[Year : 2004] [Size : 18.0 MB] [Format : PDF] [Pages : 849]
Authors
SUSAN YOUNG AND DAVE AITEL
The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks
Line of Contents
Authors
SUSAN YOUNG AND DAVE AITEL
The Hacker’s Handbook The Strategy behind Breaking into and Defending Networks
Line of Contents
- 1 Introduction: The Chess Game
- Book Structure
- Chapter 2. Case Study in Subversion
- Chapter 3. Know Your Opponent
- Chapter 4. Anatomy of an Attack
- Chapter 5. Your Defensive Arsenal
- Chapter 6. Programming
- Chapter 7. IP and Layer 2 Protocols
- Chapter 8. The Protocols
- Chapter 9. Domain Name System (DNS)
- Chapter 10. Directory Services
- Chapter 11. Simple Mail Transfer Protocol (SMTP)
- Chapter 12. Hypertext Transfer Protocol (HTTP)
- Chapter 13. Database Hacking
- Chapter 14. Malware and Viruses
- Chapter 15. Network Hardware
- Chapter 16. Consolidating Gains
- Chapter 17. After the Fall
- Chapter 18. Conclusion
- PART I FOUNDATION MATERIAL
- 2 Case Study in Subversion
- Dalmedica
- The Dilemma
- The Investigation
- Notes
- 3 Know Your Opponent
- Terminology
- Script Kiddy
- Cracker
- White Hat Hacker
- Black Hat Hacker
- Hacktivism
- Professional Attackers
- History
- Computer Industry and Campus
- System Administration
- Home Computers
- Home Computers: Commercial Software
- Home Computers: The BBS
- Phone Systems
- Ethics and Full Disclosure
- Opponents Inside
- The Hostile Insider
- Corporate Politics
- Conclusion
- Notes
- 4 Anatomy of an Attack
- Overview
- Reconnaissance
- Social Engineering and Site Reconnaissance
- Internet Reconnaissance
- Internet Search Engines and Usenet Tools
- Financial Search Tools, Directories, Yellow Pages,
- and Other Sources
- IP and Network Reconnaissance
- Registrar and whois Searches
- Network Registrar Searches (ARIN)
- DNS Reconnaissance
- Mapping Targets
- War Dialing
- Network Mapping (ICMP)
- ICMP Queries
- TCP Pings: An Alternative to ICMP
- Traceroute
- Additional Network Mapping Tools
- Port Scanning
- TCP and UDP Scanning
- Banner Grabbing
- Packet Fragmentation Options
- Decoy Scanning Capabilities
- Ident Scanning
- FTP Bounce Scanning
- Source Port Scanning
- Stack Fingerprinting Techniques
- Vulnerability Scanning (Network-Based OS
- and Application Interrogation)
- Researching and Probing Vulnerabilities
- System/Network Penetration
- Account (Password) Cracking
- Application Attacks
- Cache Exploits
- File System Hacking
- Hostile and Self-Replicating Code
- Programming Tactics
- Process Manipulation
- Shell Hacking
- Session Hijacking
- Spoofing
- State-Based Attacks
- Traffic Capture (Sniffing)
- Trust Relationship Exploitation
- Denial-of-Service
- Consolidation
- Security
- Notes
- References
- Texts
- Web References
- 5 Your Defensive Arsenal
- The Defensive Arsenal
- Access Controls
- Network Access Controls (Firewalls)
- State Management Attacks on Firewalls
- Firewall Ruleset and Packet Filter Reconnaissance
- IP Spoofing to Circumvent Network Access Controls
- Denial-of-Service
- Packet Fragmentation Attacks
- Application Level Attacks
- System Access Controls
- Host-Based Firewalls
- Operating System Access Controls
- and Privilege Management
- Authentication
- IP Authentication
- Password Authentication
- Account/Password Cracking
- Eavesdropping Attacks
- Password Guessing Attacks
- Token-Based Authentication
- Session Authentication
- Session Authentication Scheme Cracking
- Generation of Counterfeit Session Auth Credentials
- Session ID Brute-Forcing
- Session Auth Eavesdropping
- Session Auth/ID Stealing or “Hijacking”
- Client Session/ID Theft
- Cryptographic (Key-Based) Authentication
- Key Transfer and Key Management Vulnerabilities
- Key Transfer Vulnerabilities
- Key Management Vulnerabilities
- (Public Key Infrastructure)
- Key Binding and Impersonation Vulnerabilities
- Dictionary and Brute-Force Attacks
- against Weak Secrets
- Centralized Authentication Servers
- RADIUS
- TACACS
- Kerberos
