Computer Forensics and Cyber Crime

Computer Forensics and Cyber Crime

Introduction

Historically, the world has experienced periods of great enlightenment and progress.

The Industrial Revolution, for example, brought unprecedented knowledge and

opportunities almost two centuries ago. This revolution, automating common tasks,

provided previously unheard of privileges and advances. Advances in transportation

increased the array of vacation destinations, enabled families to remain in contact with

distant family members, and decreased infant mortality rates as prenatal care became

more accessible in remote areas. In addition, sharp advances in communication

improved police efficiency and radically changed the courting behavior of lovers. Individuals,

families, and institutions were granted unprecedented access to luxury items

like cooling systems, and household maintenance was made easier through power

tools, yard equipment, and the like. The automation of printing and the introduction of

mass media greatly enhanced information dissemination by increasing the availability

of reliable and credible sources of knowledge. Unfortunately, it also increased levels

of physical lethargy, obesity, complacency, desensitization, child poverty, and criminal

behavior. Today, American society has experienced similar transformations as a direct

result of the Information Revolution.

The introduction of the Internet has created unparalleled opportunities for commerce,

research, education, entertainment, and public discourse. A global marketplace has

emerged, in which fresh ideas and increased appreciation for multiculturalism have

flourished.

The introduction of computerized encyclopedias, international consortia,

worldwide connectivity, and communications has greatly enhanced quality of life

for many individuals. Indeed, the Internet can be utilized as a window to the world,

allowing

individuals to satiate their curiosity and develop global consciousness.

It allows individuals

to experience those things that they have only dreamed about.

Interested parties

can visit the Louvre, devouring priceless artifacts at their leisure

or take an African safari without the heat or mosquitoes. They can find answers to

the most complex legal or medical questions or search for their soul mates. They can

download coupons for their favorite restaurants or search for recipes to their favorite

dishes. In addition, individuals,

corporations, public organizations, and institutions

can more effectively advertise their products or services, using graphically highlighted

information and providing links to supplemental information or support. In

fact, computerized

access to unprecedented information has cut across traditional

boundaries

of communication.

Like other institutions, law enforcement has also benefited. The Internet has

successfully

created a nonthreatening platform for information exchange by community

residents. In addition, the speed and efficiency has enabled agencies to communicate

with other agencies on a global scale, solidifying relationships and increasing cooperation.

Indeed, law enforcement has been able to further its mission by simply extending

the range of audiences to whom it can communicate. Textual descriptions and graphic

images of wanted suspects or missing persons can be viewed by anyone with an Internet

connection, and concerned citizens can report suspicious activity in an efficient and

effective

manner. However, the Internet and the increasing reliance on digital technology

and communications have also had negative repercussions—creating seemingly

insurmountable obstacles for law enforcement. Indeed, the same technology that allows

access to favorite recipes from Madagascar can be utilized to download blueprints for

weapons of mass destruction. Those same individuals

surfing

the Web for vacation specials

can stalk and harass targeted victims

while enjoying the fruits of such searches.

Indeed, the very advantages that make the Internet, wireless

technologies, and smart

phones so attractive are often the same that pose the greatest risk

download

Command Guide CCNA Routing and Switching

Command Guide CCNA Routing and Switching

Learning the Basics

“Would you like to enter the initial configuration dialog? [yes/no]:”

- Where am I?

Command Modes

Cisco IOS has three main command modes – user EXEC, privileged EXEC and global configuration. Each command mode has its own set of commands for specific purposes.You’ll start at user EXEC mode.

User execution mode

Some verification and troubleshooting commands are available. Often used by 1st level helpdesk personnel.

You can identify user execution mode by the following prompt:

Router>

There’s not much to do in this command mode for a network administrator, elevate to next command mode by typing in enable command:

Router> enable

Moves to privileged execution mode.

Privileged execution mode

All verification and troubleshooting commands are available. Used by network administrators.

The “greater than” prompt changes to hash:

Router#

If you are looking to verify or troubleshoot something, you’ll find all the necessary commands available in this command mode. If you are looking to apply a configuration change, then elevate to the global configuration mode.

Router# configure terminal

Moves to global configuration mode.

Global configuration mode

Majority of configuration changes are applied here. Entering this command mode requires user to be in privileged execution mode, there are no shortcuts.

You can easily tell if you are in global configuration mode by the following prompt:

Router(config)#

This concludes the three main command modes of Cisco IOS. Type in “exit” or “end”, to move back to privileged execution mode:

Router(config)# exit

Moves back to privileged EXEC mode.

Saving Configurations

When you make a configuration change it’s only the “running-config” (contents of DRAM) that gets updated. All configuration changes are lost in case of power outages or system reboots unless changes were also written to “startup-config” (NVRAM).

For saving configurations navigate to privileged execution mode and use one of the commands below:

Router# write memory

Building configuration...

[OK]

Or

Router# copy running-config startup-config

Building configuration...

[OK]

Both of these commands copy contents of “running-config” to NVRAM. There’s no functional difference.

Show Commands for Information Gathering

Show commands help you verify configurations and troubleshoot. Some of them are listed below.

Router> enable

Navigates to privileged execution mode.

Router# show interfaces description

Lists all interfaces and their descriptions.

Router# show interfaces summary

Shows counter summary on all interfaces.

Router# show ip interface brief

Lists all interfaces and IP address information.

Router# show interface gigabitEthernet 0/1

Shows counter summary and status of the interface specified.

Router# show running-config interface gigabitEthernet 0/1

Shows configuration of the interface specified.

Router# show version

Shows brief system hardware information, including IOS version and configuration register value.

Router# show cdp neighbors detail

Shows detailed information of neighboring devices that have Cisco Discovery Protocol enabled.

Setting Hostname

Let’s take a look at how you can apply your very first configuration change. You can change the router hostname in global configuration mode.

