Fri_Jan_17
Refs: 1. Book: Security Power Tools
2. http://blog.csdn.net/magod/article/details/6171633
Chap 1: Law Issue
chap 2: Net Scan
1. imap -> Internet Message Access Protocol
2. TCP / UDP scanning
TCP [6 types]: SYN, ACK, PSH, URG, FIN, RST
UDP [2 types]: empty scan, portocol data scan
3. Three Tools:
1. Nmap: *****
2. Unicornscan: ***
3. Scanrand: ***
4. Ports to Scan: e.g. 80 HTTP, 21 FTP.
5. Target: e.g. 192.175.1.20, 192.15-42.42.1,35,42
6. IDS -> Intrusion Detection System
IPS -> Intrusion Prevention system
7. finger print => the running apps listenning on that port
8. os scan
9. idle scan
chap 3: Hole Scan
1. Nessus: *****
2. WebInspect: *** [only for Windows]
1. Tools:
1. HTTP Editor
2. SPI Proxy
3. SQL Injector
4. SPI Fuzzer
chap 4: LAN Searching
1. map the ethernet
2. Tools:
1. Ettercap
2. Arpspoof
3. p0f
4. tcpdump
5. dsniff
3. ARP poisoning
4. mocof -> MAC Overflow
5. Bridged Sniffing
chap 5: Wireless Searching
1. Wardialing
2. Wardriving
3. 802.11 Newwork Essentials:
1. Types: Infrastructure, Ad hoc
2. BSSID, ESSID, SSID: SSID -> Service Set Identifier
3. frame: 数据帧、控制帧、管理帧(Beacon, Probe Request, Probe Response, Disassociation and Deauthentication...)
4. Tools:
1. Netstumbler: [for windows]
2. Kismet: [bonus: gpsd supported Kismet GPS]
1. Track Loc
2. Build Map
3. Wireshark: *****
4. AirDefense Mobile
5. AirMagnet
6. Airopeek
7. KisMac
chap 6: Create Packet
1. Why? -- For testing, etc.
2. e.g.: Ping of Death
[On Win 95]: >>ping -l <A_BIG_NUM> <TARGET>
3. Tools:
1. hping, hping2, tcl
2. Scapy: *****
3.
4. QoS -> Quality of Service
5. ICMP -> Internet Control Management Protocol
6. NAT -> Network Address Translation
7. Firewall <--> Firewalking
chap 7: Metasploit
1. Tools:
1. Metasploit
2. Meterpreter
2. NOP -> [?]: NOP generator
chap 8: Wirelss Penetration
1. Airtap
2. WEP -> Wireless Equivalent Privacy
=> TKIP -> Temporal Key Integrity Protocol
3. WPA -> Wifi Protected Access [WPA-v1]
4. WPA2 -> WPA [?]
5. WPA-PSK -> WPA PreSharedKey
6. Tools:
1. Aircrack: *****
FMS(3 names) Attack, KoreK Attack
Aircrack-ng = aircrack-ng +
airdecap-ng +
airmon-ng +
aireplay-ng +
airodump-ng +
some other tools;
2. Airpwn
3. Karma
chap 9: Penetration Framework App:
1. For faster tapping, for easier to use
2. Tools:
1. Core Impact
2. Canvas
3. Metasploit
4. Security Forest [ Open Source ]
chap 10: D.I.Y
chap 11: Backdoor
VNC, BO2k...
chap 12: Rootkit
NAT -> Natwork Address Translation
Inner: 192.168.x.x; 172.16,32.x.x; 10.x.x.x(this 3 ranges of IPs are special reserved for inner net)
chap 13: Host Harden
chap 14:
chap 15: Communication Safety
1. Telnet -> rsh(remote shell) -> rlogin(remote login)
=> SSH(Secure Shell):
1. RSA, DSA; AES, Blowfish, 3DES, CAST128 => encraption(asym,sym)
2. MD5, SHA => check integrity
3. Gzip => compression
2. SSH on Windows:
1. Cygwin
2. PuTTY
3. WinSCP
4. SecureCRT
chap 16: Email Safety and Anti Spam
1. Norton(by Symantec.cop)
2. ...
chap 17: Dev Safety Test
1. Tcpreply
2. Traffic IQ Pro
chap 18: Packet Capture
1. tcpdump
2. BPF filtering [?] [Berkeley Packet Filter] or [Band-pass Filter]
3. Ethereal / Wireshark
4. TShark
5.
chap 19: Network Monitor
1. NIDS -> Network Intrusion Detection Sensors
2. Snort
1. Three modes:
1. NIDS
2. NIPS ('P' stands for "Prevention")
3. Packet Sniff
2. ...
3. HoneyPot
4. honeyd as "tar pit"
chap 20: Host Monitoring
1. hash integrity: --> avalanche effect
2. most popular hash function: SHA-1 & MD5
chap 21: Forensic Tools
1. Netstat
2. Forensic Tookit
3. Sysinternal
4. RootkitRevealer: to find Revealer
5. TCPVIew: like "gNetstat"
6. Process Explorer
chap 22: Process Fuzzing
1. Flipper: bit flipper
2. Spike: fuzzing framework
3. Spike API
4.
chap 23: Bit Tracks
1. Interactive Disassembler
2. Sysinternals
3. OllyDbg