n Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems
|
|
- Chastity Parsons
- 5 years ago
- Views:
Transcription
1 Outline n Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems n Describe methods used to escalate privileges Chapter #5: n Describe methods used to maintain access to systems n Describe methods of evidence erasure n Identify rootkit function and types n Identify basics of Windows and Linux file structure, directories, and commands 2 Phases of Hacking Windows Security Architecture n Credentials are stored in a SAM file n It stores hash values n On a domain passwords are stored in a database n MS picked not a very good encryption but it became better 3 Authentication Encryption OS versions LM DES Win 95/98 NTLM DES + MD4 Win NT NTLM v2 + Kerberos Symm+Asymm Win
2 Windows 7 5 Windows 10 6 LM Authentication LM Authentication n Converts everything to uppercase n If a password is seven characters or less, this significantly reduces the amount of time required to crack the rest of it n If the password was less than 14 characters, it would add because the LM hash value of seven blank characters will blank spaces to get it to 14 always be the same (AAD3B435B51404EE) n Then the password would be split into two 7-character n The first half we put through a cracker and get to work strings n The second is easily recognizable hash of seven blanks! n These strings would be hashed separately, with both n NTLM needs much more power to bruteforce hashes then combined for the output 7 8 2
3 Password Considerations Kerberos Exchange n Password: 8 characters long n Alphabet: 26 upper-case letters, 26 lower-case letters, 10 numbers, 33 special characters (95) n 95^8 = 6,634,204,312,890,625 n Password: 9/10 characters long n Alphabet: 26 upper-case letters, 26 lower-case letters (52) n 52^9 = 2,779,905,883,635,712 n 52^10 = 144,555,105,949,057, The client sends a cleartext message of the user ID to the AS (Authentication Server) requesting services on behalf of the user (Note: Neither the secret key nor the password is sent to the AS) 2 The AS checks to see if the client is in its database If it is, the AS generates the secret key (SK1) by hashing the password of the user found at the database (eg, Active Directory in Windows Server) and sends back the following two messages to the client Message A: Client/TGS Session Key (SK2) encrypted using the secret key of the client/user (SK1) Message B: Ticket-Granting-Ticket (TGT, which includes the client ID, client address, ticket validity period, and the client/tgs session key) encrypted using the secret key of the TGS (SK2) 3 Once the client receives messages A and B, it attempts to decrypt message A with the secret key (SK1) generated from the password entered by the user 4 If the user entered password does not match the password in the AS database, the client's secret key will be different and thus unable to decrypt message A 5 With a valid password and secret key the client decrypts message A to obtain the Client/TGS Session Key (SK2) This session key is used for further communications with the TGS (Note: The client cannot decrypt Message B, as it is encrypted using TGS's secret key) At this point, the client has enough information to authenticate itself to the TGS 10 AD Credentials AD Credentials n On a domain controller credentials are stored in Ntdsdit n ISAM (Indexed Sequential Access Method) is a file management system developed at IBM that allows records to be accessed either ESE database file sequentially (in the order they were entered) or randomly (with an index) n It is located in %SystemRoot%\NTDS\Ntdsdit or n An ESE database looks like a single file to Windows Internally the %SystemRoot%\System32\Ntdsdit database is a collection of 2, 4, 8, 16, or 32 kb pages n The NTDSDIT file is effectively the entire Active Directory n Pages contain meta-data to describe the data contained within the database, data itself, indexes to persist interesting orders of the data, and in a file other information n An ESE database may contain up to 232 pages, or 16 terabytes of data for 8 kilobyte sized pages
4 Kerberos Ticket Stealing - Mimikatz Hash Cracking n It is part of Kali /usr/share/mimikatz samdump2 in Kali Registry n The Windows registry is a collection of all the settings and configurations that make the system run n It stores all sorts of configuration settings and options: n low-level operating system components, n applications running on the machine, n drivers, the SAM file, and n the user interface n Keys and values
5 Root-Level Keys Root-Level Keys n HKEY_CLASSES_ROOT (HKCR) Contains information on file associations and Object Linking and Embedding (OLE) classes n HKEY_CURRENT_USER (HKCU) Contains profile information for the user currently logged on Information includes user-level preferences for the OS and applications n HKEY_LOCAL_MACHINE (HKLM) Contains information on hardware (processor type, bus architecture, video, disk I/O, and so on) and software (operating system, drivers, services, security, and installed applications) n HKEY_USERS (HKU) Contains specific user configuration information for all currently active users on the computer n HKEY_CURRENT_CONFIG (HKCC) Contains a pointer to HKEY_ LOCAL_MACHINE\SYSTEM\CurrentControlSet\CurrentControlSet\ Hardware Profiles\Current, designed to make accessing and editing this profile information easier Root-Level Keys 19 Keys 20 5