Router> enable

Navigates to privileged execution mode.

Router# configure terminal

Navigates to global configuration mode.

Router(config)# hostname CupOfTea

Sets router hostname to “CupOfTea”.

Terminal prompt will change:

CupOfTea(config)#

Starting to feel like a network engineer already? Don’t forget to save the configuration!

CupOfTea(config)# exit

Navigates back to privileged execution mode.

CupOfTea# write memory

Saves changes to NVRAM.

Configuring an Ethernet Interface

“Easy! Just use the ‘no shut’ command.

 If the interface still doesn’t come up – try to reboot the router.” 

Assigning an IP Address

Router# show ip interface brief

Lists all available interfaces on the router. In this sample we’re going to modify configuration of the gigabitEthernet 0/0 interface.

Router# configure terminal

Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0

Moves to interface configuration mode.

Router(config-if)# ip address 192.168.101.1 255.255.255.0

Sets IPv4 address and network mask.

Router(config-if)# ipv6 address 2001:0db8:3c4d:0015:0011:0000:abcd:ed1a/64

Sets IPv6 address and network mask.

Router(config-if)# no shutdown

Enables the interface.

Note: “Administratively down” is the default state of all Ethernet interfaces on Cisco routers.

Interface Speed and Duplex

According to best practice it’s recommended to only change interface speed and duplex settings if you suspect that there might be a problem with auto negotiation. By default all Ethernet interfaces are configured with auto negotiation setting for interface speed and duplex.

Router# show interface gigabitEthernet 0/0

Shows interface speed and duplex settings.

Router# configure terminal

Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0

Moves to interface configuration mode.

Router(config-if)# speed auto

Enables speed auto-negotiation. This is default setting.

Router(config-if)# speed 1000

Forces interface into 1000Mbit/s operation mode.

Router(config-if)# speed 100

Forces interface into 100Mbit/s operation mode.

Router(config-if)# duplex auto

Enables duplex auto-negotiation. This is default setting.

Router(config-if)# duplex full

Forces interface into full duplex operation mode.

Router(config-if)# duplex half

Forces interface into half duplex operation mode.

Subinterfaces

One physical interface can be divided into multiple virtual interfaces.

 

Router# show ip interface brief

Lists all available interfaces on your router (including subinterfaces).

Router# configure terminal

Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.1

Creates subinterface (.1) on gigabitEthernet 0/0 and moves to subinterface configuration mode.

Router(config-subif)# ip address 192.168.1.1 255.255.255.0

Assigns IPv4 address and network mask.

Router(config-subif)# encapsulation dot1q 1

Assigns subinterface to VLAN1 broadcast domain. Sets VLAN encapsulation method to dot1q.

Router(config-subif)# exit

Moves back to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.2

Creates another subinterface (.2) on gigabitEthernet 0/0 and moves to subinterface configuration mode.

Router(config-subif)# ip address 192.168.2.1 255.255.255.0

Assigns IPv4 address and network mask.

Router(config-subif)# encapsulation dot1q 2

Assigns subinterface to VLAN2 broadcast domain. Sets VLAN encapsulation method to dot1q.

Remote Management

This chapter teaches you how to enable Telnet and SSH protocols.

Enabling Telnet

Telnet enables you to remotely manage router. It’s unencrypted and not very secure; the reason it’s still being used is that not all devices support SSH.

Note: Telnet sessions are prohibited by default. Without vty password configured you’ll notice a following message, when you attempt to log in to your router, using Telnet:

“Password required, but none set.”

Configuring vty password:

Router(config)# line vty 0 4

Enters into vty line configuration mode for lines 0 - 4.

Router(config-line)# password cookie

Sets password to “cookie” on vty lines 0,1,2,3 and 4.

Router(config-line)# login

Enables vty password authentication.

Enabling SSH

If your device also supports SSH it’s recommended that you use it instead of Telnet for remote management.

As a first step you must create RSA crypto key pairs.

Note: RSA crypto keys are non-exportable on Cisco routers and switches.

Router(config)# crypto key generate rsa

The name for the keys: MyRSA-Keys

How many bits in the modulus: 1024

Generates RSA crypto key pairs. These will be used for SSH encryption.

Router(config)# ip ssh version 2

Enables SSH version 2.

Router(config)# line vty 0 4

Enters into vty line configuration mode for lines 0 - 4.

Router(config-line)# password cookie

Sets password to “cookie” on vty lines 0,1,2,3 and 4.

Router(config-line)# login

Enables vty password authentication.

Optional: Prohibit Telnet and permit only SSH

Router(config)# line vty 0 4

Enters into vty line configuration mode for lines 0 - 4.

Router(config-line)# transport input ssh

Permits remote management over vty lines 0 – 4 only via SSH protocol.

download

Computer Forensics with FTK

Computer Forensics with FTK

Getting Started with

Computer Forensics

Using FTK

Forensic Toolkit (FTK) is a complete platform for digital investigations, developed

to assist the work of professionals working in the information security, technology,

and law enforcement sectors.

Through innovative technologies used in filters and the indexing engine, the relevant

evidence of investigation cases can be quickly accessed, dramatically reducing the

time to perform the analysis.

This chapter will cover the first steps needed to install and configure the FTK tool.

Forensic digital investigations include the following processes:

• Preparation

• Acquisition and preservation

• Analysis

• Reports and presentation

This process will be discussed in more detail in Chapter 4, Working with FTK Forensics,

with the use of FTK forensics and enterprise editions.

The computer forensics tools need to be kept updated to address issues such as an

increasing size of hard drives and the use of encryption in order to reduce the time

to perform the data acquisition and analysis.