- Human Authentication (Biometrics)
- Resource Controls
- Nonrepudiation
- Digital Signatures (and Digital Certificates)
- Privacy
- Virtual Private Network (VPN)
- Session and Protocol Encryption
- Secure Sockets Layer (SSL)
- Certificate and Impersonation Attacks (SSL)
- Cryptographic Weaknesses (SSL)
- Attacks against the Handshake Protocol (SSL)
- SSL Man-in-the-Middle Attacks
- Man-in-the-Middle Attack Version Rollback (SSL)
- Viruses, Worms, and other Application Issues (SSL)
- Secure Shell (SSH)
- File System Encryption
- Intrusion Detection
- Network-Based and Host-Based IDS
- Anomaly-Based (Behavior-Based) IDS
- Signature-Based (Knowledge-Based) IDS
- IDS Hacking Exploits
- Address Spoofing or Proxying
- Attacking the IDS
- Denial-of-Service
- Instigating Active Events
- Nondefault Evasion and Pattern Change Evasion
- Packet Fragmentation and “Session Splicing”
- Port Scan Evasion
- TCP Session Synchronization Attacks
- URL Encoding (Unicode and Hex Attacks)
- Web Evasion Techniques
- File System Integrity Checkers
- Security Information Management
- Data Integrity
- Application Proxies
- Content Assurance (Antivirus, Content Scanning)
- Notes
- References
- Texts
- Web References
- 6 Programming
- Languages
- Speed and Security Trade-Offs
- Native Compiled Code: C/C++/Assembly
- Bytecode/Just in Time Compiled Code
- (“Managed” Code): C#/Java
- Interpreted (Usually Compiled into Byte Codes
- at Runtime): Perl, Python (Scripting Languages),
- PHP, Visual Basic, .ASP, Lisp, JSP (Web Languages)
- Language-Specific Flaws and Strategic Ways to Protect
- against Them
- The Basics of Buffer Overflows and Other Memory
- Allocation Errors
- History
- Basic Stack Overflows
- Options for the Hacker after a Stack Overflow
- So What Is a Stack Canary?
- Heap Overflows
- Format String Bugs
- Integer Overflows
- Signal Races on UNIX
- What Is Shellcode?
- Interpreter Bugs
- File Name Canonicalization
- Logic Error War Stories
- Platform-Specific Programming Security Issues
- Windows NT Compared to UNIX
- Types of Applications
- Web Applications
- Cross-Site Scripting Vulnerabilities
- Java J2EE
- Traditional ASP Net
- LAMP
- Remote Procedure Calling
- Creating an RPC Program
- Special Cases
- Setuid Applications on UNIX
- DCOM Services
- Auditing Techniques
- Tools That Aid Source Auditing
- Tools That Aid Reverse Engineering
- Fuzzing Audit Tools
- Web Security Audit Tools
- General Security Tools
- Encryption and Authentication
- Layered Defenses
- Platform-Specific Defenses (Security through Security
- and Security through Obscurity)
- Nonexecutable Stack
- Using a Different Platform Than Expected
- File System User Access Controls
- Process Logging
- The Insider Problem, Backdoors, and Logic Bombs
- Buying an Application Assessment
- Conclusion
- References
- 7 IP and Layer 2 Protocols
- Layer 2 Protocols
- Address Resolution Protocol (ARP)
- Protocol
- Hacking Exploits
- Security (Mapping ARP Exploits to ARP Defenses)
- Static ARP Entries on Internet Gateways
- and Firewalls
- Network Management
- ARP Monitoring
- Port-Level Security
- Reverse Address Resolution Protocol (RARP)
- Protocol
- Hacking Exploits
- Security (Defenses for RARP-Related Attacks:
- DHCP, BOOTP)
- Assignment of Static IP Addresses to Clients
- Use of DHCP/BOOTP MAC Controls
- ARP Monitoring
- Port-Level Security
- Layer 3 Protocols
- IP Protocol
- Protocol
- Hacking Exploits
- IP Eavesdropping (Packet Sniffing)
- IP Spoofing
- IP Session Hijacking (Man-in-the-Middle Attacks)
- IP Packet Fragmentation Attacks
- ICMP-Based Fragmentation Attacks
- Tiny Fragment Attacks
- Overlapping Fragment Attacks
- IP Covert Tunneling
- Security (Mapping IP Exploits to IP Defenses)
- Tools and Techniques to Detect Promiscuous
- Mode Packet Sniffers
- System Audits to Identify NICs
- in Promiscuous Mode
- System Hardening Procedures
- to Inhibit Sniffer Installation
- Inspection of Systems for Signs
- of Rootkit Compromise
- Institution of Switched Network
