Scribd Logo
Upload

Welcome to Scribd!

  • SANS Gsna 2010

    Uploaded by

    Habibullah Ahmad
    89 views8 pages

    Original Title

    SANS-gsna-2010

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    89 views8 pages

    SANS Gsna 2010

    Uploaded by

    Habibullah Ahmad

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Subtitles war dailing wardailing toos thc scan phonetag Modemscan rasusers tba microsoft hyperterminal phonesweep sandtrap

    procomm plus thcscan modem mitigation risks wireless - intro Eap authentication wep leap eap -fast wpa & wpa2 tkip Mic CCMP nessus - AP Wireless find_ap.nasl netstumbler inSSIDer KISMET wicrawl Aicrack Wep Crack Airsnort Asleap wifiscanner wellenreiter fake Ap coWPatty BTScanner Mognet OSWA-Assistant, Bactrack Wireless - wicrawl Wireless - Aicrack Wireless - Wep Crack Wireless - Airsnort Wireless - Asleap Wireless - wifiscanner Wireless - wellenreiter Wireless - fake Ap Wireless - coWPatty Wireless - BTScanner Wireless - Mognet Wireless - OSWA-Assistant, Bactrack Network mapping 7 Ps network mapping nmap nmap commands nmap scan types ndiff scanpbnj outputPBNJ best practices mail VRFY EXPN whois DNS split DNS split split DNS DNS advertisers DNS advertisiers DNS Resolvers DNS restrictions DNS tools Sam spade, dig, nslookup, nessus

    Page 5 8 8 8 8 8 8 8 8 8 8 9 11 14 15 17 16 16 17 17 19 19 24 24 26 27 28 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 36 36 41 44 46 50 52 55 58 60 60 60 66 67 69 71 71 71 71 73 75

    Book 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3

    SSh VOIP H.323 Voip tool ntop, wireshark, etherape switches Vlans VTP vlan attacks port security vlan trunking lockdown BPDU guard Root guard Spoofing NAC NAP Yersinia Vulnerability scanners Nessus nessus scan options nessus advance settings nessus adance false positives vulnerability audit methodology top 20 vulnerabilities list of vulnerabilities technical validation dmz internal maps malware SQL 101 Select where data manipulation update insert into delete order SQL permission SQL injection securing database Listner tnslsnr oracle authentication SQL authentication Roles - SQL Profiles - SQL Privileges - SQL default accounts - database password database checkpwd backup - database links - database database tools scuba oscanner ngssquirrel appDetective SQL server tables oracle tables mySQL tables audit preperation research border router interior router Backbone router process passowrd policy user management path updates standardized change control backups config files for cisco router startup-config

    77 82 82 84 88 89 90 93 99 102 103 103 104 106 106 107 110 112 119 122 123 125 133 138 139 142 149 155 159 166 168 169 170 170 170 170 171 172 173 177 178 178 180 182 184 185 186 189 190 190 192 194 199 199 199 199 199 206 209 216 8 9 12 12 12 13 13 13 13 13 13 13 17 17

    3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2

    running-config static packet filtering stateful filtering static vs stateful ACLs Router ACL formats wildcard Extended Acl reflexsive filters named access list reflexsive ACLs stateful filtering packet filter accessing routers, local, remote, ssh, telnet auditing router - access no exec - router transport input - router authentication - router aaa new model authentication login assess/ methods - routers, en, krb5,etc snmp snmpv3 finger identd http - router disabled banners - routers password cisco type 5 and 7 AAA accounting NTP router logging - router unneccesary services - router bootp cdp small tcp and udp services config services tftp services - router Tcp keep alives - router routing protection proxy ARP directed braodcast source routing ICMP redirects ICM unreachables ingress filtering reserved IP address egress filtering unicast reverse path forwarding standard ingress ACL RAT ncat - RAT snarf nipper password - nipper firewall vs router packet filter - fw stateful inspection - fw proxy / application gw - fw deep packet inspection - fw NAT - fw logical diagram - fw single fw border router Dual inline fw DIF - fw fw / vpn fw vpn and border router web application firewall - WAF fw functionality seperation FW appliances VS OS rulebase fw FW default deny nipper rulebase review rulebase fw validation fw basic test fw test - others FW tools hping, nemesis, nmap, nessus, wshark, windump

    17 18 19 20 21 22 23 24 26 27 28 30 31 34 35 35 36 36 37 38 41 42 43 43 43 44 45 46 48 49 51 51 51 51 52 52 52 54 54 54 54 55 55 56 56 58 61 62 70 70 70 76 80 88 90 90 90 90 91 99 104 105 106 107 108 111 110 116 120 123 124 126 128 129 130

    2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

    Nmap / Hping - FW Hping commands nemesis wireshark wireshark filters tshark tcpdump /windump ngrep hping scans sample source routing code log review fw IDS fragrouter IDS / IPS audit GHDB Input validation sanitization error checking error handling session mgmt session ID complete mediation multi tier solution presentation multi tier solution application multi tier solution persistent multi tier solution HTML HTTP Web Forms GET / POST POST HTTP Method / REST REST GET Details POST Details Cookies Cookie flow persistent cookies non persistent cookies SSL AJAX CSS casacading style sheet OWASP Web Scarab BURP Directory Indexing headers easter eggs robots.txt lazy configurations wikto fuzzers automated caveat authentication authentication HTTP Basic authentication form based authentication client side certificates authentication NTLM NTLM single sign on username harvesting brute force password brutus Hydra j-baah burp Suite crowbar Session session tracking session ID URL rewriting cookies - session tracking cookies half baked cookies detection