Getting Started with Computer Forensics Using FTK

[ 6 ]

AccessData has two versions of the platform:

• FTK forensics: This version of FTK, which will be covered in this book, has

the ability to perform the acquisition and analysis of digital devices such

as computer hard drives, USB drives, flash memory devices, smartphones,

tablets, and other digital media. Its approach is related to a process called

post-mortem computer forensics, which happens when the computer has

been powered down.

• AD Enterprise: In general, AD Enterprise has the same features as the FTK

forensics version plus the ability to analyze multiple computers across your

company simultaneously. Another important feature of this version is the

ability to acquire and analyze volatile data, such as RAM. The investigation

process is totally confidential, and the investigated user will not be aware

of the analysis, even if it is done through the network and with the target

equipment in use.

In this book, we will use the solution only in the

standalone version.

Downloading FTK

Once the FTK platform has been acquired, AccessData usually sends the DVDs

for product installation and the hardware dongle codemeter with the license of

the product.

If not, then it is possible to download the FTK directly from the AccessData website.

All other products are also available for download.

In this book, we will use FTK Version 5 onwards, and you can download the product

from http://www.accessdata.com/support/product-downloads.

Chapter 1

[ 7 ]

Prerequisites for FTK

There are two different settings (configuration options) for FTK installation:

• One machine: FTK + database

• Two machines: FTK + database on separate machines

In general, the specification used for FTK with the PostgreSQL database is shown in

the following screenshot:

Note that this is the recommended specification by the vendor. However,

the more the processing, memory, and I/O resources available, the faster

the analysis.

Getting Started with Computer Forensics Using FTK

[ 8 ]

Installing FTK and the database

FTK installation is quite simple, although the components' installation sequence

must be respected. AccessData has created a menu to provide support for the correct

installation, as can be seen in the following screenshot:

Perform the following steps for installing FTK:

1. Start the installation process by using the Database component. You can then

enter a password to create the PostgreSQL database admin user.

2. Once the database installation is done, install FTK.

3. Install the Distributed Engine component, as it is necessary for the correct

operation of FTK.

4. The View User Guide installation is optional, but highly recommended.

Chapter 1

[ 9 ]

5. To finish the FTK platform installation process, click on the Other Products

button and select the components listed as follows:

°° License Manager: This is the product's license control component

°° Registry Viewer: This is the Windows registry analysis component

°° PRTK: This is the password recovery component

°° CodeMeter: This is the USB CodeMeter hardware driver and

management component

°° Imager: This is the FTK Imager product

Make sure that you select the correct platform, which can be either 32-

or 64-bits, and in case the Unable to connect to the database requested

error message appears, just change the RDBMS option to PostgresSQL.

Running FTK for the first time

If the installation has been done correctly, the first step would be to create a user:

Next, you can complete the fields in the form and then click on OK to create the first

user. This user will be the application administrator, who will manage the FTK tool.

The use of the FTK tool will be discussed in the next few chapters.

Getting Started with Computer Forensics Using FTK

[ 10 ]

Summary

This chapter covered the first necessary steps to be performed in order to use the FTK

forensics tool. The first step was to understand the difference between standalone

and enterprise platforms as it is extremely important to determine the approach to be

used in an investigation. This will certainly impact the time of acquisition and data

analysis. Another important point was to consider the hardware prerequisites. Keep

in mind that more the computing power the hardware has, the faster is the response

of their analysis.

The analysis process is really time-consuming, and if not properly scaled, the

hardware can have a negative impact on your project.

In the next chapter, you will use FTK Imager, the free version of the platform, which

is commonly used for evidence acquisition and preanalysis of data.

Working

download

The Hackers Manual 2016

The Hackers Manual 2016

Beginner-friendly distros
For those who need stabilisers.
elementary OS “Freya”
This distro has little in common with its
base distro, Ubuntu. It ships with its
own home-brew Pantheon desktop and
has several custom apps, including a
Mac OS X-inspired dock. The distro
places great emphasis on design and
its Apple fixation is evident from the
tools it supplies, such as Snap, a
webcam app, which is similar to Apple’s
Photo Booth. The distro supplies a
number of custom tools, such as the
Korora 22
Korora is based on the mainstream
Fedora distro and ships separate
Gnome and KDE-based live installable
editions. In contrast to Fedora’s
blandness, Korora ships with a heavily
customised desktop. The distro has
also enabled some Gnome extensions,
by default, to iron out some of its
navigation issues and includes the
Gnome Tweak Tool for more
customisation. The distro has full
Pinguy OS 14.04.2
Another desktop that attracts new
users with its intuitive design is
PinguyOS. The customised Gnome
desktop features a lively dock at the
bottom and the Application menu
brings up a categorised list of apps, and
includes both the Gnome and Ubuntu
Tweak Tools. The distro is chock full of
apps and even includes the Plex Media
server. Besides the best general
Verdict Beginner-friendly distros
All three of the desktop distros we’ve rated,
above, have put in a great amount of effort to
polish the underlying components of their
base distro to a high finish. All three feature
incredibly good-looking desktops that are
intuitive and functional as well.
Of the three, elementary OS has perhaps
put in the most amount of effort into building
custom tools and libraries. Everything from the
window manager up to its apps is crafted to
adhere to its design principles. The one
disadvantage with the distro is that it isn’t as
usable straight out-of-the-box as the others.
Then there’s Korora which has turned the
clean slate of its Fedora underpinnings into a
fully functional smart-looking desktop. The
distro is a wonderful starting point for anyone,
and its strength lies in its customisation and
applications. The distro’s weakest point is the
Anaconda installer inherited from Fedora.
In contrast, Pinguy OS offers the best mix
of form and function. Its pleasing desktop
environment gives access to its vast number of
applications. But make sure you use it only on
an adequately specified machine – all its
customisations consume a lot of resources
and you’ll only be able to enjoy Pinguy OS on a
machine which has at least 4GB of RAM. On a
system with memory lower than that it’s best
to stick to elementary OS.
multimedia support, and enables thirdparty
repos, such as RPMFusion,
Google Chrome and VirtualBox.
Korora also packs in popular apps
and its Firefox browser is equipped with
useful extensions. The distro has some
specialised tools as well, such as the
Audacity audio editor, OpenShot video
editor and Handbrake video transcoder
etc. For package management the
distro ships with both Gnome’s
package manager and YumExtender.
purpose and specialised open source
apps, it includes several popular
proprietary ones, including TeamViewer,
Spotify and Steam for Linux.
There’s also Wine that you can
manage with the bundled PlayOnLinux
front-end. If you need more software, it
has Ubuntu Software Center as well as
the Synaptic package manager. The
distro uses its own repos besides the
ones for Ubuntu and Linux Mint Debian.
Geary Mail, Scratch text editor and
Audience video player, which are
designed to assist inexperienced users.
The distro even uses its own custom
window and compositing manager
called Gala, which consumes less
resources than some of its peers.
However, elementary OS doesn’t offer
many apps out of the box and doesn’t
include proprietary codecs or ship any
non-GTK apps which is why it doesn’t
include the likes of LibreOffice.
The verdict
he abundance of open source
operating systems proves that a
community of open-minded
developers can do great things, which
are worth at least trying out on your
home PC. We don’t insist that you
eventually switch from Linux to another
OS, as we love Linux but almost all of
them are more or less capable for
desktop computing.
PC-BSD is the winner overall with
very good performance in almost all the
tests we threw at it. The OS is fast,
reliable and able to recognise nearly all
hardware components and peripherals.
It may be missing the live mode, which
could garner it even more attention
from open source enthusiasts, but the
desktop experience with PC-BSD is
nearly the same as we’d expect in a
decent Linux distribution.
Haiku is a smart OS and really unlike
the other OSes. There are builds made
with an ancient GCC 2 compiler, which
can still run the original BeOS
applications together with relatively
modern Qt4 apps. Haiku development

download

CentOS System Administration Essentials

CentOS System Administration Essentials

You may have some experience with vi, or what is now known as Vim (which is

when simply put—vi improved). All too often, I find that those first experiences

have never been good ones or to be looked back upon with much fondness. Guiding

you through the initially unfathomable regime of vi, we are going to make sure that

you are the master of vi and you leave wanting to use this tool from the gods. vi is

like everything else in the sense that you just need to stick with it in the early days

and keep practicing. Remember how you persevered for many hours riding your

bicycle as a toddler and became a master, despite a few bruised knees? I want you

to persevere with vi too. We will start with a little command-line magic to make the

whole command-line interface (CLI) experience a better one. We will then be ready

to start our black-belt experience in vi.

In this chapter, we will go through the following topics:

• CLI trickery – shortcuts that you will love

• Vim and vi: In this section, you will learn to differentiate between these

twins and meet their graphical cousin

• Getting the .vimrc setup the way you like

• Search and replace: In this section, you will learn how to quickly find and

replace text within files from both inside and outside Vim

• Learning to remove extraneous comments from a file with a few deft

key strokes

Taming vi

[ 10 ]

CLI trickery – shortcuts that you will love

So before we dice into the wonderful world of text editing that is vi, we will warm

up with a few exercises on the keyboard. Linux is my passion, as is automation. I am

always keen to create scripts to carry out tasks so that those tasks become repeatedly

correct. Once the script is created and tested, we will have the knowledge and faith

that it will run in the same way every time and we will not make mistakes or miss

critical steps, either because it gets boring or we are working late on a Friday night

and just want to go home. Scripting itself is just knowing the command line well

and being able to use it at its best. This truth remains across all systems that you will

work with.

On the command line, we may try a little more black magic by executing the

following command:

$ cd dir1 || mkdir dir1 && cd dir1

With this, we have used the cd command to enter the dir1 directory. The double

pipe or vertical bar indicates that we will attempt the next command only if the first

command fails. This means that if we fail to switch to the dir1 directory, we will run

the mkdir dir1 command to create it. If the directory creation succeeds, we then

change into that directory.

The || part denotes that the second command will run only

on the failure of the first. The && part denotes that the second

command will run only if the first command succeeds.

The command history is a little more and hugely better than just an up arrow key!

Consider the following commands:

$ mkdir dir1

$ cd !$

The !$ part represents the last argument, so in this way, the second line evaluates to

the following:

$ cd dir1

In this way, we can rewrite the initial command sequence, by combining both

concepts, to create the following command:

$ cd dir1 || mkdir !$ && cd !$

Chapter 1

[ 11 ]

We can repeat the last command as well as the last argument. More importantly,

we can specify the start characters for the last command. If it was merely the last

command, then the up arrow key would suffice. If we were working on a web server

configuration, we may want to edit the configuration file with vi, start the service,

and then test with a command-line browser. We can represent these tasks using the

following three commands:

# vi /etc/httpd/conf/httpd.conf

# service httpd restart

w3m localhost

Having run these three commands in the correct order, hoping for success,

we may notice that we still have issues and that we need to start re-editing

the configuration file for Apache, the web server. We can now abbreviate the

command list to the following:

# !v

# !s

# !w

The !v command will rerun the last command in my history that begins with a v,

and likewise with s and w. This way, we can appear to be terribly proficient and

working really quickly, thus gaining more time to do what really interests us,

perhaps a short 9 holes?

