Home > Hacking and Penetration Testing > 2008 Open Source Penetration Testing and Security Professional CD

Contents

• Snort Intrusion Detection and Prevention Toolkit
  From IDS to IPS and Beyond|Packet Inspection for Intrusion Analysis|Installing Snort for Optimum Performance|Fine Tuning Snort for Speed|Improving Snort Performance with Barnyard|Analyzing Snort's Source Code and Inner Workings|Writing, Modifying, and Optimizing Preprocessors|Writing, Modifying, and Optimizing Rules|Mastering Output Plug-Ins, Reporting, and Log Management|Best Practices for Monitoring Sensors|Real World Attack Analysis|Active Response and Intrusion Prevention| Forensic Analysis and Incident Handling|Building a Honeynet with Snort
  
  Wireshark & Ethereal Network Protocol Analyzer Toolkit
  Introducing Network Analysis|Introducing Ethereal|Network Protocol Analyzer|Getting and Installing Ethereal|Building Ethereal from Source|Running Ethereal|Understanding Filters|Mastering Tethereal|Master MATE: The Configurable Upper Level Analysis Engine|Integrating Ethereal with Other Sniffers|Dissecting Real World Packet Captures|Coding for Ethereal|Capture File Formats|Protocol Dissectors| Reporting from Ethereal Appendix - Supported Protocols
  
  Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network
  Extending OSI to Network Security (20 pp)|Layer 1 - Physical layer (30 pp) Introduction Perimeter security Facility security Device security Identification and authentication Biometrics Attacking physical security Lock picks Wiretapping and Scanners Hardware hacking Layer 1 security project - Building a one-way data reception cable|Layer 2 - Data Link layer (40 pp) Introduction The Ethernet Frame structure Understanding MAC addressing Understanding PPP and SLIP How a protocol analyzer works Attacking the Data Link Layer Passive versus active sniffing Sniffing Wireless (Wireless basics) Wireless vulnerabilities Defending the Data Link Layer Defenses against active sniffing Detecting promiscuous devices Security in switches Layer 2 security project - Using Auditor to crack WEP|Layer 3 - Network layer (40 pp) Introduction The IP packet structure Attacking the network layer IP Attacks Fragmentation Analyzing an IPID scan The ICMP packet structure Attacking ICMP Smurf Redirects Analyzing the ARP Process Attacking ARP ARP Poisoning Defending the Network Layer Securing IP, ICMP, and ARP Layer 3 security project - Fragmenting traffic to bypass an IDS|Layer 4 - Transport layer (40 pp) Introduction The TCP packet structure Attacking TCP TCP port scanning Advanced port scanning tools Watching Amap in action Using Snort to identify a port scans The UDP datagram Attacking UDP Defending the Transport Layer Watching TLS/SSL Amap and SSL Layer 4 security project - Building a Snort system|Layer 5 - Session layer (40 pp) Introduction Attacking the Session Layer Session hijacking ettercap Observing a SYN attack Sniffing usernames and passwords during a session setup Establishing a session Lophtcrack Dsniff Using ettercap and Hunt Defending the Session Layer Port knocking Layer 5 security project - Building Snort filters to capture malicious traffic| Layer 6 - Presentation layer (40 pp) Introduction An analysis of the NetBIOS and SMB Attacking the Presentation layer NetBIOS and enumeration Sniffing Kerberos Using BurpProxy to intercept traffic Cracking weak encryption Defending the Presentation Layer Encryption Adding confidentiality and integrity with IPSec Protecting email with S-MIME Layer 6 security project - Cracking passwords and other encryption schemes|Layer 7 - Application layer (40 pp) Introduction The structure of FTP Analyzing DNS and its weaknesses Other insecure applications Attacking the Application layer Web Applications Cross site scripting DNS Spoofing and pharming Buffer Overflow attacks Using Snort to detect a buffer overflow attack Reverse engineering code Using the Exploitation Framework Metasploit Defending the Application Layer SSH PGP Vulnerability scanners Nessus Layer 7 security project - Using Nessus to secure the stack|Layer 8 -The People layer (35 pp) Introduction Attacking the People Layer Social Engineering Person to person and remote attacks Fun with Caller ID spoofing Defending the People Layer Policies, procedures, and guidelines Regulatory Requirements SOX / HIPAA / California law / PIPDA, etc. Making the case for stronger security Building a better stack Layer 8 security project - Building an orange box|Appendix A (12 pp) Risk Mitigation - Securing the Stack Tying the layers together Defense in depth
  
  Nessus, Snort & Ethereal Power Tools Customizing Open Source Security Applications
  Snort Rules|Configuration Files|Rule Headers|Rule Body|IP Options|TCP Options|ICMP Options|Rule Identifier Options|NESSUS PLUGINS and NASL|Script Structure|Description Section|Connecting Directly to Ports|String Manipulation| Regular Expressions in NASL|Protocol APIs|FTP|HTTP|NFS|Ethereal Filters|Writing Capture Filters|TCPdump|MAC Addresses|Protocols|Bitwise Operators|Writing Display Filters|Floating Point Numbers|Byte Sequences|Filter Dialogs|Part IV: Best of the Rest Appendix
  
  Host Integrity Monitoring Using Osiris and Samhain
  Fundamentals: The purpose of this chapter is to explain to the reader the importance of verifying the integrity of managed hosts, what is involved, how it fits into existing security practices, and an overview of the remaining chapters.| Understanding The Terrain In order to be effective at understanding what to monitor, and how to better interpret detected change, it is necessary to have a solid understanding of the host environments involved.|Threats: At this point, the reader is convinced that there is a need for integrity monitoring at the host level, and they understand elements of the environment enough to be useful in configuration and response.|Planning: The key to obtaining the most out of the adoption of host integrity tools is planning. Prior planning prevents piss-poor performance. It is critical that the reader understand the needs, requirements, and constraints before rushing into installing the software.|Osiris: This chapter walks the reader through the configuration, deployment, and administration of the Osiris host integrity monitoring system.|Samhain: This chapter walks the reader through the configuration, deployment, and administration of the Samhain host integrity monitoring system.|Analysis and Response: Deploying a host integrity solution is only half the battle. To be effective, administrators must plan ahead. Logging must be setup correctly. Logs must be read or analyzed in some way|Appendix A: Monitoring Linksys Devices|Appendix B: Advanced Strategies
  
  Google Hacking for Penetration Testers
  Google Search Techniques|Google Web Interface|Basic Search Techniques|Google Advanced Operators|About Google's URL Syntax|Google Hacking Techniques| Domain Searches Using the 'Site' Operator|Finding 'Googleturds' Using the 'Site' Operator|Site Mapping: More About the 'Site' Operator|Finding Directory Listings| Versioning: Obtaining the Web Server Software/Version, Via Directory Listings, Via Default Pages, Via Manuals, Help Pages and Sample Programs|Using Google to Find Interesting Files and Directories|Inurl: Searches|File Type: Combination Searches| WS_FTP.log File Searches|Using Source Code to Find Vulnerable Targets|Using Google as a CGI Scanner|About Google Automated Scanning|Other Google Stuff| Google Appliances|Googledorks|Gooscan|Goopot|Google Sets|A Word About How Google Finds Pages (OPERA)|Protecting Yourself from Google Hackers