CSC 5930/9010 Offensive Security: OSINT
|
|
- Luke Roberts
- 5 years ago
- Views:
Transcription
1 CSC 5930/9010 Offensive Security: OSINT Professor Henry Carter Spring 2019
2 Recap Designing shellcode requires intimate knowledge of assembly, system calls, and creative combinations of operations But allows for truly flexible and customized attacks Some countermeasures that exist for exploits include careful logging, deep packet inspection (IDS), and stack modifications in the kernel Circumventing these measures requires continuous study and creativity thus, the "art" of exploitation
3 Attack Kill Chain Attacks take place from a variety of actors in a variety of positions, but they generally follow a pattern The Lockheed Martin kill chain enumerates possible phases of attack These phases tend to focus on malware-specific attacks The kill chain points to a more general pattern of reconnaissance, attack, and persistence in the system
4 Kill Chain Illustration
5 Intelligence Gathering Any attack requires some information about the target to determine how to proceed with the exploitation A significant amount of information can be found publicly Open Source Intelligence (OSINT) encompasses the data that can be easily gathered from public sources
6 What is OSINT? Open Source Intelligence is information gathered from publicly-available sources. This information is readily available to anyone who might want to hack your site. Sources may include Newspapers Web-based communities Public data Observation and reporting Professional and academic literature Maps Google!
7 How do I look? Search engines! This technique is well documented: e.g., searching publicly indexed web directories Scraping social media, Github, credential dumps, etc. OSINT Tools: Recon-NG Shodan
8 What am I looking for? addresses can reveal account names. Links can reveal unpublished web directories. Forums with entries of users from a company can reveal information about hardware/software used by the company and often can reveal poorly configured software. Job sites (dice mostly) may identify technologies a company is searching for. See who they're hiring and you may find out what they're weak in. Open directories on the company's site can reveal all sorts of useful intelligence. pastebin.com. Let anonymous help you do your job!
9 Internet Name Allocation The Internet Corporation for Assigned Names and Numbers (icann.org) and the Internet Assigned Numbers Authority (IANA) coordinate the assignment of Internet domain names (human readable names that identify groups of machines) IP address numbers (numbers used to route internet messages to the correct host) ICANN delegates its work to the Address Supporting Organization (ASO) The ASO allocates IP address blocks to Regional Internet Registries (RIRs). APNIC, ARIN, LACNIC, RIPE, AfriNIC Critical use: mapping target names and addresses!
10 Review: IPv4 addresses Octet (number in range 0-255) So-called because it is represented with 8 bits (one byte) IPv4 Addresses are comprised of 4 octets , , Originally, the internet would be assigned in network chunks of different sizes according to class: Class A networks: first octet starts with 0-bit (0-127), network address is one octet, three octets for host addresses (128 networks, 16,777,216 addresses). B/C used 2 or 3 octets for network address Allocated IP blocks are subdivide for access ISPs and organizations by assigning longer network addresses (CIDR) For any organization, we can look up the network address
11 Review: Host Domain Names Sequence of labels terminated by dots. The rightmost dot is implied if missing. The labels are strings of upper and/or lower case characters (A-Za-z), numbers, or hyphens. Resolved recursively from right to left using queries to name servers for each zone Examples helix.csc.villanova.edu whitehouse.gov Usually allows a more consistent mapping of resources if IP addresses are changing
12 Domain Registrant Information The whois application on Linux allows you to query public servers for registrant information Including names, addresses, admin contact info, etc. These servers can also be queried through web interfaces Try it out! Navigate to Provide a domain name If complete information is not available, you will be directed to another whois server with more complete information.
13 Dig The dig application allows you to query a domain from DNS and see the corresponding IP address Dig also allows reverse lookups, where you enter an IP address and it returns a domain name if the domain has configured a PTR record This allows you to map out the publicly exposed hosts (both IPs and domain names) within a target organization s network Try dig
14 Active Scanning After understanding the machines that are publicly available (including DNS and IP address space) you can start scanning for potential vulnerabilities Some information can be established from a simple port scan Many applications use designated port numbers More thorough scanning techniques look for additional information, such as Operating System Software version Configuration details
15 nmap Scanning software written by Fyodor (Gordon Lyon) Host discovery (ARP scanning) Port scanning (TCP/UDP) Version detection OS detection Scriptable interactions with the Nmap Scripting Engine (NSE) Scans ~1000 most popular ports by default
16 Vulnerability Scanners Nessus, Nexpose, and OpenVAS are the most popular commercial network audit tools. If there is no need for stealth in a penetration, you can discover services (in particular vulnerable services) using these tools. Typically, these operate as client/server applications. The client asks the server to scan machines/networks/etc. The server does the scanning. Your kali VM would normally act as both client and server. (You communicate to the server with a web browser.)
17 Web Scanners Scanners like Nikto will scan web servers for files and programs that can be exploited. It can also identify software version information and configuration flaws Scrapers like CeWL will search web page source code for words that can be used later to enumerate running servers, identify account information, or be used in password dictionary attacks The Burp Suite is among the most popular web testing tools, and contains a variety of scanners and exploit applications
18 Special-Purpose Scanners Some open source software and common commercial software has been studied/explored enough to demonstrate consistent exploitability Special-purpose scanners are designed to scan for vulnerabilities in a particular target application Examples include: WordPress Apache HTTP server Cisco brand routers
19 Stealth Many of these scanners send large volumes of specially formatted requests If an intrusion detection system is searching for scanning behavior, you may get blocked It s CRITICAL to know how a scanner works before you use it! Stealth scanners and scanning techniques may be required
20 Recap Any attack or penetration test must begin with intelligence A significant amount of information can be gathered from public sources DNS and IP allocation helps identify the public internetfacing machines within an organization Scanning tools allow you to enumerate what devices are listening and what software they are running Perseverance is key!!!
21 Next Time... Metasploit Tutorial Remember, you need to read it BEFORE you come to class! Quiz #7 will be based on the reading Complete and submit the scanning lab See Blackboard for due date 21
Module 10. (Reconnaissance Whois and DNS)
(Reconnaissance Whois and DNS) At the end of this module, you should what Domain Names and IPv4 Address are and how they are related by the Domain Name Service. You should also have an idea of what kind
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationBasics of executing a penetration test
Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING LESS The Threat State Sponsored MORE Terrorism Espionage Criminal NOTE: Hackers increasingly showing more potential to cause greater damage MORE Hacker LESS Occurrence Damage
More informationCSC 4992 Cyber Security Practice
CSC 4992 Cyber Security Practice Fengwei Zhang Wayne State University CSC 4992 Cyber Security Practice 1 Who Am I? Fengwei Zhang Assistant Professor of Computer Science Office: Maccabees Building, Room
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCSC 5930/9010 Offensive Security: Lateral Movement
CSC 5930/9010 Offensive Security: Lateral Movement Professor Henry Carter Spring 2019 Recap Symmetric vs. Asymmetric encryption techniques Authentication protocols require proving possession of a secret:
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationCONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7
CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...