In a similar fashion to our first glance at the history using the !$ symbols to represent

the last argument, we can use !?73. This would look for 73 anywhere as an argument

or part of an argument. With my current history, this would relate to the date

command we ran earlier. Let's take a look:

$ !?73

With my history, the sequence will expand to and run the following command:

$ date --date "73 days ago"

Looking at my command history from the last command run to the first, we search

for 73 anywhere as a command argument. We make a note that we exclusively look

for 73, meaning we are looking for the character 7 followed by the character 3. We

have to then bear in mind that we would also match 273 or 733 if they exis

download

CEHv8 Certified Ethical Hacker Version 8 Study Guide

CEHv8 Certified Ethical Hacker Version 8 Study Guide

In this book you will learn the various technologies and methodologies
involved in becoming an ethical hacker. You will
learn what it means to become an ethical hacker and the responsibilities
you will be assuming both technically and ethically when you take on this role.
The reality of your taking on the ethical hacker skill set is that companies and enterprise
environments have had to quickly and effectively address the threats and vulnerabilities
that they face. Through a robust and effective combination of technological, administrative,
and physical measures, all these organizations have learned to address their given situation
and head off major problems. Technologies such as virtual private networks (VPNs),
cryptographic protocols, intrusion detection systems (IDSs), intrusion prevention systems
(IPSs), access control lists (ACLs), biometrics, smart cards, and other devices have helped
security. Administrative countermeasures such as policies, procedures, and other rules have
also been strengthened and implemented over the past decade. Physical measures include
cable locks, device locks, alarm systems, and similar devices. Your new role as an ethical
hacker will deal with all of these items, plus many more.
As an ethical hacker you must not only know the environment you will be working in,
but also how to find weaknesses and address them as needed. However, before we get to
all of that this chapter discusses the history of hacking and what it means to be an ethical
hacker. We’ll also look the process of penetration testing and explore the importance of
contracts.
Hacking: A Short History
Hacker is one of the most misunderstood and overused terms in the security industry. It
has almost become the technological equivalent of a boogeyman, which so many either
fear or end up ignoring. What is a hacker and where do we, as ethical hackers, fit in? Well,
to answer that question let’s take a look at the history of hacking along with some notable
events.
The Early Days of Hacking
As the story goes, the earliest hackers were a group of people who were passionate and
curious about new technology. They were the equivalent of those modern-day individuals
who not only want the latest technology, such as a smartphone or iPhone, but also want
to learn all the juicy details about what the device does and what type of undocumented

download

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

download

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

download

CCNA Routing and Switching Study Guide

CCNA Routing and Switching Study Guide

Internetworking
The following ICND1 exam topics
are covered in this chapter :
11 Operation of IP Data Networks
■■ Recognize the purpose and functions of various network
devices such as Routers, Switches, Bridges and Hubs.
■■ Select the components required to meet a given network
specification.
■■ Identify common applications and their impact on the
network.
■■ Describe the purpose and basic operation of the protocols in
the OSI and TCP/IP models.
Welcome to the exciting world of internetworking. This first
chapter will serve as an internetworking review by focusing
on how to connect networks together using Cisco routers and
switches, and I’ve written it with the assumption that you have some simple basic networking
knowledge. The emphasis of this review will be on the Cisco CCENT and/or CCNA
Routing and Switching (CCNA R/S) objectives you’ll need a solid grasp on in order to succeed
in getting your certifications.
Let’s start by defining exactly what an internetwork is: You create an internetwork when
you connect two or more networks via a router and configure a logical network addressing
scheme with a protocol such as IP or IPv6.
We’ll also dissect the Open Systems Interconnection (OSI) model, and I’ll describe
each part of it to you in detail because you really need complete, reliable knowledge of it.
Understanding the OSI model is key for the solid foundation you’ll need to build upon with
the more advanced Cisco networking knowledge gained as you become increasingly skilled.
The OSI model has seven hierarchical layers that were developed to enable different
networks to communicate reliably between disparate systems. Since this book is centering
upon all things CCNA, it’s crucial for you to understand the OSI model as Cisco sees it, so
that’s how I’ll be presenting the seven layers to you.
After you finish reading this chapter, you’ll encounter review questions and written labs.
These are given to you to really lock the information from this chapter into your memory.
So don’t skip them!
To find up-to-the-minute updates for this chapter, please see
www.lammle.com/forum or the book’s web page at www.sybex.com.
Internetworking Basics
Before exploring internetworking models and the OSI model’s specifications, you need to
grasp the big picture and the answer to this burning question: Why is it so important to learn
Cisco internetworking anyway?
Networks and networking have grown exponentially over the past 20 years, and understandably
so. They’ve had to evolve at light speed just to keep up with huge increases in
basic, mission-critical user needs, (e.g. simple sharing data and printers), as well as greater

burdens like multimedia remote presentations and conferencing. Unless everyone who needs

download

CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

Ethernet Basics

Ethernet has been the mainstay LAN protocol for years, and that is not anticipated to

change anytime soon. More often than not, most people studying network and network

fundamentals are very familiar with the protocol operations, its limitations, and its

strengths. This level of familiarity often makes us complacent when it comes to determining

a solid starting point for teaching technology. But when we consider how many technologies

owe their capacity and capabilities to Ethernet, it becomes clear that this is the

best place to start any discussion about networking. Ethernet is so established and useful

that its role is expanding constantly. In fact, today it has even found its way into the

WAN. Ethernet WAN technologies like Metro-Ethernet have changed the way we build

geographically dispersed infrastructure and have paved the way for greater throughput in

what was traditionally a slow and restrictive mode of transport.

So with the understanding that the majority of readers are probably very familiar with

Ethernet based on working with it on a day-to-day basis, we still need to ensure that we

pay proper due diligence to the technology simply because it is so fundamental to the

creation of both the most basic and the most complex network environments, and even

though we are for the most part very knowledgeable about its operation, we might have

forgotten some of the nuisances of its operation. So in this chapter, the intention is to

outline those operations as clearly and succinctly as possible.

