Why is a strong password important? Identity theft motives: To gain access to resources For the challenge/fun Personal reasons Theft methods Brute forcing and other script hacking methods
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationHoneypots & Honeynets Overview. Adli Wahid Security Specialist, APNIC.net adli@apnic.net
Honeypots & Honeynets Overview Adli Wahid Security Specialist, APNIC.net adli@apnic.net 1 Contents 1. ObjecCves 2. DefiniCon of Honeypot & Honeynets 3. Benefits & Risk consideracon 4. Example of Honeypot
More informationBandwidth Monitoring December 2008
December 2008 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More informationNessus Agents. October 2015
Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts
AlienVault Unified Security Management (USM) 4.x-5.x Deploying HIDS Agents to Linux Hosts USM 4.x-5.x Deploying HIDS Agents to Linux Hosts, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. AlienVault,
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationIntroduction to Network Penetration Testing
Introduction to Network Penetration Testing James Shewmaker jims@bluenotch.com Intro to Penetration Testing - 2008 James Shewmaker 1 Outline Definitions and Concepts Key Tools Targets and Scenarios Intro
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (Internal Attacker - Beginner version) By: magikh0e - magikh0e@ihtb.org Last Edit: July 07 2012 This guide assumes a few things... 1. You have installed Backtrack before
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationA Whirlwind Introduction to Honeypots
A Whirlwind Introduction to Honeypots Marcus J. Ranum What is a honeypot? A security resource thats value lies in being attacked, probed, or compromised A honeypot is more a state
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationThe Application Usage and Threat Report
The Application Usage and Threat Report An Analysis of Application Usage and Related Threats within the Enterprise 10th Edition February 2013 PAGE 1 Executive Summary Global Findings Since 2008, Palo Alto
More informationINTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI
INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI Na przykładzie Junos WebApp Secure Edmund Asare INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations
More informationMalicious Behavior in Voice over IP Infrastructure
Malicious Behavior in Voice over IP Infrastructure MIROSLAV VOZNAK, JAKUB SAFARIK, LUKAS MACURA and FILIP REZAC Department of Multimedia CESNET Zikova 4, 160 00 Prague CZECH REPUBLIC voznak@ieee.org, safarik@cesnet.cz,
More informationURL: http://crosswire.org/~jmarsden/talks/hardening-ubuntu/hardening-ubuntu.html
Hardening Ubuntu Date: 12 Mar 2011 Author: Jonathan Marsden jmarsden@fastmail.fm URL: http://crosswire.org/~jmarsden/talks/hardening-ubuntu/hardening-ubuntu.html Contents Introduction The BASICS (the bare
More informationSecurity from the Cloud
Security from the Cloud Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: April 2008 Summary: This white paper describes advantages of using
More informationInformation Collection on DDoS Attacks. Anna Claiborne Prolexic Technologies
Information Collection on DDoS Attacks Anna Claiborne Prolexic Technologies Statistics United States Secret Service report less than 0.1% of DDoS attacks ending in an arrest A Major US corporation lost
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationIntrusion Detection Systems
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationHEY! YOU! GET OFF MY CLOUD! ATTACKS AGAINST CLOUD HONEYPOTS. Martin Lee Neil Rankin
HEY! YOU! GET OFF MY CLOUD! ATTACKS AGAINST CLOUD HONEYPOTS Martin Lee Neil Rankin Cloud Adoption Choose two: Fast Cheap Good Cloud Models Public IaaS PaaS SaaS Private Cloud Models Public IaaS PaaS SaaS
More informationAnalytics, Big Data, & Threat Intelligence: How Security is Transforming
Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data
More information5 Tools For Passing a
5 Tools For Passing a 4530 Plank Rd., Ste. 111, Fredericksburg, VA 22407 3 Health Insurance Portability and Accountability Act 4 Health Information Technology for Economic and Clinical Health Act 4 5 1
More informationRunning a Default Vulnerability Scan
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationD m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015. Black market of cybercrime in Russia
D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015 Black market of cybercrime in Russia WHOAMI Information Security Manager (Russia and CIS) Information Security Officer Information Security
More informationThe current version installed on your server is 2.6.32-431.5.1.el6.x86_64 and it's the latest available.