More informationPenetration testing using Kali Linux - Network Discovery
Penetration testing using Kali Linux - Network Discovery by Riazul H. Rozen Sept. 14, 2017 4 minute read Table of Contents Importance of penetration testing Kali Linux in penetration testing Network Discovery
More informationA Model for Penetration Testing
A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationCoding for Penetration
Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationPrepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC
Prepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC Overview History & Evolution Structure IP Address Management Internet Number Resource Management Policy Development Internet Number
More informationEthical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 2 Footprinting
Ethical Hacking and Countermeasures: Attack Phases, Second Edition Chapter 2 Footprinting Objectives After completing this chapter, you should be able to: Define footprinting in terms of the reconnaissance
More informationRDAP: A Primer on the Registration Data Access Protocol
RDAP: A Primer on the Registration Data Access Protocol Andy Newton, Chief Engineer, ARIN Registration Operations Workshop IETF 93 Prague, CZ 19 July 2015 Background WHOIS (Port 43) Old, very old Lot s
More informationدوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting
Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators
More informationNmap & Metasploit. Chun-Jen (James) Chung. Arizona State University
Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts
More informationMeasuring IPv6 Deployment
Measuring IPv6 Deployment The story so far IANA Pool Exhaustion In this model, IANA allocates its last IPv4 /8 to an RIR on the 18 th January 2011 Ten years ago we had a plan Oops! We were meant to have
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationCompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/
Page No 1 https://www.dumpsplanet.com m/ CompTIA PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo For More Information: PT0-001-dumps Page No 2 Question: 1 During a penetration test, a tester
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationIPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010
IPv4 depletion & IPv6 deployment in the RIPE NCC service region Kjell Leknes - June 2010 Outline About RIPE and RIPE NCC IPv4 depletion IPv6 deployment Engaging the community - RIPE NCC and the RIPE community
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationWHOIS ACCURACY and PUBLIC SAFETY
WHOIS ACCURACY and PUBLIC SAFETY AAWG - 26/10/2016 Gregory Mounier Head of Outreach European Cybercrime Centre (EC3) EUROPOL OBJECTIVES Update: Public Safety Uses of WHOIS Current WHOIS accuracy challenges
More informationPractice Labs Ethical Hacker
Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your
More informationEyes Wide Open. John Sawyer Senior Security Analyst InGuardians, Inc.
Eyes Wide Open John Sawyer Senior Security Analyst InGuardians, Inc. Agenda Who am I? What is IT Security? Penetration Testing (aka. Go Hack Yourself) Fun (and scary) Attacks And, How to Protect Yourself
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationIntroduction to the RIR System. Dr. Nii N. Quaynor
Introduction to the RIR System Dr. Nii N. Quaynor 1 Internet Identifiers Name resources: Names Names used to access the Internet gtlds: Generic Top level domains (.com,.net, info,.org,.int etc) cctld:
More informationMetasploit: The Penetration Tester's Guide PDF
Metasploit: The Penetration Tester's Guide PDF "The best guide to the Metasploit Framework."HD Moore, Founder of the Metasploit Project The Metasploit Framework makes discovering, exploiting, and
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationSam Spade 1.14 Open Source Security Tool by Steve Atkins
CS 413 Spring 2005 Max Konovalov Sam Spade 1.14 Open Source Security Tool by Steve Atkins University of Alaska Anchorage Department of Mathematical Sciences This paper describes Sam Spade 1.14 open source
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationWeb Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationFIRMS: a Future InteRnet Mapping System
Institute of Computer Science Department of Distributed Systems Prof. Dr.-Ing. P. Tran-Gia FIRMS: a Future InteRnet Mapping System Michael Menth, Matthias Hartmann, Michael Höfling Overview The FIRMS architecture
More informationCHCSS. Certified Hands-on Cyber Security Specialist (510)
CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Updated 3-3-18 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate *NIX OS targets Introduction
More informationCNIT 129S: Securing Web Applications. Ch 4: Mapping the Application
CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect
More informationChapter 1. Footprinting: Knowing Where to Look IN THIS CHAPTER: Footprinting Explained Summary
Chapter 1 Footprinting: Knowing Where to Look IN THIS CHAPTER: Footprinting Explained Summary 3 4 Part I: Hacking Fundamentals Before potential attackers can begin to test the windows and rattle the doorknobs
More informationTHREAT LANDSCAPE AT THE UW
THREAT LANDSCAPE AT THE UW JAMES POLAND, CYBER THREAT ANALYST (jwpoland@uw.edu) AND REBEKAH SKIVER THOMPSON, INCIDENT RESPONSE & THREAT INTELLIGENCE MANAGER (bskiver@uw.edu) OFFICE OF THE CHIEF INFORMATION
More informationOSSAMS -Security Testing Automation and Reporting
OSSAMS -Security Testing Automation and Reporting Adrien de Beaupré Intru-Shun.ca Inc. SANS Internet Storm Center Handler SecTor 2011, 19 October 2011 Agenda Definitions Methodology Workflow Reporting
More informationOffensive Technologies
University of Amsterdam System and Network Engineering Offensive Technologies OS3 Network Security Assessment Students: Peter van Bolhuis Kim van Erkelens June 1, 2014 Executive Summary Being a security
More informationPluralsight CEU-Eligible Courses for CompTIA Network+ updated March 2018
Pluralsight CEU-Eligible Courses for CompTIA Network+ updated March 2018 Access Control Lists (ACLs) for Cisco CCNA 200-125/100-105 Advanced Access Control with Cisco ISE for CCNP Security (300-208) SISAS
More informationVulnerability Assessment using Nessus
Vulnerability Assessment using Nessus What you need Computer with VirtualBox. You can use any host OS you like, and if you prefer to use some other virtual machine software like VMware or Xen, that s fine
More informationContents in Detail. Foreword by Peter Van Eeckhoutte
Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationQuick Lockdown Guide. Firmware 6.4
Bosch Security Bosch Security Systems System Video Systems Video Systems Bosch Security Systems Video Systems Quick Lockdown Guide Firmware 6.4 Overview The purpose of this technical brief is to provide
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Scanning CIT 480: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting CIT 480: Securing Computer
More informationUnderstand the range of environmental and network reconnaissance techniques that may be used to test security systems.