For exam preparation, it is typically useful to use all the refresher tools: Take the “Do I

Know This Already?” quiz, complete the definitions of the terms listed at the end of the

chapter, print and complete the tables in Appendix E , “Key Tables for CCIE Study,” and

certainly answer all the CD-ROM questions concerning Ethernet.

“Do I Know This Already?” Quiz

Table 1-1 outlines the major headings in this chapter and the corresponding “Do I Know

This Already?” quiz questions.

download

Building Virtual Pentesting Labs for Advanced Penetration Testing

Building Virtual Pentesting Labs for Advanced

Penetration Testing

 Introducing Penetration Testing

In this chapter, we will discuss the role that pen testing plays in the professional security testing

framework. We will discuss the following topics:

Define security testing

An abstract security testing methodology

Myths and misconceptions about pen testing

If you have been doing penetration testing for some time and are very familiar with the methodology

and concept of professional security testing, you can skip this chapter, or just skim it, but you might

learn something new or at least a different approach to penetration testing. We will establish some

fundamental concepts in this chapter.

Security testing

If you ask 10 consultants to define what security testing is today, you are more than likely to get a

variety of responses. If we refer to Wikipedia, their definition states:

"Security testing is a process to determine that an information system protects and maintains

functionality as intended."

In my opinion, this is the most important aspect of penetration testing. Security is a process and not a

product. I would also like to add that it is a methodology and not a product.

Another component to add to our discussion is the point that security testing takes into account the

main areas of a security model; a sample of this is as follows:

Authentication

Authorization

Confidentiality

Integrity

Availability

Non-repudiation

Each one of these components has to be considered when an organization is in the process of securing

their environment. Each one of these areas in itself has many subareas that also have to be considered

when it comes to building a secure architecture. The takeaway is that when we are testing security,

we have to address each of these areas.

download

Build Your Own Security Lab

Build Your Own Security Lab

Hardware and Gear

This book is designed for those who need to better understand the functionality

of security tools. Its objective is to help you learn when and how specific tools

can help you secure your network.

You may be wondering what security is. Security typically is defined by

three core concepts: confidentiality, integrity, and availability. There is also

the question as to how much security is enough. Some might say that you can

never have enough security, yet in reality it is about balancing the value of the

asset and the cost of protection. One thing that is agreed upon about security

is the value of defense in depth. Simply stated, security controls should be

built in layers. For example, renaming the administrator account is a good

idea, but so too is restricting access to the account, as well as adding complex

passwords and performing periodic audits of the log files.

Because no two networks are the same, and because they change over time,

it is impossible to come upwith a one-size-fits-all list of hardware and software

that will do the job for you. Networks serve the enterprise that owns them.

The enterprise necessarily changes over time, too. In addition, the scale of

operation impacts security considerations. If you pursue a career as a security

consultant, your goals (and inevitably your needs) will differ if you decide

to work for a large multinational corporation (and even differ depending on

the type of industry) or if your interests lie primarily with small office/home

office (SOHO) or small business. Clearly, a whole spectrum of possibilities

exists here.

This chapter provides the first step in building your own network security

lab. You will start to examine the types of hardware and gear that you can use

to build such a test environment, and then look at the operating systems you

should consider loading on your new equipment.