IP : nnn.nnn.nnn.n 173.255.141.4 Hostname : example.domain.com webserver.theewfinc.org OS : CentOS release 6.6 (Final) The following is a report on the security and performance of your server. It includes
More informationLinux Server Support by Applied Technology Research Center. Proxy Server Configuration
Linux Server Support by Applied Technology Research Center Proxy Server Configuration We configure squid for your LAN. Including transparent for HTTP and proxy for HTTPS. We also provide basic training
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationMcAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier
Application Note TrustedSource in McAfee Firewall Enterprise McAfee version 8.1.0 and earlier Firewall Enterprise This document uses a question and answer format to explain the TrustedSource reputation
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (External Attacker - Intermediate) By: magikh0e - magikh0e@ihtb.org Last Edit: July 06 2012 This guide assumes a few things... 1. You have read the basic guide of this
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationSecure Web Browsing in Public using Amazon
Technical White Paper jwgoerlich.us Secure Web Browsing in Public using Amazon J Wolfgang Goerlich Written July 2011 Updated August 2012 with instructions for Mac users by Scott Wrosch. Abstract The weary
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationCybernetic Proving Ground
Cybernetic Proving Ground Penetration Testing Scenario Jakub Čegan, Martin Vizváry, Michal Procházka cegan@ics.muni.cz Institute of Computer Science, Masaryk University About The Scenario "In this game
More informationVulnerability analysis
Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationHoneypot that can bite: Reverse penetration
Honeypot that can bite: Reverse penetration By Alexey Sintsov, Russian Defcon Group #7812 Introduction The objectives of this work are to determine the benefits and opportunities in conducting counter
More informationKevin Cardwell. Toolkits: All-in-One Approach to Security
Kevin Cardwell Kevin Cardwell spent 22 years in the U.S. Navy, starting off in Sound Navigation and Ranging (SONAR). He began programming in 1987. He was fortunate enough to get on the Testing Team and
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationHow to hack a website with Metasploit
How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationIDS and Penetration Testing Lab ISA656 (Attacker)
IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible
More informationWordPress Security Scan Configuration
WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationOrientation Course - Lab Manual
Orientation Course - Lab Manual Using the Virtual Managed Workplace site for the lab exercises Your instructor will provide the following information before the first lab exercise begins: Your numerical
More informationF-Secure Internet Gatekeeper Virtual Appliance
F-Secure Internet Gatekeeper Virtual Appliance F-Secure Internet Gatekeeper Virtual Appliance TOC 2 Contents Chapter 1: Welcome to F-Secure Internet Gatekeeper Virtual Appliance.3 Chapter 2: Deployment...4
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationHow to scan/exploit a ssl based webserver. by xxradar. http://www.radarhack.com mailto:xxradar@radarhack.com. Version 1.
How to scan/exploit a ssl based webserver. by xxradar. http://www.radarhack.com mailto:xxradar@radarhack.com. Version 1.0 21-09-2003 1. Introduction Sometimes late at night, playing with openssl and connecting
More informationShop Online with Confidence
Shop Online with Confidence Table of Contents Introduction 3 Benefits and Drawbacks of Online Shopping Benefits Drawbacks 5 6 Tips for Safe Online Shopping Before You Buy When Making a Purchase After Your
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationS E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s
S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationSANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam
SANS Dshield Webhoneypot Project Jason Lam November 13th, 2009 SANS Internet Storm Center jason@networksec.org The Foundation http://www.owasp.org Introduction Who is Jason Lam Agenda Intro to honeypot
More informationEthical Hacking Course Layout
Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type
More informationSecure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
More informationfor NewTech United, London
JANUARY 02, 2015 SECURITY REPORT MADE 02.01.2015 BETWEEN 18:00 22:00 by John Doe Security Specialist at Keios Solutions for NewTech United, London WWW.KEIOS.EU CLUSTER INFORMATION Number of servers: 1
More informationTunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationOS Installation Guide Red Hat Linux 9.0
OS Installation Guide Red Hat Linux 9.0 C o n t e n t s Contents 3 About This Guide 5 1 Planning Your Installation 7 Requirements 7 2 Installing Red Hat 9.0 Error! Bookmark not defined. What s Next? 19
More informationRed Hat Linux 7.2 Installation Guide
Red Hat Linux 7.2 Installation Guide Ryan Spangler spanglerrp22@uww.edu http://ceut.uww.edu April 2002 Department of Business Education/ Computer and Network Administration Copyright Ryan Spangler 2002
More informationNetwork Traffic Analysis
2013 Network Traffic Analysis Gerben Kleijn and Terence Nicholls 6/21/2013 Contents Introduction... 3 Lab 1 - Installing the Operating System (OS)... 3 Lab 2 Working with TCPDump... 4 Lab 3 - Installing
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationQuick Start Guide: Utilizing Nessus to Secure Microsoft Azure
Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationNew Systems and Services Security Guidance
New Systems and Services Security Guidance Version Version Number Date Author Type of modification / Notes 0.1 29/05/2012 Donna Waymouth First draft 0.2 21/06/2012 Donna Waymouth Update re certificates
More informationSecurity Considerations White Paper for Cisco Smart Storage 1
Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationCyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationSmartphone Pentest Framework v0.1. User Guide
Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed
More informationUncovering secret connections among attackers by using network theory and custom honeypots
Uncovering secret connections among attackers by using network theory and custom honeypots Pedram Hayati (PhD) Security Dimension (SecDim) pedram@secdim.com 28 May 2015 Tl;dr By using a number of custom
More informationSEAGATE BUSINESS NAS ACCESSING THE SHELL. February 1, 2014 by Jeroen Diel IT Nerdbox
SEAGATE BUSINESS NAS ACCESSING THE SHELL February 1, 2014 by Jeroen Diel IT Nerdbox P a g e 1 Table of Contents Introduction... 2 Technical specifications... 3 Gaining access to the shell... 4 Enable the
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More information