6 MMC 21 Linux Security Architecture 22 Linux Security Architecture Linux Security Architecture n / represents the root directory n /home holds the user home directories n /bin holds all sorts of basic Linux commands (a lot like the n /mnt holds the access locations you ve actually mounted C:\Windows\System32 folder in Windows) n /sbin (system binaries) holds more administrative commands n /dev contains the pointer locations to the various storage and and is the repository for most of the routines Linux runs (known input/output systems you will need to mount if you want to use them, such as optical drives and additional hard drives or as daemons) n /usr holds almost all of the information, commands, and files partitions Note that everything in Linux is a file unique to the users n /etc contains all the administration files and passwords Both the password and shadow files are found here
7 UNIX Commands Linux Permissions Command Description adduser Adds a user to the system cat Displays the contents of a file cp Copies ifconfig Displays network configuration information about your NIC kill Kills a running process (You must specify the process ID number ls Displays the contents of a folder -l, -a man Displays the manual page for a command passwd Used to change your password ps Process status command pwd Displays the name of the current directory rm Removes files The command rm-r also recursively removes all directories and subdirectories on the path and provides no warning when deleting a write-protected file su Allows you to perform functions as another user The sudo command version allows you to run programs with root privileges 25 CHMOD 26 Users 27 Password File vs Shadow File 28 7
8 Password Encryption Password Attacks n The format of the encrypted password is: n Non-electronic $#$SALT$PWD_SALTED_HASH social engineering n On Ubuntu 1004 LTS, the # is '6' and means a SHA-512 hash was used n Active online n Passive online n You can test a password with: n Offline mkpasswd -m SHA-512 <PASSWORD> <SALT> n This should return the encrypted password, starting w/ '$6$' Active Online Passive Online n Dictionary and brute-force attacks n Sniffing n Hash injections n ARP poisoning n Phishing n Trojans n Spyware n Keyloggers n Password guessing
9 Offline n Dictionary attack There is no 100 percent secure system, rainbow tables (Windows) n Hybrid attack and there is nothing that is foolproof! dictionary attack with substitutons n Brute-force attack Stay Alert! 33 9
PASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationLab Authentication, Authorization, and Accounting
Objectives Given a scenario, select the appropriate authentication, authorization, or access control Install and configure security controls when performing account management, based on best practices
More informationO/S & Access Control. Aggelos Kiayias - Justin Neumann
O/S & Access Control Aggelos Kiayias - Justin Neumann One system Many users Objects that require protection memory I/O devices (disks, printers) programs and processes networks stored data in general Separation
More informationChapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories
Chapter Two Exploring the UNIX File System and File Security Lesson A Understanding Files and Directories 2 Objectives Discuss and explain the UNIX file system Define a UNIX file system partition Use the
More informationLAB #7 Linux Tutorial
Gathering information: LAB #7 Linux Tutorial Find the password file on a Linux box Scenario You have access to a Linux computer. You must find the password file on the computer. Objective Get a listing
More informationWelcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions
Welcome to getting started with Ubuntu 12.04 Server. This System Administrator Manual guide to be simple to follow, with step by step instructions with screenshots INDEX 1.Installation of Ubuntu 12.04
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationCNIT 124: Advanced Ethical Hacking. Ch 9: Password Attacks
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks Topics Password Management Online Password Attacks Offline Password Attacks Dumping Passwords from RAM Password Management Password Alternatives
More informationPassword cracking. IN Ethical Hacking. Bruvoll & Sørby. Department of Informatics 1 / 46
Password cracking IN5290 - Ethical Hacking Bruvoll & Sørby Department of Informatics 2018 1 / 46 Agenda About passwords Cracking passwords 2 / 46 About passwords 3 / 46 Passwords as authentication Providing
More informationServer. Client LSA. Winlogon LSA. Library SAM SAM. Local logon NTLM. NTLM/Kerberos. EIT060 - Computer Security 2
Local and Domain Logon User accounts and groups Access tokens Objects and security descriptors The Register Some features in Windows 7 and Windows 8 Windows XP evolved from Windows 2000 Windows 10, 8,
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationHands-on Keyboard: Cyber Experiments for Strategists and Policy Makers
Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers Review of the Linux File System and Linux Commands 1. Introduction Becoming adept at using the Linux OS requires gaining familiarity
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 2 Password Authentication Roadmap Password Authentication
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationLinux Kung Fu. Stephen James UBNetDef, Spring 2017
Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationCommands are in black
Starting From the Shell Prompt (Terminal) Commands are in black / +--------+---------+-------+---------+---------+------ +------ +------ +------ +------ +------ +-- Bin boot dev etc home media sbin bin
More informationBTEC Level 3. Unit 32 Network System Security Password Authentication and Protection. Level 3 Unit 32 Network System Security
BTEC Level 3 Unit 32 Network System Security Password Authentication and Protection Passwords Why are they important? Passwords are cheap to deploy, but also act as the first line of defense in a security
More informationIntroduction. What is Linux? What is the difference between a client and a server?
