inside the man

Wednesday, December 14, 2005

SANS Hacker Techniques report - day 2

Other posts in this thread:On day two, discussion moved onto the lifecycle of a networked computer attack, and we got to use some tools! At a high level, the life cycle of an attack is:
  • Step 1: Reconnaissance
  • Step 2: Scanning
  • Step 3: Exploit Systems
  • Step 4: Keeping Access
  • Step 5: Covering the Tracks

After providing this overview, Day 2 focused on Reconnaissance and Scanning. Essentially, the course explored methods and techniques for "casing the joint" in order to identify potential targets, then probing those potential targets for promising attack vectors. There were a number of hands on exercises that you carried out on your own isolated laptop using Linux and Windows on your own laptop. You could either setup your laptop to dual boot, or use a provided VMWare Linux image with a 30 day demo of VMWare Workstation.

While the material did not cover a great deal of new ground for me, it is fundamental material that all infosec practitioners, and many other IT professionals, need to know. On the down side, it would have been more interesting to try out these recon and scanning tools on a private LAN instead of just on your own host. Overall, it was a good day. I wonder how many of my classmates returned their NetBIOS and Media Sense settings to their pre-enum exercise state? I know I did.

Summary
  • Day: Day 2
  • Topics: Trends, Ethics, Attack life cycle, Reconnaissance, Scanning
  • Tools: whois, DNS, Google, SiteDigger, Sensepost, Sam Spade, THC-Scan, NetStumbler*, Wellenreiter, Hospotter, ASLEAP, Cheops-ng, traceroute, nmap*, IP Personality, tcpdump*, P0F2, Firewalk, FragRouter, FragRoute, Nessus*, SATAN, Nikto, Whisker, the Windows net command*, enum*
  • Overall value: 4 out of 5
  • Coolness: 3 out of 5

* Starred items were part of hands on exercises.

1 comment:

Anonymous said...

Getting older seems to make finding our "roots" more important. But where to start? Here you'll find a list of 15 resources to get you started on your family tree adventure Laptops.

About Me

My photo
Edmonton, Alberta, Canada
Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.

CC Developing Nations
This work is licensed under a Creative Commons Developing Nations license.

Site Meter