Title Details

MICHAEL GREGG is CEO of Superior Solutions. He is the author of twenty security books, including Security+ Street Smarts, and a regular contributor to Huffington Post, SearchNetworking.com, and other periodicals. During his twenty years working in security, networking, and Internet technology, he has testified before U.S. Congress and has developed a variety of learning tools for colleges and training organizations.

Chapter 1 Building a Hardware and Software Test Platform 1

Why Build a Lab? 2

Hardware Requirements 4

Physical Hardware 5

Equipment You Already Have 6

New Equipment Purchases 7

Used Equipment Purchases 7

Online Auctions 8

Thrift Stores 9

Company Sales 10

Virtual Hardware 10

VMware 12

VirtualBox 15

Hacker Hardware 16

Software Requirements 18

Operating Systems 19

Microsoft Windows 19

Linux 20

Navigating in Linux 23

Linux Basics 25

Mac OS X 28

Software and Applications 28

Learning Applications 29

Hacking Software 31

Summary 32

Key Terms 33

Exercises 34

Equipment Checklist 34

Installing VMware Workstation 35

Exploring Linux Operating System Options 35

Using VMware to Build a Windows Image 35

Using VMware Converter to Create a Virtual Machine 36

Exploring Other Operating System Options 37

Running Kali from VMware 37

Installing Tools on Your Windows Virtual Machine 38

Chapter 2 Passive Information Gathering 39

Starting at the Source 40

Scrutinizing Key Employees 43

Dumpster Diving (Electronic) 45

Analyzing Web Page Coding 48

Exploiting Website Authentication Methods 51

Mining Job Ads and Analyzing Financial Data 53

Using Google to Mine Sensitive Information 56

Exploring Domain Ownership 57

WHOIS 59

Regional Internet Registries 61

Domain Name System 63

Identifying Web Server Software 66

Web Server Location 69

Summary 70

Key Terms 70

Exercises 72

IP Address and Domain Identifi cation 72

Information Gathering 72

Google Hacking 74

Banner Grabbing 74

Telnet 75

Netcat 75

VisualRoute 76

Chapter 3 Analyzing Network Traffic 77

Why Packet Analysis Is Important 77

How to Capture Network Traffi c 78

Promiscuous Mode 78

Hubs and Switches 79

Hubbing Out and Using Taps 79

Switches 79

Capturing Network Traffi c 82

Managed and Unmanaged Switches 83

ARP Cache Poisoning 85

Flooding 91

DHCP Redirection 92

Redirection and Interception with ICMP 94

Preventing Packet Capture 94

Dynamic Address Inspection 95

DHCP Snooping 95

Preventing VLAN Hopping 96

Detecting Packet Capture 97

Wireshark 99

Wireshark Basics 99

Filtering and Decoding Traffi c 102

Basic Data Capture—A Layer-by-Layer Review 108

Physical—Data-Link Layer 108

Network-Internet Layer 110

Transport—Host-Host Layer 111

Application Layer 115

Other Network Analysis Tools 115

Summary 118

Key Terms 118

Exercises 119

Fun with Packets 119

Packet Analysis with tcpdump 120

Packet Filters 121

Making a One-Way Data Cable 122

Chapter 4 Detecting Live Systems and Analyzing Results 125

TCP/IP Basics 125

The Network Access Layer 127

The Internet Layer 128

The Host-to-Host Layer 132

Transmission Control Protocol 132

User Datagram Protocol 134

The Application Layer 134

Detecting Live Systems with ICMP 138

ICMP—Ping 138

Traceroute 142

Port Scanning 147

TCP and UDP Port Scanning 147

Advanced Port-Scanning Techniques 151

Idle Scan 151

Analyzing Port Scans 155

Port-Scanning Tools 156

Nmap 157

SuperScan 160

Other Scanning Tools 161

OS Fingerprinting 161

Passive Fingerprinting 162

Active Fingerprinting 164

How Nmap OS Fingerprinting Works 165

Scanning Countermeasures 167

Summary 171

Key Terms 171

Exercises 172

Understanding Wireshark 172

Interpreting TCP Flags 174

Performing an ICMP Packet Decode 175

Port Scanning with Nmap 176

Traceroute 177

An Analysis of a Port Scan 178

OS Fingerprinting 179

Chapter 5 Enumerating Systems 181

Enumeration 181

Router and Firewall Enumeration 182

Router Enumeration 182

Firewall Enumeration 187

Router and Firewall Enumeration Countermeasures 191

Windows Enumeration 191

Server Message Block and Interprocess Communication 194

Enumeration and the IPC$ Share 195

Windows Enumeration Countermeasures 195

Linux/Unix Enumeration 196

Enumeration of Application Layer Protocols 197

Simple Network Management Protocol 197

SNMP Enumeration Countermeasures 200

Enumeration of Other Applications 200

Advanced Enumeration 202

SCADA Systems 202

User Agent Strings 210

Mapping the Attack Surface 213

Password Speculation and Cracking 213

Sniffi ng Password Hashes 216

Exploiting a Vulnerability 218

Protecting Passwords 221

Summary 221

Key Terms 222

Exercises 223

SNMP Enumeration 223

Enumerating Routing Protocols 225

Enumeration with DumpSec 227

Identifying User Agent Strings 227

Browser Enumeration 229

Chapter 6 Automating Encryption and Tunneling Techniques 231

Encryption 232

Secret Key Encryption 233

Data Encryption Standard 235

Triple DES 236

Advanced Encryption Standard 237