download

Buffer Overflow Attacks

Buffer Overflow Attacks

Buffer Overflows:
The Essentials
3
Solutions in this Chapter:
■ The Challenge of Software Security
■ The Increase of Buffer Overflows
■ Exploits vs. Buffer Overflows
■ Definitions
Introduction
Buffer overflows. In most information technology circles these days, the term
buffer overflows has become synonymous with vulnerabilities or in some cases,
exploits. It is not only a scary word that can keep you up at night wondering if
you purchased the best firewalls, configured your new host-based intrusion prevention
system correctly, and have patched your entire environment, but can
enter the security water-cooler discussions faster than McAfee’s new wicked
anti-virus software or Symantec’s latest acquisition. Buffer overflows are proof
that the computer science, or software programming, community still does not
have an understanding (or, more importantly, firm knowledge) of how to design,
create, and implement secure code.
Like it or not, all buffer overflows are a product of poorly constructed software
programs.These programs may have multiple deficiencies such as stack
overflows, heap corruption, format string bugs, and race conditions—the first
three commonly being referred to as simply buffer overflows. Buffer overflows
can be as small as one misplaced character in a million-line program or as complex
as multiple character arrays that are inappropriately handled. Some buffer
overflows can be found in local programs such as calendar applications, calculators,
games, and Microsoft Office applications, whereas others could be resident
in remote software such as e-mail servers, FTP, DNS, and the ever-popular
Internet Web servers.
Building on the idea that hackers will tackle the link with the least amount
of resistance, it is not unheard of to think that the most popular sets of software
will garner the most identified vulnerabilities. While there is a chance that the
popular software is indeed the most buggy, another angle would be to state that
the most popular software has more prying eyes on it.
If your goal is modest and you wish to simply “talk the talk,” then reading
this first chapter should accomplish that task for you; however, if you are the
ambitious and eager type, looking ahead to the next big challenge, then we welcome
and invite you to read this chapter in the frame of mind that it written to
prepare you for a long journey.To manage expectations, we do not believe you
will be an uber-hacker or exploit writer after reading this, but you will have the
tools and knowledge afterward to read, analyze, modify, and write custom buffer
overflows with little or no assistance.
The Challenge of
Software Security
Software engineering is an extremely difficult task and of all software creationrelated
professions, software architects have quite possibly the most difficult task.
Initially, software architects were only responsible for the high-level design of
the products. More often than not this included protocol selection, third-party
component evaluation and selection, and communication medium selection.We
make no argument here that these are all valuable and necessary objectives for
any architect, but today the job is much more difficult. It requires an intimate
knowledge of operating systems, software languages, and their inherent advantages
and disadvantages in regards to different platforms. Additionally, software
architects face increasing pressure to design flexible software that is impenetrable
to wily hackers. A near impossible feat in itself.
Gartner Research has stated in multiple circumstances that software and
application-layer vulnerabilities, intrusions, and intrusion attempts are on the
rise. However, this statement and its accompanying statistics are hard to actualize
due to the small number of accurate, automated application vulnerability scanners
and intrusion detection systems. Software-based vulnerabilities, especially
those that occur over the Web are extremely difficult to identify and detect.
SQL attacks, authentication brute-forcing techniques, directory traversals, cookie
poisoning, cross-site scripting, and mere logic bug attacks when analyzed via
attack packets and system responses are shockingly similar to those of normal or
non-malicious HTTP requests.
Today, over 70 percent of attacks against a company’s
network come at the “Application layer,” not the
Network or System layer.—The Gartner Group
4 Chapter 1 • Buffer Overflows: The Essentials
Buffer Overflows: The Essentials • Chapter 1 5
As shown in Table 1.1, non-server application vulnerabilities have been on
the rise for quite some time.This table was created using data provided to us by
government-funded Mitre. Mitre has been the world leader for over five years
now in documenting and cataloging vulnerability information. SecurityFocus
(acquired by Symantec) is Mitre’s only arguable competitor in terms of housing
and cataloging vulnerability information. Each have thousands of vulnerabilities
documented and indexed. Albeit, SecurityFocus’ vulnerability documentation is
significantly better than Mitre’s.
Table 1.1 Vulnerability Metrics
Exposed
Component 2004 2003 2002 2001
Operating System 124 (15%) 163 (16%) 213 (16%) 248 (16%)
Network Protocol 6 (1%) 6 (1%) 18 (1%) 8 (1%)
Stack
Non-Server 364 (45%) 384 (38%) 267 (20%) 309 (21%)
Application
Server Application 324 (40%) 440 (44%) 771 (59%) 886 (59%)
Hardware 14 (2%) 27 (3%) 54 (4%) 43 (3%)
Communication 28 (3%) 22 (2%) 2 (0%) 9 (1%)
Protocol
Encryption Module 4 (0%) 5 (0%) 0 (0%) 6 (0%)
Other 5 (1%) 16 (2%) 27 (2%) 5 (0%)
Non-server applications include Web applications, third-party components,
client applications (such as FTP and Web clients), and all local applications that
include media players and console games. One wonders how many of these vulnerabilities
are spawned from poor architecture, design versus, or implementation.
Oracle’s Larry Ellison has made numerous statements about Oracle’s
demigod-like security features and risk-free posture, and in each case he has been
proven wrong.This was particularly true in his reference to the “vulnerabilityfree”
aspects of Oracle 8.x software which was later found to have multiple buffer
overflows, SQL injection attacks, and numerous interface security issues.The point
of the story: complete security should not be a sought-after goal.
More appropriately, we recommend taking a phased approach with several
small and achievable security-specific milestones when developing, designing,
and implementing software. It is unrealistic to say we hope that only four vulnerabilities
are found in the production-release version of the product. I would
fire any product or development manager that had set this as a team goal.The
following are more realistic and simply “better” goals.
■ To create software with no user-provided input vulnerabilities
■ To create software with no authentication bypassing vulnerabilities
■ To have the first beta release version be free of all URI-based vulnerabilities
■ To create software with no security-dependant vulnerabilities garnered
from third-party applications (part of the architect’s job is to evaluate
the security and plan for third-party components to be insecure)
Microsoft Software Is Not Bug Free
Surprise, surprise. Another Microsoft Software application has been identified
with another software vulnerability. Okay, I’m not on the “bash Microsoft”
bandwagon. All things considered, I’d say they have a grasp on security vulnerabilities
and have done an excellent job at remedying vulnerabilities before production
release. As a deep vulnerability and security researcher that has been in
the field for quite some time, I can say that it is the most –sought-after type of
vulnerability. Name recognition comes with finding Microsoft vulnerabilities for
the simple fact that numerous Microsoft products are market leading and have a
tremendous user base. Finding a vulnerability in Mike Spice CGI (yes, this is
real) that may have 100 implementations is peanuts compared to finding a hole
in Windows XP, given it has tens of millions of users.The target base has been
increased by magnitudes.
Go with the Flow…
Vulnerabilities and Remote Code Execution
The easiest way to be security famous is to find a Microsoft-critical
vulnerability that results in remote code execution. This, complemented
by a highly detailed vulnerability advisory posted to a
dozen security mailing lists, and BAM!, you’re known. The hard part
is making your name stick. Expanding on your name’s brand can be
accomplished through publications, by writing open source tools,
speaking at conferences, or just following up the information with
new critical vulnerabilities. If you find and release ten major vulnerabilities
in one year, you’ll be well on your way to becoming
famous—or should we say: infamous.
Even though it may seem that a new buffer overflow is identified and
released by Microsoft every day, this identification and release process has significantly
improved. Microsoft releases vulnerabilities once a month to ease the pain
on patching corporate America. Even with all of the new technologies that help
6 Chapter 1 • Buffer Overflows: The Essentials
automate and simplify the patching problem, it still remains a problem. Citadel’s
Hercules, Patchlink, Shavlik, or even Microsoft’s Patching Server are designed at
the push of a button to remediate vulnerabilities.
Figure 1.1 displays a typical Microsoft security bulletin that has been created
for a critical vulnerability, allowing for remote code execution. Don’t forget,
nine times out of ten, a Microsoft remote code execution vulnerability is
nothing more than a vulnerability. Later in the book, we’ll teach you not only
how to exploit buffer overflow vulnerabilities, we’ll also teach you how to find
them, thus empowering you with an extremely monetarily tied information
security skill.
Remote code execution vulnerabilities can quickly morph into automated
threats such as network-borne viruses or the better known Internet worms.The
Sasser worm, and its worm variants, turned out to be one of the most devastating
and costly worms ever released in the networked world. It proliferated via
Buffer Overflows: The Essentials • Chapter 1 7
Figure 1.1 A Typical Microsoft Security Advisor
a critical buffer overflow found in multiple Microsoft operating systems.Worms
and worm-variants are some of the most interesting code released in common
times.
Internet worms are comprised of four main components:
■ Vulnerability Scanning
■ Exploitation
■ Proliferation
■ Copying
Vulnerability scanning is utilized to find new targets (unpatched vulnerable
targets). Once a new system is correctly identified, the exploitation begins.A
remotely exploitable buffer overflow allows attackers to find and inject the
exploit code on the remote targets. Afterward, that code copies itself locally and
proliferates to new targets using the same scanning and exploitation techniques.
It’s no coincidence that once a good exploit is identified, a worm is created.
Additionally, given today’s security community, there’s a high likelihood that an
Internet worm will start proliferating immediately. Microsoft’s LSASS vulnerability
turned into one of the Internet’s most deadly, costly, and quickly proliferating
network-based automated threats in history.To make things worse,
multiple variants were created and released within days.
The following lists Sasser variants as categorized by Symantec:
■ W32.Sasser.Worm
■ W32.Sasser.B.Worm
■ W32.Sasser.C.Worm
■ W32.Sasser.D
■ W32.Sasser.E.Worm
■ W32.Sasser.G
The Increase in Buffer Overflows
Contrary to popular belief, it is nearly impossible to determine if vulnerabilities
are being identified and released at an increasing or decreasing rate. One factor
may be that it is increasingly difficult to define and document vulnerabilities.
Mitre’s CVE project lapsed in categorizing vulnerabilities for over a nine-month
stretch between the years 2003 and 2004.With this said, if you were to look at
the sample statistics provided by Mitre on the number of vulnerabilities released,
it would lead you to believe that vulnerabilities are actually decreasing. As seen
by the data in Table 1.2, it appears that the number of vulnerabilities is
decreasing by a couple hundred entries per year. Note that the Total
8 Chapter 1 • Buffer Overflows: The Essentials
Vulnerability Count is for “CVE-rated” vulnerabilities only and does not
include Mitre candidates or CANs.
Table 1.2 Mitre Categorized Vulnerabilities
2004 2003 2002 2001
Vulnerability Count 812 1007 1307 1506
Table 1.3 would lead you to believe that the total number of identified vulnerabilities,
candidates, and validated vulnerabilities is decreasing in number.The
problem with these statistics is that the data is only pulled from one governing
organization. Securityfocus.com has a different set of vulnerabilities that it has
cataloged, and it has more numbers than Mitre due to the different types (or less
enterprise class) of vulnerabilities. Additionally, it’s hard to believe that more
than 75 percent of all vulnerabilities are located in the remotely exploitable portions
of server applications. Our theory is that most attackers search for remotely