- Institution of ARP Monitoring
- Institution of Traffic Encryption
- Implementation of Strong Authentication
- Institution of Spoof Protection at Firewalls
- and Access Control Devices
- Patch TCP/IP Implementations
- Deny Source Routing at Gateways and Firewalls
- Deny ICMP Redirects at Gateways and Firewalls
- Deter the Use of IP Addresses for Authentication
- or Construction of Trust Relationships
- Implement ARP Controls
- Monitor Network Traffic Using Network
- and Host-based IDS
- Restrict ICMP Traffic into and out of
- a Protected Network
- Patch Firewalls and Intrusion Detection Systems
- against Packet Fragmentation Attacks
- Notes
- References
- Texts
- Request for Comments (RFCs)
- White Papers and Web References
- 8 The Protocols
- Layer 3 Protocols
- Internet Control Message Protocol (ICMP)
- Protocol
- Hacking Exploits
- ICMP-Based Denial-of-Service
- ICMP Network Reconnaissance
- ICMP Time Exceeded
- ICMP Access Control Enumeration
- ICMP Stack Fingerprinting
- ICMP Covert Tunneling
- Security
- Deny ICMP Broadcasts
- Network Controls against ICMP Packet Flooding
- IP Spoofing Defenses
- Patch TCP/IP Implementations against
- ICMP Denial-of-Service and ICMP Typing
- Monitor Network Traffic Using Network and
- Host-Based Intrusion Detection Systems (IDSs)
- Restriction of Specific ICMP Message Types
- Monitor ICMP Activity at Firewalls
- and Intrusion Detection Systems
- Layer 4 Protocols
- Transmission Control Protocol (TCP)
- Protocol
- Hacking Exploits
- Covert TCP
- TCP Denial-of-Service
- TCP Sequence Number Prediction
- (TCP Spoofing and Session Hijacking)
- TCP Stack Fingerprinting
- TCP State-Based Attacks
- Security
- Network Controls against TCP Packet Flooding
- IP Spoofing Defenses
- Patch TCP/IP Implementations against TCP
- Denial-of-Service, TCP Stack Fingerprinting,
- and TCP Sequence Number Prediction
- Monitor Network Traffic Using Network
- and Host-Based IDS Systems
- Activation of SYN Flood Protection on Firewalls
- and Perimeter Gateways
- Implement Stateful Firewalling
- User Datagram Protocol (UDP)
- Protocol
- Hacking Exploits
- Covert UDP
- UDP Denial-of-Service
- UDP Packet Inspection Vulnerabilities
- Security
- Disable Unnecessary UDP Services
- Network Controls against UDP Packet Flooding
- IP Spoofing Defenses
- Patch TCP/IP Implementations against UDP
- Denial-of-Service
- Monitor Network Traffic Using Networkand
- Host-Based IDS Systems
- Implement Stateful Firewalling
- Notes
- References
- Texts
- Request for Comments (RFCs)
- White Papers and Web References
- PART II SYSTEM AND NETWORK PENETRATION
- 9 Domain Name System (DNS)
- The DNS Protocol
- DNS Protocol and Packet Constructs
- (Packet Data Hacking)
- DNS Vulnerabilities
- DNS Exploits and DNS Hacking
- Protocol-Based Hacking
- Reconnaissance
- DNS Registration Information
- Name Server Information
- IP Address and Network Topology Data
- Information on Key Application Servers
- Protocol-Based Denial-of-Service
- Dynamic DNS (DDNS) Hacking
- Application-Based Attacks
- Buffer Overflows (Privileged Server Access,
- Denial-of-Service)
- Exploiting the DNS Trust Model
- DNS Registration Attacks
- DNS Spoofing
- Cache Poisoning
- DNS Hijacking
- DNS Security and Controls
- Mapping Exploits to Defenses
- Defensive Strategy
- Configuration Audit and Verification Tools
- DDNS Security
- Name Server Redundancy
- DNSSEC: Authentication and Encryption of DNS Data
- Name Server Software Upgrade(s)
- Network and Name Server Monitoring
- and Intrusion Detection
- Berkeley Internet Name Daemon (BIND)
- Logging Controls
- Microsoft Windows 2000 DNS Logging Controls
- Patches and Service Packs
- Server-Side Access Controls
- Split-Level DNS Topologies (and DNS Proxying)
- Split-Level DNS Topology
- System and Service Hardening
- Notes
- References
- Texts
- Request for Comments (RFCs)
- Mailing Lists and Newsgroups
- Web References
- 10 Directory Services
- What Is a Directory Service?