Reconnaissance Techniques Reconnaissance Techniques Objectives On completion of this unit, you will be able to: Understand the range of environmental and network reconnaissance techniques that may be used
More informationImplementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA
Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA/Public/Final/LLV i Table
More informationEvaluating Website Security with Penetration Testing Methodology
Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia
More informationECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]
s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools
More informationCoding for Penetration Testers Building Better Tools
Coding for Penetration Testers Building Better Tools Second Edition Jason Andress Ryan Linn Clara Hartwell, Technical Editor ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
More informationSecuring Routing: RPKI Overview. Mark Kosters Chief Technology Officer
Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer Why are DNSSEC and RPKI important? Two of the most critical resources DNS Routing Hard to tell when resource is compromised Focus of
More informationIPv6: The Future of the Internet? July 27th, 1999 Auug
IPv6: The Future of the Internet? July 27th, 1999 Auug Overview Introduction to APNIC Introduction to IPv6 Obtaining IPv6 Address Space References and RFCs What is APNIC? Regional Internet Registry (RIR)
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationAPNIC allocation and policy update. JPNIC OPM July 17, Tokyo, Japan Guangliang Pan
APNIC allocation and policy update JPNIC OPM July 17, 2007 - Tokyo, Japan Guangliang Pan 1 Overview Internet registry structure Number resource allocation statistics APNIC recent policy implementations
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationRECON FOR THE DEFENDER: YOU KNOW NOTHING (ABOUT YOUR ASSETS)
SESSION ID: GRC-W12 RECON FOR THE DEFENDER: YOU KNOW NOTHING (ABOUT YOUR ASSETS) Ed Bellis CTO, Co-founder Kenna Security @ebellis Jonathan Cran Head of Research Kenna Security @jcran About Your Presenters
More informationMeasuring IPv6 Deployment
Measuring IPv6 Deployment Geoff Huston George Michaelson research@apnic.net The story so far In case you hadn t heard by now, we appear to be running quite low on IPv4 addresses! IANA Pool Exhaustion Prediction
More informationRSC Part II: Network Layer 3. IP addressing (2nd part)
RSC Part II: Network Layer 3. IP addressing (2nd part) Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part of the companion slides to the book Computer Networking:
More informationExam Questions
Exam Questions 312-50 Ethical Hacking and Countermeasures (CEHv6) https://www.2passeasy.com/dumps/312-50/ 1.What is the essential difference between an \'Ethical Hacker\' and a \'Cracker\'? A. The ethical
More informationVulnerability Validation Tutorial
Vulnerability Validation Tutorial Last updated 01/07/2014-4.8 Vulnerability scanning plays a key role in the vulnerability management process. It helps you find potential vulnerabilities so that you can
More informationDefinitive Guide to PENETRATION TESTING
Definitive Guide to PENETRATION TESTING Chapter 1 Getting To Know Penetration Testing A. What is Penetration Testing? Penetration Testing, pen testing, or ethical hacking is the process of assessing an
More informationINF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi
INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical
More informationRIPE Policy Development & IPv4 / IPv6
RIPE Policy Development & IPv4 / IPv6 Workshop on the IPv6 development in Saudi Arabia 8 February 2009 Axel Pawlik axel@ripe.net Overview RIPE PDP (Policy Development Process) Current Policy Issues IPv4
More informationIT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://www.certqueen.com
IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://www.certqueen.com Exam : 312-50 Title : Ethical Hacker Certified Version : Demo 1 / 7 1.What is the essential difference between
More informationContents in Detail. Acknowledgments
Acknowledgments xix Introduction What s in This Book... xxii What Is Ethical Hacking?... xxiii Penetration Testing... xxiii Military and Espionage... xxiii Why Hackers Use Linux... xxiv Linux Is Open Source....