    132 133 135 137 138 139 139 141 142 143 147 149 150 153 8 10 11 12 12 13 13 14 15 15 15 15 19 23 25 26 26 27 27 28 31 32 34 35 35 36 37 38 40 41 43 49 50 51 54 55 64 67 66 71 72 73 74 75 75 57 77 81 83 86 86 86 86 91 91 93 95 96 97 98

    2 2 2 2 2 2 2 2 2 2 2 2 2 2 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4

    basic authentication http basic authentication Session tracking session ID get vs post get data GET data problems GET Exposed get - server logs unexpected input alternate choice webmaven paros spike proxy burp intruder whitelisting 125 user input recommendation sensitive output hidden content HTML, Javascirpt encryption SSL - strength TLS - strength ssldigger openssl mixed frames mixed frames - SSL caching anti caching XSS cross site scripting SQL injection XSS = no santization CSRF cross site request fogery WMIC Reporting WMIC Scripting - windows Variables Scripting - windows .@ SCRIPting- windows echo scripting %0-%9 scripting IF scripting error level script labels and control scripting EXIT script Notice No Set variable % Iteration scripts FOR /D /R/ F /L scripts windows tool psinfo wmic Patch windows patch types QFE fixes WSUS SERVICES services checks - MMC psservice wmic PORT REPORTER PR Parser MMC psservice / sc sc tasklist wmic user / groups Windows oprhaned user account Dsquery Adfind buiil in acc microsoft dumpsec Somarsoft group membership IUSR IWAM

    99 100 105 105 115 117 117 118 120 122 122 123 124 124 124 125 125 126 127 128 128 128 129 129 131 132 135 135 143 143 136 144 147 147 11 15 21 24 25 25 26 27 29 30 33 33 33 34 34 41 43 44 46 48 48 53 56 58 59 59 61 62 62 63 64 69 71 72 72 75 77 79 75 75

    4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5

    schema admins net group showmbrs showusr findgrp LAN Manager LM ntLMV2 PASSWORD SAM SYSKEY noLMHASH bitlocker password attack / hack hybrid password attack rainnbowcrack lc6 data - windows bitlocker bypass rights and permission inherit AGULP dumpsec - user rights NTFS permission permission DACL cacls xcacls perms Dumpsec - permission special group interactive / network creator/owner share permission sharenum fie intergerity wininterrograte regshot SUID SGID null sessions SMB pagefile everyoneincludesanonymus security configuration and analysis tool SCA SCA secedit group policy GPO computer policy user policy HKEY_local_machine hkey_current_User GPMC Rsop MBSA scanner - microsoft event viewer log files audit policy tool logon events audit process tracking audit system events log managemnet log audit collection services ACS eventcomboMT DAD Lassie aggregator DAD fc.exe /node Dsquery collecting computer names wmic ilterate computer names server unix checklist

    79 80 80 80 80 85 85 85 85 85 85 86 87 89 90 90 96 98 99 100 100 102 103 103 103 104 104 104 105 106 106 107 108 109 109 109 114 114 114 115 115 115 116 116 121 122 123 123 123 123 123 125 125 129 128 132 133 135 136 137 137 143 145 146 146 146 147 147 148 156 160 162 163 7

    5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 6

    scripting unix bash variables echo if /then [ test Test - Script Unix Inputs - scripts unix grep egrep wildcard metacharacters REGEX cut col sed awk LRK5 CD Live knoppix Helix script uname mount fdisk -l free patchdiag up2date netstat lsof inetd xinetd xinetd.conf /etc/rc.d startup osx startup lauchctl list ps -aux /etc/sysctl.conf tcp wrappers boot time security lilo grub hot keys ca ctrlaltdel securetty limit remote access passwd shadow /etc/default/useradd John the Ripper - TOOL find SUID touch lsof +L1 Finding Hidden disk space proc file intergerity tripwire tripwire policy RPM for file intergerity pkginfo NFS / RPC - Unix rpcinfo -p ps | grep exportfs login banners COPS Tiger TARA unix logs messages logs secure logs utmp - current user who

    9 10 11 12 14 15 16 19 23 23 24 25 24 31 31 32 33 38 46 45 45 52 56 57 58 59 60 60 62 64 66 66 68 70 71 72 72 73 75 77 81 82 82 84 84 85 85 86 87 88 89 92 93 94 95 95 96 99 100 105 110 111 113 115 115 114 117 120 120 120 125 126 127 128 128

    6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6

    wtmp last btmp lastb bastille nfstrace chktmp chklastlog unix auditng tools cron Unix file permission ls chmod cat more // less / tail apropos RPC NFS CDE Objective auditing scope Objective auditing control audit exception remediation Mitigation root cause baselines time base security tbs CoBIT checklist policy procedure audit Hoelzer Law threats internal threat intentional threat accidental threat cooperative threat elevator statement wardialer pc anywhere time base security defense in depth TBS formula TBS formula sample TBS analysis tbs EXPOSURE tbs quantifiable analysis tbs exposure controls and standard identify standard risk assesstmnet root cause event tree fault tree critical event CCA risk assesstmnet 6 step process audit planning entrance conference

    130 131 132 132 136 137 138 138 139 141 158 159 157 160 161 162 166 170 175 10 13 17 19 20 21 22 23 26 29 29 31 34 36 39 44 45 45 45 55 55 61 62 74 76 79 81 85 85 96 100 105 108 109 111 113 119 120 122 124 132 133 140

    6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

    You might also like