U.S. Government Configuration Baseline (USGCB) 2011 Wayne M Burke Sequrit CSi All rights reserved

Similar documents
ISDP 2018 Industry Skill Development Program In association with

Ethical Hacking and Prevention

COMP2330 Data Communications and Networking

Decision Computer Group

Agenda. 1 Intelligent Communications. 2 Considerations. 3 Partner Approach, Tools & Resources. 4 Partner Guidance & Checklist

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7

Reverse Engineering Swift Apps. Michael Gianarakis Rootcon X 2016

Evaluating Website Security with Penetration Testing Methodology

MAKE WI-FI HACKING ON SMARTPHONES GREAT AGAIN! Daniel Wegemer and Matthias Schulz

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams

CPTE: Certified Penetration Testing Engineer

DIS10.2. DIS10.2:Advanced Penetration Testing and Security Analyst Certification. Online Training Classroom Training Workshops Seminars

Building Payloads Tutorial

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

Towards Effective Cybersecurity for Modular, Open Architecture Satellite Systems

Team: XeroDual. EEL 4924 Electrical Engineering Design. Final Report 3 August Project Ehrgeiz. Team Name: XeroDual

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

I luvz hacking challenges sites - do you?

Sagem Orga Strong, Global, Innovative.

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Integrated Software Environment. Part 2

Introducing an almost reliable UDP protocol: The Keyed UDP

CNIT 121: Computer Forensics. 9 Network Evidence

During security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.

1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

USB-C to Gigabit Network Adapter

CTF Workshop. Crim Synopsys, Inc. 1

Chapter 1 Introduction to Computers

Hackveda Training - Ethical Hacking, Networking & Security

HITB Amsterdam

By: Kim Schroeder. Lecturer SLIS WSU A Presentation to the NDSA and SAA Wayne State University Student Groups

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Security Concerns in Automotive Systems. James Martin

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

Prerequisite Competencies for NCC 210: Information Security Fundamentals Course

Chapter 1 Introduction to Computers

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

CSC 4992 Cyber Security Practice

ACR1281U-C2. Card UID Reader. Reference Manual Subject to change without prior notice.

DIS10.1 Ethical Hacking and Countermeasures

Contents User Guide... 1 Overview... 1 Create a New Report... 3 Create Report... 3 Select Devices... 3 Report Generation... 4 Your Audit Report...

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

STATE BROADBAND ACTION PLAN MAY 2015 Nevada Economic Development Conference PREPARED BY CONNECT NEVADA AND THE NEVADA BROADBAND TASK FORCE

Moving Data on the Edge. The fastest & most reliable way to transfer files

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space

Lab 4: Metasploit Framework

Pineapple Analysis July 15, For Educational Purposes Only

Chapter 4 After Incident Detection


Distributed Software Applications

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

NEW JERSEY INSTITUTE OF TECHNOLOGY. Initiation of Cyber Defense Option. for the Master of Science in

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

Fundamentals of Network Intrusion Analysis. Malicious Code Analysis Lab 1 Introduction to Malware Analysis

Security Challenges and

Information Governance, the Next Evolution of Privacy and Security

Virtualization Practices: Providing a Complete Virtual Solution in a Box

Online Intensive Ethical Hacking Training

Lecture 2 Operating System Structures (chapter 2)

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Healthcare Security Success Story

CSE 461: Computer Networks John Zahorjan Justin Chan Rajalakshmi Nandkumar CJ Park

GSLC. GIAC Security Leadership.

Course 831 Certified Ethical Hacker v9

Malware

CITI PROGRAM NEW LEARNER ACCOUNT REGISTRATION

CND Exam Blueprint v2.0

Penetration Testing with Kali Linux

Mobile Computing and Storage Devices Security Workshop. Mobile Computing and Storage Device Security. Today s Plan. Why Bother?

LECTURE WK4 NETWORKING

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Career Paths In Cybersecurity

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Application Brief. Using the Total Phase CAN/I2C Activity Board Pro as an I2C- to- CAN Translator Application Brief by Rick Bogart

Download Thomson dcm425 driver usb cable modem

USB Capture Plus User Manual

SISTEM INFORMASI. Oleh Iwan Sidharta, MM STMIK Mardira Indonesia, Bandung NFORMASI

Reverse Engineering with IDA Pro. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Tanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018

USB-BASED 8-CHANNEL DATA ACQUISITION MODULE

Thailand Initiatives and Challenges in Cyber Terrorism

How To Guide on JPerf and IPerf

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Title DC Automation: It s a MARVEL!

What is VPAT 2.0 Joe Humbert

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

Healthcare Independent Health Jeremy Walczak

1. Arista 7124s Switch Report

Indicate whether the statement is true or false.

Multi ARCH Firmware Emulation

Transcription:

Target >> U.S. Government Configuration Baseline (USGCB)

>> 2010 Series << Miami Singapore Malaysia Egypt Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security. - John Allen Paulos

What keeps me busy: My soccer team 4 girls + 1 boy in the oven Assessments / Pen Tests Digital Forensics Mobile Device Focused Personal Digital Protection Services Hunting down the spyware Eradicating the zeros and ones Sharing my knowledge through education EC Council

In the news:

Redacted for public release

U.S. Government Configuration Baseline (USGCB) Formerly known as the Federal Desktop Core Configuration (FDCC), continues to be one of the most successful IT programs in the federal government to help increase security, reduce costs, and accelerate the adoption of new technologies, while creating a more managed desktop environment. http://www.microsoft.com/industry/government/solutions/fdcc/

Resource Downloads: http://www.microsoft.com/industry/government/solutions/fdcc/ U.S. Government Configuration Baseline (USGCB)

More Resource s http://usgcb.nist.gov/usgcb/microsoft/download_win7.html U.S. Government Configuration Baseline (USGCB)

Target Scope > U.S. Government Configuration Baseline USGCB 1) Direct Server Hacks 2) Indirect Server Hacks 3) Client Side Hacks 4) Social Engineering

Opportunity right

Money???

Synopsis: 1. Recon your target: Digital Recon Tailgate High Tech 2. Load your weapons: DSE Physical Drop 3. Get your shell on.

SET initiates Metasploit payload listener and wait for a connection Note 443

GAME OVER:

SET Adds: TeensyUSB Development Board USB: Raw HID If you want to create a custom application, Raw HID is simple way to send 64 byte packets between your code on the Teensy and your application on the PC or Mac. HID works automatically with built-in drivers in Linux, Mac OS X and Windows, so users will not need to load any drivers. Your application can detect your Teensy running your customized Raw HID, so to the user everything "just works" automatically. You can send up to 1000 packets per second in each direction. The USB host controller will reserve USB bandwidth. You are not required send all packets, but if you do, you are guaranteed to be able to transmit the number of packets per second your code specifies, even when other USB devices are active. http://www.pjrc.com/teensy/rawhid.html

Gumstix 101 http://www.gumstix.com/

Testing your payloads http://www.sunbeltsoftware.com

Testing your payloads http://mwanalysis.org/?site=1&page=submit

Testing your payloads http://www.validedge.com/malware-analysis-system.php

Testing your payloads - FREE http://zerowine.sourceforge.net/ Running the virtual machine with QEMU

Manual Testing tools: Hex Editors Disassembler - IDA Pro Debugger - Ollydbg Search Engine

Trace, Analysis and Apprehend: www.justice.gov/criminal/cybercrime/forensics_chart.pdf

www.cybercrime.gov

Wayne Burke: wburke@sequrit.org

http://www.social-engineering.org http://www.metasploit.org http://www.secmaniac.com http://www.backtrack-linux.org http://www.caine-live.net

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback