Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ernest Staats Director of Technology and Network Services at GCA MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+,

Published byAlban Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Ernest Staats Director of Technology and Network Services at GCA MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+,"— Presentation transcript:

1 Ernest Staats Director of Technology and Network Services at GCA MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://es-es.nethttp://es-es.net Hacking High School

2 CAN’T DEFEND WHAT YOU DON’T KNOW “Know your enemies & know yourself” Hacker Mentality Map your network regularly Sniff and Baseline your network know what type of data needs to be going across your system Know what types of paths are open to your data WIFI, USB, BlueTooth, Remote Acess Web 2.0 Mobile device access

3 HACKER MENTALITY Hackers are motivated by various factors: Ego Curiosity and challenge Entertainment Political beliefs Desire for information Thrill of gaining privileged access Own the system long term (Trojans, backdoors) Attempt to compromise additional systems A "trophy" to gain status

4 Hacker Stratification Tier I The best of the best Ability to find new vulnerabilities Ability to write exploit code and tools Motivated by the challenge, and of course, money Tier II IT savvy Ability to program or script Understand what the vulnerability is and how it works Intelligent enough to use the exploit code and tools with precision Motivated by the challenge but primarily curiosity, some ego Tier III “Script Kiddies” Few real talents Ability to download exploit code and tools written by others Very little understanding of the actual vulnerability Randomly fire off scripts until something works Motivated by ego, entertainment, desire to hurt others In the End there can only be 1

5 LOW HANGING FRUIT Safemode /Hacker Mode : F8 or hold down the CTRL key God Mode Lab machines that require Admin rights to run software IronGeek.com / Youtube “Hack School” lots of step by step videos Reamane EXE’s two fun ones netsh.exe utilman.exe When using Microsoft GPO’s use hash instead of Path Use Windows RunUse MS-Access to make a Macro run CMD Use IP Address instead of NameShutdown –i Use U3 Devices or Portable Apps Right Click Make shortcut to c drive if you hide C drive Use Bluetooth to make file transfers to windows system32 if they have USB access they own it

6 GOD MODE VISTA / WIN7 GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} Other Shot cuts {00C6D95F-329C-409a-81D7-C46C66EA7F33}" {00C6D95F-329C-409a-81D7-C46C66EA7F33} {0142e4d0-fb7a-11dc-ba4a-000ffe7ab428} {025A5937-A6BE-4686-A844-36FE4BEC8B6D} {05d7b0f4-2121-4eff-bf6b-ed3f69b894d9} {1206F5F1-0569-412C-8FEC-3204630DFB70} {15eae92e-f17a-4431-9f28-805e482dafd4} {17cd9488-1228-4b2f-88ce-4298e93e0966} {1D2680C9-0E2A-469d-B787-065558BC7D43} {1FA9085F-25A2-489B-85D4-86326EEDCD87} {208D2C60-3AEA-1069-A2D7-08002B30309D} {20D04FE0-3AEA-1069-A2D8-08002B30309D} {2227A280-3AEA-1069-A2DE-08002B30309D} {241D7C96-F8BF-4F85-B01F-E2B043341A4B} {4026492F-2F69-46B8-B9BF-5654FC07E423} {62D8ED13-C9D0-4CE8-A914-47DD628FB1B0} {78F3955E-3B90-4184-BD14-5397C15F1EFC} Hiding things will not work

7 NOT ROCKET SCIENCE 2009 saw the first iPhone worm -- most attacks were near-identical to prior years, changing only the victims and the level of sophistication FBI estimated small and medium businesses have lost $40 million to cyber- crime since 2004

8 VIRUS CREATION Anyone can do it!

9 MALWARE IS VERY COMMON Malware How common? Spyware Virus Worm Tracking Map http://wtc.trendmicro.com/wtc/default.asp http://www.fortiguard.com/map/worldmap.html Symantec reported over million malware’s since 2007

10 “WILL VULNERABILITIES EVER GO AWAY?” If, 95-99% of all attacks come from known vulnerabilities and mis- configurations [Carnegie Mellon] And, known vulnerabilities and mis-configurations come from human error And, for the foreseeable future, humans will be the creators and maintainers of technology Then, vulnerabilities (and risk) are here to stay!

11 MIS-CONFIGURATIONS Easily guessed passwords Admin/no password Admin/username same as password Admin/”password” Common user/pass combinations oracle/oracle Default Password List http://tinyurl.com/39teobhttp://tinyurl.com/39teob Default installed files Admin rights for software Incorrect permissions

12 MOBILE DEVICES EXPOSES YOU I’m really an IP connected computer!

13 USB ADD RISK Flash Memory Devices Containing what?

14 USING REMOTE ACCESS TO HACK BackTrack4 - Owning Vista with BackTrack http://www.offensive-security.com/backtrack- tutorials.phphttp://www.offensive-security.com/backtrack- tutorials.php How to put BT4 on a USB http://www.offensive-security.com/backtrack-tutorials.php Portable Apps http://es-es.net Mobile devices Iphone I-Touch http://www.leebaird.com/Me/iPhone.htmlhttp://www.leebaird.com/Me/iPhone.html Droid PS2 others Metasploit

15 SILVER BULLET EATER Alternate streamview BinText BitComet CCleaner Clam AV Convert All Portable Cool Player+ Portable Defraggler Dir html File Shredder Firefox HttTrack Links to Portable USB Software http://www.portablefreeware.com/all.php http://www.makeuseof.com/tag/portable-software- usb/ http://www.makeuseof.com/tag/portable-software- usb/ http://en.wikipedia.org/wiki/List_of_portable_softwar e http://en.wikipedia.org/wiki/List_of_portable_softwar e http://www.portablefreeware.com/index.php?sc=27 My Set of Portable apps http://es-es.net/resources/Portable_Apps.zip Kee Pass LAN Search Lsa secrets view MAC address View MD5Checker mRemote netcheck Netscan NMap Pidgin Portable PortableApps.com Portable- Virtual Box Process Injection Process Killer Recuva File Restore Sophos Anti- Rootkit Stinger Sumatra PDF Super Scanner Sysinternals Suite System Info Tor Win SCP Wireless keyview Wireshark Youtube downloader putty.exe

16 DEMO TIME All resources on my site es-es.net

17 U3 POCKETKNIFE Steal passwords Product keys Steal files Kill antivirus software Turn off the Firewall And more… For details see http://wapurl.co.uk/?719WZ2Thttp://wapurl.co.uk/?719WZ2T

18 CUSTOMIZING U3 You can create a custom file to be executed when a U3 drive is plugged in The custom U3 launcher runs PocketKnife So all those things are stolen and put on the flash drive 18

19 BACKTRACK IN VM U3 DEVICEU3 DEVICE

20 UBCD IN A VM TRACK THAT ONE….

21 Cain and Abel Local Passwords

22 PASSWORDS CRACKING NTPassword RESET any admin pwd to blank http://home.eunet.no/pnordahl/ntpasswd/ Cain and Able Back Track 4 (BT4) http://www.backtrack-linux.org/downloads/http://www.backtrack-linux.org/downloads/ Default Password List http://tinyurl.com/39teob Paid Password Tools http://www.brothersoft.com/downloads/crack-password.html http://www.elcomsoft.com/index.html http://www.accessdata.com/

23 DEFENSE

24 IMMEDIATE RISK REDUCTION Disable AutoRun / Keep system patches updated Glue USB ports shut Install Windows 7 64 bit several cracking programs do not work Get rid of Admin rights lockdown work stations Monitor WIFI access secure your wireless networks http://es-es.net/13.htmlhttp://es-es.net/13.html USB Blocking Windows Group Policy Netwrix http://www.netwrix.com/usb_blocker.html http://www.netwrix.com/usb_blocker.html Several Vendors on the show floor have options to limit or block USB 24

25 BETTER USB SOLUTION: IEEE 1667 Standard Protocol for Authentication in Host Attachments of Transient Storage Devices USB devices can be signed and authenticates, so only authorized devices are allowed Implemented in Windows 7 See http://tinyurl.com/ybce7z7 http://tinyurl.com/ybce7z7 25

26 KEEP DATA SECURE WEB 2.0 Continued Education of Computer Users Don’t click on strange links (avoid tempt-to-click attacks) Do not release personal information online Use caution with IM and SMS (short message service) Be careful with social networking sites Don’t e-mail sensitive information Don’t hit “reply” to a received -email containing sensitive information Require mandatory VPN (virtual private network) use over wireless networks

27 ADDRESSING THE THREATS Design/implement widely accepted policies and standards Identify the vulnerabilities, mis-configurations, and policy violations Apply fixes and patches as quickly as possible Mitigating the risk with intrusion prevention Log and monitor all critical systems Educate yourself & your staff Disable Safe mode Lock Systems Steady State, Deep Freeze or others Lock Down Windows Group Policies Block USB devices Secure your WIFI network

28 THE LIST Tools I use!

29 PASSWORD RECOVERY TOOLS: Fgdump (Mass password auditing for Windows) http://foofus.net/fizzgig/fgdump Cain and Abel (password cracker and so much more….) http://www.oxid.it/cain.htnl John The Ripper (password crackers) http://www.openwall.org/john/ GUI for John The Ripper FSCracker http://www.foundstone.com/us/resources/proddesc/fscrack.htm RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. http://www.rainbowcrack.com/downloads/?PHPSESSID=776fc0bb788953e190cf415e60c 781a5 http://www.rainbowcrack.com/downloads/?PHPSESSID=776fc0bb788953e190cf415e60c 781a5

30 NETWORKING SCANNING MS Baseline Analyzer 2.1 http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889e- ecf997eb18e9&displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889e- ecf997eb18e9&displaylang=en The Dude (Mapper and traffic analyzer great for WIFI) http://www.mikrotik.com/thedude.php Getif (Network SNMP discovery and exploit tool) http://www.wtcs.org/snmp4tpc/getif.htm SoftPerfect Network Scanner http://www.softperfect.com/ HPing2 (Packet assembler/analyzer) http://www.hping.org ZENOSS (Enterprise Network mapping and monitoring) http://www.zenoss.com TCPDump (packet sniffers) Linux or Windump for windows http://www.tcpdump.org and http://www.winpcap.org/windump/ http://www.tcpdump.orghttp://www.winpcap.org/windump/ LanSpy (local, Domain, NetBios, and much more) http://www.lantricks.com/

31 TOOLS TO ASSESS VULNERABILITY Nessus(vulnerability scanners) http://www.nessus.org Snort (IDS - intrusion detection system) http://www.snort.org Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission http://www.metasploit.com/projects/Framework/ Open VAS (Vulnerability Assessment Systems) Enterprise network security scanner http://www.openvas.org

32 SECURE YOUR PERIMETER: DNS-stuff and DNS-reports http://www.dnsstuff.com http://www.dnsreports.com http://www.dnsstuff.comhttp://www.dnsreports.com Test e-mail & html code Web Inspect 15 day http://tinyurl.com/ng6khwhttp://tinyurl.com/ng6khw Security Space http://tinyurl.com/cbsr Other Firewall options Untangle www.untangle.comwww.untangle.com Smooth Wall www.smoothwall.orgwww.smoothwall.org IPCop www.ipcop.orgwww.ipcop.org

33 Soft Perfect Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. Very easy to use; http://tinyurl.com/2kzpsshttp://tinyurl.com/2kzpss WinSCP wraps a friendly GUI interface around the command-line switches needed to copy files between Windows and Unix/Linux http://tinyurl.com/yvywquhttp://tinyurl.com/yvywqu Nagios Highly configurable, flexible network resource monitoring tool http://www.nagios.orghttp://www.nagios.org Open DNS-- Another layer to block proxies and adult sites; http://www.opendns.com/http://www.opendns.com/ Ccleaner Removes unused files and other software that slows down your PC; http://www.ccleaner.com/http://www.ccleaner.com/ File Shredder A fast, safe and reliable tool to shred company files; http://www.fileshredder.org/http://www.fileshredder.org/ GroundWork (OpenSource) Full Enterprise performance and network management software. This is designed for data center and large networks but can be used on for small shops as well. (works with Nagios); http://www.groundworkopensource.com http://www.groundworkopensource.com More Tools:

34 Google (Get Google Hacking book) The Google Hacking Database (GHDB) http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index Cain and Abel (the Swiss Army knife) Crack passwords crack VOIP and so much more http://www.oxid.it/cain.html Autoruns / Sysinternals Suite shows the programs that run during system boot up or login http://tinyurl.com/3adktf Iron Geek Step by step security training http://tinyurl.com/bzvwxhttp://tinyurl.com/bzvwx SuperScan 4 Network Scanner find open ports (I prefer version 3) http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/sup erscan.htm http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/sup erscan.htm EventSentry Allows you to consolidate and monitor event logs in real-time, http://tinyurl.com/2g64syhttp://tinyurl.com/2g64sy

35 WELL-WORN TOOLS : Wireshark –Packet sniffer used to find passwords and other important network errors going across network –SSL Passwords are often sent in clear text before logging on – http://tinyurl.com/yclvno http://tinyurl.com/yclvno Metasploit –Hacking/networking security made easy –http://www.metasploit.com/http://www.metasploit.com/ BackTrack or UBCD4WIN Boot CD –Cleaning infected PC’s or ultimate hacking environment. Will run from USB –http://www.backtrack-linux.org/downloads/http://www.backtrack-linux.org/downloads/ – http://tinyurl.com/38cgd5 http://tinyurl.com/38cgd5 Read notify –“Registered” email –http://www.readnotify.com/http://www.readnotify.com/ Virtual Machine –For pen testing – http://tinyurl.com/2qhs2e http://tinyurl.com/2qhs2e

36 DIGITAL FORENSICS First and foremost: I am not a lawyer. Always consult your local law enforcement agency and legal department first! Digital forensics is SERIOUS BUSINESS You can easily shoot yourself in the foot by doing it incorrectly Get some in-depth training …this is not in-depth training!!! (Nor is it legal advice. Be smart. The job you save may be your own.)

37 FORENSICS: OPEN SOURCE / FREE TO K-12 Helix (e-fense) Customized Knoppix disk that is forensically safe Includes improved versions of ‘dd’ Terminal windows log everything for good documentation Includes Sleuthkit, Autopsy, chkrootkit, and others Includes tools that can be used on a live Windows machine, including precompiled binaries and live acquisition tools www.e-fense.com ProDiscover (free for schools) www.techpathways.com

38 ANTI-FORENSICS Be Aware of activity in the Anti-Forensics area!! There are active efforts to produce tools to thwart your forensic investigation. Metasploit’s Anti-Forensic Toolkit*, Defiler’s Toolkit, etc. Timestomp Transmogrify Slacker SAM juicer

39 Sysinternals

40 EVENT LOG Use to document unauthorized file and folder access Acquire key data

41 ACCESSCHK* Shows what folder permissions a user has Provides evidence that user has opportunity Acquire key data

42 PSLOGGEDON* Shows if a user is logged onto a computing resource Acquire key data

43 ROOTKIT REVEALER Reveals rootkits, which take complete control of a computer and conceal their existence from standard diagnostic tools Acquire key data

44 PSEXEC Allows investigator to remotely obtain information about a user’s computer - without tipping them off or installing any applications on the user’s computer Acquire key data

45 SYSINTERNALS TOOL: DU* Allows investigator to remotely examine the contents of user’s My Documents folder and any subfolders Acquire key data

46 FREE SERVER VRTUALIZATION SOFTWARE Some of my favorite free virtualization tools: VMware vSphere ESXi Free Edition and VMware Go VMware vMA, vCLI (or command-line interface), PowerCLI, and scripts from the vGhetto script repository such as vSphereHealthCheckvMAvCLIPowerCLIvGhetto script repositoryvSphereHealthCheck Veeam Monitor (free edition), FastSCP, and Business ViewMonitor (free edition)FastSCPBusiness View Vizioncore Wastefinder, vConvert SC and Virtualization EcoShellWastefindervConvert SCVirtualization EcoShell SolarWinds' VM Monitor Trilead VM Explorer TripWire ConfigCheck ConfigureSoft/EMC Compliance Checker ESX Manager 2.3 from ESXGuide (ESX 3i and 4i are not supported) ESX Manager 2.3 from ESXGuide vKernel SearchMyVM, SnapshotMyVM, and ModelerSearchMyVMSnapshotMyVMModeler Hyper9 GuessMyOS Plugin, Search Bar Plugin, and Virtualization Mobile Manager XtraVirt vAlarm and vLogViewvAlarmvLogView

47 SHAMELESS PLUG Presentations on my site located at www.es-es.net Check out the presentation given this morning Manage & Secure Your Wireless Connections To learn more about GCA (Georgia Cumberland Academy) www.gcasda.org Face-Saving Tools for Managers http://tinyurl.com/y9oywob 20 great Windows open source projects http://tinyurl.com/yfh7d6t E-Crime Survey 2009 http://tinyurl.com/ygtsgft

Download ppt "Ernest Staats Director of Technology and Network Services at GCA MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+,"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,

1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.

Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Hands-on: Capturing an Image with AccessData FTK Imager

Hands-on: Capturing an Image with AccessData FTK Imager
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Similar presentations

Ads by Google