One?]Way Functions (Hashes) 237

MD Series 238

SHA 238

Public Key Encryption 238

RSA 239

Diffie?]Hellman 239

El Gamal 240

Elliptic Curve Cryptography 240

Hybrid Cryptosystems 241

Public Key Authentication 241

Public Key Infrastructure 242

Certificate Authority 242

Registration Authority 242

Certificate Revocation List 243

Digital Certificates 243

Certificate Distribution System 244

Encryption Role in Authentication 244

Password Authentication 245

Password Hashing 246

Challenge?]Response 249

Session Authentication 250

Session Cookies 250

Basic Authentication 251

Certificate?]Based Authentication 251

Tunneling Techniques to Obscure Traffi c 252

Internet Layer Tunneling 252

Transport Layer Tunneling 254

Application Layer Tunneling 256

Attacking Encryption and Authentication 259

Extracting Passwords 259

Password Cracking 260

Dictionary Attack 261

Brute?]Force Attack 261

Rainbow Table 263

Other Cryptographic Attacks 263

Summary 264

Key Terms 264

Exercises 266

CrypTool 266

Extract an E?]mail Username and Password 268

RainbowCrack 268

John the Ripper 270

Chapter 7 Automated Attack and Penetration Tools 273

Why Attack and Penetration Tools Are Important 274

Vulnerability Assessment Tools 274

Source Code Assessment Tools 275

Application Assessment Tools 276

System Assessment Tools 276

Attributes of a Good System Assessment Tool 278

Nessus 279

Automated Exploit Tools 286

Metasploit 286

Armitage 287

Metasploit Console 288

Metasploit Command?]Line Interface 289

Updating Metasploit 290

BeEF 290

Core Impact 291

CANVAS 292

Determining Which Tools to Use 292

Picking the Right Platform 292

Summary 293

Key Terms 294

Exercises 294

Exploring N?]Stalker, a Vulnerability Assessment Tool 294

Exploring Searchsploit on Kali Linux 295

Metasploit Kali 296

Chapter 8 Securing Wireless Systems 299

Wi-Fi Basics 300

Wireless Clients and NICs 301

Wireless Access Points 302

Wireless Communication Standards 302

Bluetooth Basics 304

Wi-Fi Security 305

Wired Equivalent Privacy 305

Wi-Fi Protected Access 307

802.1x Authentication 309

Wireless LAN Threats 310

Wardriving 310

NetStumbler 312

Kismet 314

Eavesdropping 314

Rogue and Unauthorized Access Points 318

Denial of Service 319

Exploiting Wireless Networks 320

Finding and Assessing the Network 320

Setting Up Airodump 321

Confi guring Aireplay 321

Deauthentication and ARP Injection 322

Capturing IVs and Cracking the WEP KEY 322

Other Wireless Attack Tools 323

Exploiting Bluetooth 324

Securing Wireless Networks 324

Defense in Depth 325

Misuse Detection 326

Summary 326

Key Terms 327

Exercises 328

Using NetStumbler 328

Using Wireshark to Capture Wireless Traffi c 329

Chapter 9 An Introduction to Malware 331

History of Malware 331

Types of Malware 334

Viruses 334

Worms 337

Logic Bombs 338

Backdoors and Trojans 338

Packers, Crypters, and Wrappers 340

Rootkits 343

Crimeware Kits 345

Botnets 347

Advanced Persistent Threats 350

Spyware and Adware 350

Common Attack Vectors 351

Social Engineering 351

Faking It! 352

Pretending through Email 352

Defenses against Malware 353

Antivirus 353

File Integrity Verifi cation 355

User Education 355

Summary 356

Key Terms 356

Exercises 357

Virus Signatures 357

Building Trojans 358

Rootkits 358

Finding Malware 362

Chapter 10 Detecting Intrusions and Analyzing Malware 365

An Overview of Intrusion Detection 365

IDS Types and Components 367

IDS Engines 368

An Overview of Snort 370

Platform Compatibility 371

Limiting Access to the IDS 371

Verification of Confi guration 372

Building Snort Rules 373

The Rule Header 374

Logging with Snort 375

Rule Options 376

Advanced Snort: Detecting Buffer Overfl ows 377

Responding to Attacks and Intrusions 379

Analyzing Malware 381

Tracking Malware to Its Source 382

Identifying Domains and Malicious Sites 382

Building a Testbed 386

Virtual and Physical Targets 386

Operating Systems 387

Network Isolation 387

Testbed Tools 388

Malware Analysis Techniques 390

Static Analysis 390

Dynamic Analysis 394

Summary 397

Key Terms 397

Exercises 398

Building a Snort Windows System 398

Analyzing Malware Communication 400

Analyzing Malware with VirusTotal 401

Chapter 11 Forensic Detection 403

Computer Forensics 404

Acquisition 405

Drive Removal and Hashing 407

Drive-Wiping 409

Logical and Physical Copies 410

Logical Copies 411

Physical Copies 411

Imaging the Drive 412

Authentication 413

Trace-Evidence Analysis 416

Browser Cache 418

Email Evidence 419

Deleted or Overwritten Files and Evidence 421

Other Trace Evidence 422

Hiding Techniques 422

Common File-Hiding Techniques 423

Advanced File-Hiding Techniques 425

Steganography 426

Detecting Steganographic Tools 429

Antiforensics 430

Summary 431

Key Terms 431

Exercises 432

Detecting Hidden Files 432

Basic File-Hiding 432

Advanced File-Hiding 433

Reading Email Headers 433

Use S-Tools to Embed and Encrypt a Message 435

Index 439