Linux Kung Fu Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions
More informationETHICAL HACKING LAB SERIES. Lab 7: Breaking Windows Passwords
ETHICAL HACKING LAB SERIES Lab 7: Breaking Windows Passwords Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationLab E2: bypassing authentication and resetting passwords
Lab E2: bypassing authentication and resetting passwords TTM4175 September 7, 2015 The purpose of this lab is to learn about techniques for bypassing the authentication and access control of Windows and
More informationOptimized Attack for NTLM2 Session Response
Optimized Attack for NTLM2 Session Response Daiji Sanai & Hidenobu Seki SecurityFriday.com 2004.10.15 Topics of Discussion Is Windows authentication really weak? Learn more about Windows authentications.
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationHands-On Network Security: Practical Tools & Methods. Hands-On Network Security. Roadmap. Security Training Course
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap
More informationHands-On Network Security: Practical Tools & Methods
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap
More informationNetwork Security Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication
More informationKey distribution and certification
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification Authority
More information13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.
Key distribution and certification Kerberos In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification
More informationSession 26 Backup/Restore and The Registry
Session 26 Backup/Restore and The Registry Nassau Community College ITE153 Operating Systems 1 Overview Set Up a Backup Five Types of Backup Volume Shadow Copy Best Practices The Registry Required: Windows
More informationFilesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
More informationProcesses and authentication
Processes and authentication UNIX process hierarchy ssh b146-* pstree -p less -S pstree -pu crandall lsof -p31009 nc -l 20202 & lsof -p31626 kill -9 31626 Process 1 Process 2 Process 3 System calls Kernel
More informationWindows Registry. Windows Registry. A Wealth of Evidence. What is the Registry? Some Evidence that Can Be Recovered. Registry History: Windows 3.