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationApplied Open Source Intelligence OSINT. Not Just For Attackers David Mashburn All Rights Reserved
Applied Open Source Intelligence OSINT Not Just For Attackers 2019 David Mashburn All Rights Reserved David Mashburn, @d_mashburn SANS Certified Instructor GSE #157 Security mule Family guy 2 What is OSINT?
More informationRIPE NCC DNS Update. Wolfgang Nagele DNS Services Manager
RIPE NCC DNS Update Wolfgang Nagele DNS Services Manager DNS Department Services Reverse DNS for RIPE NCC zones Secondary for other RIRs K-root F-reverse (in-addr.arpa & ip6.arpa) Secondary DNS for cctlds
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified 1-11-17 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate *NIX OS targets
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationInformation Gathering Techniques
Information Gathering Techniques February 20, 2013 Twin Cities Chapter Ethical Disclaimer This is for testing and educational purposes only. Do not use any of the methods described and or discussed for
More informationBegin forwarded message:
Begin forwarded message: From: Axel Pawlik Date: 23 November 2010 6:13:22 am To: Elise Gerich Cc: Leo Vegoda Subject: Various Registry address space, update message-id: user-agent: Mozilla/5.0 (Macintosh;
More informationPenetration Testing and Fuzzing. John Slankas
Penetration Testing and Fuzzing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security Penetration Testing aka Ethical Hacking Art of testing a running
More informationCAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR
PDF NESSUS VULNERABILITY SCANNER - BASICS - SECURITYLEARN CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR 1 / 6 2 / 6 3 / 6 website vulnerability scanner pdf Basics vulnerability scanning with NESSUS...
More informationIP Address Management The RIR System & IP policy
IP Address Management The RIR System & IP policy Nurani Nimpuno APNIC Overview Early address management Evolution of address management Address management today Address policy development IP allocation
More informationKali Linux Windows Penetration Testing Free Ebooks
We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer, you have convenient answers with kali linux windows penetration
More informationWelcome to Your First ARIN Meeting
Welcome to Your First ARIN Meeting Handouts for you Basic information Acronym list ARIN fact sheets ARIN at a Glance Policy Development Process ARIN Participation Internet Ecosystem Self- Introductions
More informationVulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database
Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationWeek Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development
Weekly Tasks Week 5 Rich Macfarlane 2013 Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development Aim: The aim of these labs are to further investigate the Snort, network IDS, and methods
More informationPASS4TEST. Prüfungshilfen für IT Zertifizierungen. Wir bieten Ihnen einen kostenlosen einjährigen Upgrade Service an
PASS4TEST Prüfungshilfen für IT Zertifizierungen http://www.pass4test.de Wir bieten Ihnen einen kostenlosen einjährigen Upgrade Service an Exam : 312-50 Title : Ethical Hacker Certified Vendors : EC-COUNCIL
More informationHandling Network Abuse Reports at APNIC
Handling Network Abuse Reports at APNIC 17 November 2010 APT Cybersecurity Forum, Sydney George Kuo Member Services Manager, APNIC 1 APT Bali Plan of Action Nov 2009 A. Widen broadband connectivity B.
More information