These notes on information security vulnerabilities are based on the
“Danger, Will Robinson, Danger” —robot in movie "Lost In Space"
Hackers congregate on the AntiCode site and Blackhat Conferences.
The Customers of Hackers
1. Outside Reconnaissance Probing
2. Penetration - Inside Reconnaissance
3. Escalate Priviledge - Gain Foothold and Pillage
4. Expand Influence - Exploit and Cleanup to cover tracks
Network Reconnaissance of the footprint of the target system:
Network enumeration - listing domain names and networks related to an organization from:
Telecom devices (such as PhoneSweep) programmatically dial large banks of phone numbers, log valid data connections, attempt to identify the system on the other end of the phone, and optionally attempt logon by guessing common usernames and passphrases.
DNS Interrogation - If zone transfers are enabled over a network, a hacker can intercept it.
OS and Service Detection - Use NMAP from Phrack to determine what OS and services are active on a subnet.
IP stack signatures reveal the vendors, each with their own vulnerabilities (exploitable bugs).
The LSA secrets hack exploits reg key HKLM\Security\policy\secrets which stores cached credentials, web/ftp passwords, and the machine account password as well as service accts. References include http://razor.bindview.com/tools/desc/lsadump2_readme.html and HEW2K Stealing Passwords from Microsoft Operating Systems by Marcus H. Sachs March 14, 2001
Use techniques which do not harm target machines.
Identify which machine names are alive with a ping sweep.
Identify which services are available on each machine using a UDP/TCP port scan/strobe.
Look for CGI scripts by walking through and capturing web pages.
DNS zone transfer
Identify which machines have NetBIOS vulnerabilities. Traditionally, attacks against Windows 2000 have been against the SMB service. More recently, is through IIS web service, installed by default.
vulnerability AdvisoriesCERT from the Software Engineering Institute at the Carnegie Mellon University.
NIST Security Guidelines
BugNet and BugTraq report bugs and fixes.
NIPC (National Infrastructure Protection Center) setup mid 1998 by the FBI, publisher of
Penetration Test ToolsTalisker's Network Security Tools is a very complete list. OpenSource security tools eg. nmap, snort
ZDNet article: Denial-of-Service Attacks
BooksComputer Security Basics (O'Reilly) by by Deborah Russell and G. T. Gangemi is a good introduction.
Windows 2000 Security Little Black Book by Ian McLean Coriolis ISBN 1576103870
Subscribe to the free Information Security magazine bi-weekly eletter.
Network Magazine offers occassional articles about infosec.
WebWasher is a local proxy to IE filters webbugs.
Book recommendation: The Blue Nowhere, a fast-paced cat-and-mouse detective novel that combines the tactics of crackers and homicide detectives against a wizard cracker turned murder. Lots of twists and turns. It's more believable than previous hacker video movies: War Games, Hackers, Sneakers.
Figleaf offers security classes on Cold Fusion
Cryptography and Network Security by William Stallings.
Secret access code to the computer controls of the U.S. nuclear-tipped missile arsenal between 1968 and 1976 : 00000000 [Center for Defense Information (Washington)] — Harpers Index
Your first name:
Your family name:
Your location (city, country):
Your Email address:
Top of Page