Windows Registry Windows Registry Week 3 Part 1 A great source of evidence and headaches What is the Registry? A Wealth of Evidence Collection of files that, together, form all the settings needed by applications
More informationPass-the-Hash Attacks
Pass-the-Hash Attacks Mgr. Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 Microsoft Advanced Threat Analytics PtH Attack
More informationPasswords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014
Passwords CSC 193 WAKE FOREST U N I V E R S I T Y Department of Computer Science Spring 2014 Unix Passwords In Unix, users are identified by user names Authenticated by passwords Therefore to login as
More informationUseful Hacking Series
Useful Hacking Series Welcome to the Useful Hacking Series, in this series of 20 Episodes our world-renowned penetration tester/international speaker will share with you the top useful tips used during
More informationGoals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack
Last Updated: Nov 7, 2017 Goals Understand UNIX pw system How it works How to attack Understand Lamport s hash and its vulnerabilities History of UNIX passwords Originally the actual passwords were stored
More informationWindows authentication methods and pitfalls
Windows authentication methods and pitfalls hashes and protocols vulnerabilities attacks 1996-2013 - P. Veríssimo All rights reserved. Reproduction only by permission 1 EXAMPLE: Windows authentication
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 2 was due before class Assignment 3 will be posted soon
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 3: UNIX Operating System Organization Tian Guo CICS, Umass Amherst 1 Reminders Assignment 2 is due THURSDAY 09/24 at 3:45 pm Directions are on the website
More informationM.C.A. (Sem.-lll) (CBCS) Examination November CCA-3003 Operating System and LinuxlUnix programming
IIMII 003-007303 M.C.A. (Sem.-lll) (CBCS) Examination November-20 13 CCA-3003 Operating System and LinuxlUnix programming Faculty Code: 003 Subject Code: 007303 Time: 2'/' Hoursl ITotal Marks: 70 I. Attempt
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationFilesystem Hierarchy and Permissions
2 and Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1 Multiuser and Server Operating System systems are commonly used as a multi-user system E.g. multiple
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationPassword retrieval. Mag. iur. Dr. techn. Michael Sonntag
Mag. iur. Dr. techn. Michael Sonntag Password retrieval E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology
More informationPre-Assessment Answers-1
Pre-Assessment Answers-1 0Pre-Assessment Answers Lesson 1 Pre-Assessment Questions 1. What is the name of a statistically unique number assigned to all users on a Windows 2000 system? a. A User Access
More informationLinux Kung-Fu. James Droste UBNetDef Fall 2016
Linux Kung-Fu James Droste UBNetDef Fall 2016 $ init 1 GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationPass-the-Hash Attacks. Michael Grafnetter
Pass-the-Hash Attacks Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 PtH History and Future 1988 Microsoft releases Lan
More informationCS 290 Host-based Security and Malware. Christopher Kruegel
CS 290 Host-based Security and Malware Christopher Kruegel chris@cs.ucsb.edu Windows Windows > 90 % of all computers run Windows when dealing with security issues, it is important to have (some) knowledge
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationwindows maurizio pizzonia roma tre university
windows maurizio pizzonia roma tre university 1 references M. Russinovich, D. A. Solomon Windows Internals: Including Windows Server 2008 and Windows Vista 5 th ed. Microsoft Press 2 architecture overview
More informationLinux Systems Administration Getting Started with Linux
Linux Systems Administration Getting Started with Linux Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationGNU/Linux: An Essential Guide for Students Undertaking BLOSSOM
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationWEEK 2.0. Any sufficiently advanced technology is indistinguishable from magic.
WEEK 2.0 Any sufficiently advanced technology is indistinguishable from magic. Recycler A recycle bin for each user Created upon file deletion Only for RB aware programs ie Office, not command line tools
More informationAttacking and Defending Active Directory July, 2017
Attacking and Defending Active Directory July, 2017 About: Adam Steed - @aboy 20 years of experience in IAM, working for financial, websites, and healthcare organizations Associate Director Protiviti Security
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationGetting Started with Linux
Getting Started with Linux For those with experience using Microsoft Windows there will be many familiar ways of operating in a Linux environment. There are also a few key differences. The main differences
More informationLinux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM. Nz Paper Linux and Web Application Security. Zeeshan Khan 4/15/2013
1 Linux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM Nz Paper Linux and Web Application Security Zeeshan Khan 4/15/2013 2 Abstract: As Passwords and other Linux Data play an important role
More informationA+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 11 Optimizing Windows
Chapter 11 Optimizing Windows Objectives Learn about Windows utilities and tools you can use to solve problems with Windows Learn how to optimize Windows to improve performance Learn how to manually remove
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 5 Windows Forensics II
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 5 Windows Forensics II Objectives After completing this chapter, you should be able to:
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationPost-Exploitation with WCE v1.2