- Components of a Directory
- Schema
- Leaf Object
- Container Object
- Namespace
- Directory Information Tree
- Directory Information Base (DIB)
- Directory Features
- Directory Security
- Single Sign On
- Uses for Directory Systems
- Directory-Enabled Networking
- Linked Provisioning
- Global Directory
- Public Key Infrastructure
- Directory Models
- Physical vs. Logical
- Flat vs. Hierarchical
- X.500 Directory
- X.500 Schema
- X.500 Partitions
- X.500 Objects and Naming
- A Word about Aliases
- X.500 Back-End Processes
- Directory Information Tree
- Directory Information Base
- Replication
- Agents and Protocols
- X.500 Directory Access
- X.500 Security
- Authentication
- Simple Authentication
- Strong Authentication
- Access Control
- Rights
- Summary
- Lightweight Directory Access Protocol (LDAP)
- LDAP Schema
- LDAP Partitions
- LDAP Objects and Naming
- LDAP Queries
- LDAP Data Interchange Format (LDIF)
- LDAP Security
- Authentication
- Anonymous Access
- Simple Authentication
- Simple Authentication with Secure Sockets
- Layer (SSL)/Transport Layer Security (TLS)
- Simple Authentication and Security Layer (SASL)
- Access Control
- Summary
- Active Directory
- Windows NT
- Windows 2000 Schema
- Windows 2000 Partitions
- Windows 2000 Objects and Naming
- The Domain
- The Tree
- The Forest
- The Forest Root Domain
- Naming Standards and Resolution in Windows 2000
- Active Directory Back-End Processes
- The Directory Information Base (DIB)
- Replication
- The Global Catalog
- Windows 2000 Security
- Authentication
- Kerberos
- NTLM
- Access Control
- Exploiting LDAP
- Sun ONE Directory Server 5.1
- Microsoft Active Directory
- Summary
- Future Directions
- Further Reading
- 11 Simple Mail Transfer Protocol (SMTP)
- The SMTP Protocol
- SMTP Protocol and Packet Constructs
- (Packet Data Hacking)
- SMTP Vulnerabilities
- SMTP Protocol Commands and Protocol Extensions
- Protocol Commands
- Protocol Extensions
- SMTP Exploits and SMTP Hacking
- SMTP Protocol Attacks
- Account Cracking
- Eavesdropping and Reconnaissance
- ESMTP and Command Set Vulnerabilities
- Protocol-Based Denial-of-Service
- Mail Bombing
- Mail Spamming
- Man-in-the-Middle Attacks
- Application-Based Attacks
- Malicious Content (MIME Attacks)
- Buffer Overflows (Privileged Server Access)
- Worms and Automated Attack Tools
- Application-Based Denial-of-Service
- Attacks on the Mail Trust Model
- Mail Spoofing
- Identity Impersonation
- Attacks on Data Integrity
- Delivery Status Notification Manipulation
- SMTP Security and Controls
- Mapping Exploits to Defenses
- Defensive Strategy
- Antispam/Antirelay Controls
- Antivirus and Content Scanning
- Client-Side Access Controls
- Content or Code Signing
- Delivery Status Notification Controls
- Disable Vulnerable ESMTP and SMTP Commands
- Disable Vulnerable MIME Types
- Network and SMTP Server Monitoring,
- Intrusion Detection
- Patches and Service Packs
- Separation of SMTP and Intranet Account Databases
- Server-Side Access Controls
- Server Redundancy
- SMTP Header Stripping and Parsing
- SMTP Source Routing Controls
- Split SMTP Topology
- System and Service Hardening
- Transport Layer Security, Secure Socket
- Layer Security
- Notes
- References
- Texts
- Request for Comments (RFCs)
- White Papers and Web References
- 12 Hypertext Transfer Protocol (HTTP)
- The HTTP Protocol
- HTTP Protocol and Packet Constructs
- (Packet Data Hacking)
- HTTP Vulnerabilities
- HTTP Protocol Methods (and Associated Vulnerabilities)
- HTTP Exploits and HTTP Hacking
- HTTP Protocol Attacks
- Eavesdropping and Reconnaissance
- Account Cracking
- Basic Access Authentication
- Digest Access Authentication
- HTTP Method Vulnerabilities
- Content Vulnerabilities
- Caching Exploits
- Cache Poisoning
- Man-in-the-Middle Attacks
- Unauthorized Retrieval of Cache Data
- and Cache Monitoring
- Denial-of-Service
- Protocol-Based Denial-of-Service
- Application-Based Attacks
- Buffer Overflows (Privileged Server Access,
- Denial-of-Service)
- Directory Traversal Attacks
- Application-Based Denial-of-Service
- Attacks on the HTTP Trust Model
- State-Based Attacks (Session ID Hacking)
- HTTP Spoofing/HTTP Redirection
- Man-in-the-Middle Attacks (Session Hijacking)
- HTTP Security and Controls
- Mapping Exploits to Defenses
- Defensive Strategy
- Caching Controls and Cache Redundancy
- Disable Vulnerable HTTP Methods
- HTTP Header Stripping
- Implementation of HTTP Digest
- Access Authentication
- Load Balancing and Server Redundancy
- Network and HTTP Server Monitoring,
- Intrusion Detection
- Patches and Service Packs
- Security for Financial Transactions
- Server-Side Access Controls
- System and Service Hardening
- Transport Layer Security or Secure Socket
- Layer Security
- Notes
- References
- Texts
- Request for Comments (RFCs)
- Web References
- 13 Database Hacking and Security
- Introduction
- Enumeration of Weaknesses
- SQL Injection
- Introduction
- Phases of SQL Injection
- Hacking Microsoft SQL Server
- Overflows in Microsoft SQL Server
- You Had Me at Hello
- SQL Server Resolver Service Stack Overflow
- Microsoft SQL Server Postauth Vulnerabilities
- Microsoft SQL Server SQL Injection
- A Note on Attacking Cold Fusion Web Applications
- Default Accounts and Configurations
- Hacking Oracle
- Buffer Overflows in Oracle Servers
- SQL Injection on Oracle
- Default User Accounts
- Tools and Services for Oracle Assessments
- Other Databases
- Connecting Backwards
- Demonstration and Examples
- Phase 1. Discovery
- Phase 2. Reverse Engineering the Vulnerable Application
- Phase 3. Getting the Results of Arbitrary Queries
- Conclusions
- 14 Malware and Viruses
- Ethics Again
- Target Platforms
- Script Malware
- Learning Script Virus Basics with Anna Kournikova
- Binary Viruses
- Binary File Viruses
- Binary Boot Viruses
- Hybrids
- Binary Worms
- Worst to Come
- Adware Infections
- Conclusion
- Notes
- 15 Network Hardware
- Overview
- Network Infrastructure
- Routers
- Switches
- Load-Balancing Devices
- Remote Access Devices
- Wireless Technologies
- Network Infrastructure Exploits and Hacking
- Device Policy Attacks
- Installation Policy
- Acceptable Use Policy
- Access Policy
- Configuration Storage Policy
- Patch or Update Policy
- Denial-of-Service
- Device Obliteration
- Configuration Removal or Modification
- Sending Crafted Requests
- Physical Device Theft
- Environmental Control Modification
- Resource Expenditure
- Diagnostic Port Attack
- Sequence (SYN) Attack
- Land Attack
- Bandwidth Expenditure
- Broadcast (Smurf) Attacks
- Other ICMP-Related Attacks
- Redirects
- ICMP Router Discovery Protocol (IDRP) Attack
- Ping O’Death
- Squelch
- Fragmented ICMP
- Network Mapping Exploits
- Ping
- Traceroute
- Broadcast Packets
- Information Theft
- Network Sniffing
- Hijacking Attacks
- Spoofing
- Address Spoofing
- TCP Sequence Attacks
- Media Access (MAC) Address Exploits
- Password or Configuration Exploits
- Default Passwords or Configurations
- No Passwords
- Weak Passwords
- Dictionary Password Attacks
- Brute-Force Attacks
- Logging Attacks
- Log Modification
- Log Deletion
- Log Rerouting
- Spoofed Event Management
- Network Ports and Protocols Exploits and Attacks
- Telnet
- BOOTP
- Finger
- Small Services
- Device Management Attacks
- Authentication
- Console Access
- Modem Access (AUX)
- Management Protocols
- Web (HTTP[S])
- Telnet
- SSH (Version 1)
- TFTP
- SNMP
- Device Configuration Security Attacks
- Passwords
- Remote Loading (Network Loads)
- Router-Specific Exploits
- Routing Protocol Attacks
- Authentication
- IRDP Attacks
- Cisco Discovery Protocol (CDP)
- Classless Routing
- Source Routing
- Route Table Attacks
- Modification
- Poisoning
- ARP Table Attacks
- Modification
- Poisoning
- Man-in-the-Middle Attack
- Access-Control Lists Attacks
- Switch-Specific Exploits
- ARP Table
- Modification
- Poisoning
- Man-in-the-Middle Attack
- Media Access (MAC) Address Exploits
- Changing a Host’s MAC
- Duplicate MAC Addresses
- Load-Balancing Device — Specific Exploits
- Remote Access Device — Specific Exploits
- Weak User Authentication
- Same Account and Login Multiple Devices
- Shared Login Credentials
- Home User System Exploitation
- Wireless Technology — Specific Exploits
- Interception and Monitoring
- Jamming
- Insertion
- Rogue Access Points
- Unauthorized Clients
- Client-to-Client Attacks
- Media Access (MAC) Address
- Duplicate IP Address
- Improper Access Point Configuration
- Service Set Identifier (SSID)
- Default SSID
- SSID Broadcasting
- Wired Equivalent Privacy (WEP) Exploits
- Network Infrastructure Security and Controls
- Defensive Strategy
- Routing Protocol Security Options
- Management Security Options
- Operating System Hardening Options
- Protecting Running Services
- Hardening of the Box
- Explicitly Shut Down All Unused Interfaces
- Limit or Disable In-Band Access (via Telnet,
- SSH, SNMP, Etc.)
- Reset All Default Passwords
- Use Encrypted Passwords
- Use Remote AAA Authentication
- Use Access Lists to Protect Terminal, SNMP,
- TFTP Ports
- Remote Login (Telnet) Service
- SNMP Service
- Routing Services
- Limit Use of SNMP
- Limit Use of Internal Web Servers Used
- for Configuration
- Disable Cisco Discovery Protocol (CDP)
- on Cisco Gear Outside of the Firewall
- Do Not Leak Info in Banners
- Keep Up-to-Date on Security Fixes for
- Your Network Infrastructure Devices
- DoS and Packet Flooding Controls
- Use IP Address Spoofing Controls
- Watch for Traffic Where the Source
- and Destination Addresses Are the Same
- Enforce Minimum Fragment Size to Protect
- against Tiny Fragment Attack, Overlapping
- Fragment Attack, and Teardrop Attack
- Disable IP Unreachables on External Interfaces
- Disable ICMP Redirects on External Interfaces
- Disable Proxy ARP
- Disable IP Directed Broadcasts (SMURF Attacks)
- Disable Small Services (No Service Small-Servers
- UDP and No Service Small-Servers TCP)
- Disable IP Source Routing (No IP Source-Route)
- Use Traffic Shaping (Committed Access Rate)
- Tools
- Configuration Audit and Verification Tools
- Wireless Network Controls
- Notes
- References
- Tools
- Request for Comments (RFCs)
- White Paper
- Web References
- PART III CONSOLIDATION
- 16 Consolidating Gains
- Overview
- Consolidation (OS and Network Facilities)
- Account and Privilege Management Facilities
- Account Cracking
- SMBCapture
- Active Directory Privilege Reconnaissance
- and Hacking
- Built-In/Default Accounts, Groups,
- and Associated Privileges
- Finger Service Reconnaissance
- Kerberos Hacking and Account Appropriation
- Keystroke Logging
- LDAP Hacking and LDAP Reconnaissance
- Polling the Account Database
- Social Engineering
- Trojanized Login Programs
- File System and I/O Resources
- File System and Object Privilege Identification
- File System (Operating System) Hacking
- File Sharing Exploits
- NFS (IP) Spoofing
- SMBRelay
- File Handle/File Descriptor Hacking
- File System Device and I/O Hacking
- File System Exploitation through
- Application Vulnerabilities
- Application-Based File System Hacking
- Extended File System Functionality
- and File System Hacking
- Service and Process Management Facilities
- Processes, Services, and Privilege Identification