exploitable vulnerabilities that could lead to arbitrary code execution

download

Black Hat Python - Python Programming for Hackers and Pentesters

Black Hat Python - Python Programming for Hackers and Pentesters

download

Big Book of Windows Hacks

Big Book of Windows Hacks

STARTUP AND SHUTDOWN

How much do you think about the way you start up and shut

down Windows? After all, what’s to think about—push a few

buttons and you’re done, right?

Wrong. As you’ll see in this chapter, starting up and shutting down Windows is absolutely hackable.

Whether you want to be more productive or just have fun, there’s plenty to hack. Want to change the

Windows Vista and Windows XP boot screen? You can do it. Tired of waiting for your PC to start up

and shut down? You can speed it up. Want to boot into multiple operating systems, create a dualboot

Linux-Windows laptop, and customize your multiboot options? You can do that as well. In this

chapter, you’ll even learn about hardware startup hacks that show you how to tweak your BIOS.

HACK 01: Change Your Windows Vista Boot Screen

Tired of seeing the same old Windows Vista logo every time you

start Windows Vista? Here’s how you can replace it with any one

you want—for free.

Start Windows Vista. Stare at the same boring boot screen you’ve seen approximately 2,984 times.

Ho-hum. Another day of computing.

It doesn’t need to be that way. You can create your own boot screen for Windows Vista, or use a

graphic you fi nd online. And it’s easy to do.

First you’ll need to create or fi nd a graphic for your new boot screen. You’ll need two versions of the

graphic, one 1024 x 768 pixels, and one 800 x 600 pixels. They must be in 24-bit .bmp format.

If you can’t create them yourself, use Google’s image search (go to Google, then click the Images

link and do your search). In your search results, under each image, you’ll see the dimensions of the

graphic, so you’ll be able to know ahead of time whether it’s the right size (Figure 1-1). Note that if

you come across a graphic in .jpg format, you can still use it, because you can have Internet Explorer

save it as a .bmp.

You can save time by fi nding just one fi le, a 1024 x 768 pixel image. You can then use your graphics software

to make a copy of the fi le as an 800 x 600 pixel fi le, so that you’ll have two fi les, one 1024 x 768, and the

other 800 x 600 . A great tool for doing this is the free IrfanView (www.irfanview.com). When you open a fi le

in IrfanView, select Image→Resize/Resample, click 800 x 600 pixels on the right side of the screen, and click

OK. Then save the fi le with a new name, making sure not to overwrite your original fi le.

In Internet Explorer, right-click the image you want to use, select Save Picture As, and in the Save As

Type drop-down, select .bmp. Then save the fi le.

After you have both fi les, download, install, and run the free Vista Boot Logo Generator (www.

computa.co.uk/staff/dan/?p=18). Click each of the “Browse for image” buttons and select your two

graphics. You’ll see a screen like the one shown in Figure 1-2. Select File→Save Boot Screen As and

download