Post-Exploitation with WCE v1.2 Pass-the-Hash. Pass-the-ticket & more Date: 01-07-2011 Author: Hernan Ochoa Windows Authentication h1 = LMHash( pwd1 ) h2 = NTHash( pwd1 ) SAM
More informationSECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System
SECURITY+ LAB SERIES Lab 3: Protocols and Default Network Ports Connecting to a Remote System Document Version: 2015-09-24 otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported
More informationHashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5
Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hash functions: Generates a unique short code from a large file Uses of hashes MD5, SHA1, SHA2, SHA3 Message Authentication
More informationExam4Free. Free valid exam questions and answers for certification exam prep
Exam4Free http://www.exam4free.com Free valid exam questions and answers for certification exam prep Exam : MA0-150 Title : McAfee Certified Assessment Specialist- UH Vendors : McAfee Version : DEMO Get
More informationUnix File System. Class Meeting 2. * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech
Unix File System Class Meeting 2 * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech Unix File System The file system is your interface to: physical
More informationLab Working with Linux Command Line
Introduction In this lab, you will use the Linux command line to manage files and folders and perform some basic administrative tasks. Recommended Equipment A computer with a Linux OS, either installed
More informationUnix Filesystem. January 26 th, 2004 Class Meeting 2
Unix Filesystem January 26 th, 2004 Class Meeting 2 * Notes adapted by Christian Allgood from previous work by other members of the CS faculty at Virginia Tech Unix Filesystem! The filesystem is your interface
More informationINTRODUCTION TO LINUX
INTRODUCTION TO LINUX REALLY SHORT HISTORY Before GNU/Linux there were DOS, MAC and UNIX. All systems were proprietary. The GNU project started in the early 80s by Richard Stallman Goal to make a free
More informationIntroduction of Linux
Introduction of Linux 阳 oslab2018_class1@163.com 寅 oslab2018_class2@163.com PART I Brief Introduction Basic Conceptions & Environment Install & Configure a Virtual Machine Basic Commands PART II Shell
More informationدوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting
Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators
More informationChapter-3. Introduction to Unix: Fundamental Commands
Chapter-3 Introduction to Unix: Fundamental Commands What You Will Learn The fundamental commands of the Unix operating system. Everything told for Unix here is applicable to the Linux operating system
More informationLinux Kung Fu. Ross Ventresca UBNetDef, Fall 2017
Linux Kung Fu Ross Ventresca UBNetDef, Fall 2017 GOTO: https://apps.ubnetdef.org/ What is Linux? Linux generally refers to a group of Unix-like free and open source operating system distributions built
More informationEmbedded Linux Systems. Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island
Embedded Linux Systems Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island Generic Embedded Systems Structure User Sensors ADC microcontroller
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationNational University of Computer and Emerging Sciences Operating System Lab - 02 Lab Manual
National University of Computer and Emerging Sciences Operating System Lab - 02 Lab Manual Objective This lab is all about running commands in Ubuntu Terminal and compiling C program in Ubuntu Table of
More informationHacking in the Attack Kill Chain
Hacking in the Attack Kill Chain Håkan Nohre, Consulting Systems Engineer, GIAC GPEN #9666, CISSP #76731 Erkan Djafer, Consulting Systems Engineer, CISSP #535930 Chung-wai Lee, Cyber Security Partner Account
More informationChapter 9: File System Interface
Chapter 9: File System Interface File System Interface File Concept Computers store information on different [physical] media Flash Drives, Magnetic disk, Optical Disks, Magnetic Tapes OS provides a uniform
More informationComputers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady
Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day
More informationOperating Systems Linux 1-2 Measurements Background material
Operating Systems Linux 1-2 Measurements Background material Introduction The Linux measurements were designed to allow you to have an impression about the administration of Linux severs along with providing
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Lab Setup AJLAB.COM: 2 Domain
More informationCS-630: Cyber and Network Security
CS-630: Cyber and Network Security Lecture # 6: Digital Signatures and Authentication Prof. Dr. Sfi Sufian Hameed Department of Computer Science Authentication Overview Authentication Passwords Secure
More informationBPPM Patrol Agent Installation Steps on Linux and Automation Integration
BPPM Patrol Agent Installation Steps on Linux and Automation Integration Author: Karlis Peterson, Software Consultant, BMC Software Version: 1.0 Date: May 12, 2013 DISCLAIMER NOTICE This is Field Developed
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationExam Questions MA0-150
Exam Questions MA0-150 McAfee Certified Assessment Specialist- UH https://www.2passeasy.com/dumps/ma0-150/ 1.An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 7 Application Password Crackers
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 7 Application Password Crackers Objectives After completing this chapter, you should be
More informationPerl and R Scripting for Biologists
Perl and R Scripting for Biologists Lukas Mueller PLBR 4092 Course overview Linux basics (today) Linux advanced (Aure, next week) Why Linux? Free open source operating system based on UNIX specifications
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More information