- Starting/Stopping Services and Executing
- with Specific Privileges
- API, Operating System, and Application
- Vulnerabilities
- Buffer Overflows, Format String,
- and Other Application Attacks
- Debugging Processes and Memory Manipulation
- Inter-Process Communication (IPC), Named Pipe,
- and Named Socket Hacking
- Devices and Device Management Facilities
- Devices and Device Management Hacking
- Keystroke Logging
- Packet Sniffing
- Libraries and Shared Libraries
- Library (and Shared Library) Hacking
- Shell Access and Command Line Facilities
- Shell Hacking
- Registry Facilities (NT/2000)
- Registry Hacking
- Client Software
- Client Software Appropriation
- Listeners and Network Services
- Account/Privilege Appropriation via
- a Vulnerable Network Service
- NetBIOS/SMB Reconnaissance
- Network Information Service (NIS) Reconnaissance
- NIS Hacking
- SNMP Reconnaissance
- Network Trust Relationships
- Account Cracking
- IP Spoofing
- Token Capture and Impersonation
- Application/Executable Environment
- Consolidation (Foreign Code)
- Trojans
- Backdoors (and Trojan Backdoors)
- Backdoor Listeners
- Backdoor Applications
- Rootkits
- Kernel-Level Rootkits
- Security
- Mapping Exploits to Defenses
- Notes
- References and System Hardening References
- Texts
- Web References
- System Hardening References
- Windows NT/2000
- UNIX Platforms
- 17 After the Fall
- Logging, Auditing, and IDS Evasion
- Logging and Auditing Evasion
- Windows NT/2000 Logging/Auditing Evasion
- IP Spoofing
- Account Masquerading
- Deletion/Modification of Log File Entries
- Deletion of Log Files
- Disabling Logging
- Controlling What Is Logged
- Manipulation of Audit Options
- Deletion or Update of Audit Files
- UNIX Platforms
- UNIX Logging/Auditing Evasion
- IP Spoofing
- Account Masquerading
- Deletion/Modification of Log File Entries
- Deletion of Log Files
- Disabling Log Files
- Controlling What Is Logged
- Manipulation of Audit and Accounting Options
- Deletion or Update of Audit Files
- Routers (Cisco)
- AAA Protocols (RADIUS, TACACS)
- Centralized Logging Solutions (Syslog)
- IP Spoofing
- Account Masquerading
- Deletion/Modification of Log File Entries
- Deletion of Log Files
- Disabling Log Files
- Controlling What Is Logged
- IDS Evasion
- Forensics Evasion
- Environment Sanitization
- Sanitizing History Files
- Sanitizing Cache Files
- File Hiding and File System Manipulation
- Operating System File Hiding Techniques
- Alternate Data Streams (NT/2000/XP)
- Steganography
- Cryptography
- Covert Network Activities
- Covert TCP
- “Normalizing” Traffic (Covert Shells)
- ICMP Covert Tunneling
- Investigative, Forensics, and Security Controls
- Mapping Exploits to Defenses
- Centralized Logging and Archival of Log File Data
- Centralized Reporting and Data Correlation
- Encryption of Local Log File Data
- Establishment of Appropriate Access Controls
- for Log Files
- Implementation of Tools for Remote Monitoring
- of Log Files
- Patches and Software Updates
- Process Monitoring for Logging Services
- Regular File System Audits
- Strict Management of Audit and
- Accounting-Related Privileges
- Traffic Encryption for Syslog Packet Data
- Notes
- References
- Texts
- Web References
- 18 Conclusion
- Conclusion: Case Study in Subversion
- Dalmedica’s Perspective
- Access Points
- Bastion Hosts
- Reconnaissance Activity
- Target Systems
- Conclusion (Final Thoughts)
- References
- Areas of Focus
- General Hacking and Security Resources
- Authentication Technologies
- Cryptography
- DNS and Directory Services
- Network Management
- Route/Switch Infrastructures
- Storage Networking
- Voice over IP
- Wireless Networks
- Notes
Downlod Link - Oron
have langues from indonesia??
ReplyDelete