Buffer Overflow

Buffer Overflow Put more data than defined in a buffer to access other part of the memory that will be run later. Attacker can add commands for his benefit. Stack – Got access to the OS Heap – Got access to the memory of the application Susceptible C functions: strcat, strcpy, sprintf, vspintf, bcopy, gets,… Read More »

Wireshark

Promiscuous mode – when the network card captures the traffic that receives, although the device is not the destination. Not all the wireless adapters allow promiscuous mode. Monitor mode is not promiscuous mode. WinPcap – Open source library for packet capture Wireshark – Application for sniffint and represent packets Passive sniffing – using hub, tap, span Active sniffing… Read More »

Social Engineering

Social Engineering Use influence and persuasion to deceive people to obtain information or perform some action. Techniques: Build trust relationship Get information piece by piece, and obtain it from different sources, so individually they are not aware of the information they are providing Use qualities on human nature: desire to be helpful, tendency to trust… Read More »

Malware

General terms: Bot / Zombie – Machine under the control of the attacker Backdoor – A way to access into the system without the owner knows Malware components: Insertion – getting on the computer Avoidance – hide Eradication – cover tracks Propagation – replication Trigger – initiation of payload Payload – what is delivered, malicious actions Types… Read More »

Reconnaissance – Footprinting & Network Scan

Footprinting Data Gathering Locations Contacts – Name, email, phone, address Hosting locations Public servers – Types, IPs, Domains DNS information – Authoritative DNS – A, CERT, HINFO, MX, NS Path to the destination, with router names Active machines, open ports, operating systems, services Map the network, access points Sources: Whois domains and IPs, reverse whois Nslookup… Read More »

Cisco Wireless

Compatibility Matrix Deployment modes: Converged access Centralized (or local) FlexConnect     Converged Access Converged Access requires a WLC 5760 / 5508 + 3850 Catalyst switches or a combination of 3850 switches Converged access components: Mobility Controller – Mobility management tasks and systemwide coordination tasks. Mobility Agent – keeps the wireless client database and handle authentication. Provides access point connectivity and CAPWAP… Read More »

Security Concepts

Basic concepts Threat – An action or event that might reduce security Threat Agent – A person who takes inappropriate action Vulnerability – A weakness, design flaw or implementation error Attack – An assault on a system Exploit – A defined way to take advantage of a vulnerability Hacker – a person who enjoys learning the… Read More »

Cisco GET VPN

This is a Cisco proprietary technology used for encrypting data across networks that require full mesh connectivity. Traditional VPN topologies are hub and spoke. Components: Key server – Centrally manages encryption keys. Not part of the encryption. Dedicated router. Group Member – Routers that will encrypt the data GDOI protocol – Group Domain of Interpretation. Modified version of… Read More »

Cisco ISE

Basic Concepts Policy Administration – Policy Decission – ISE (Identity Services Engine) Policy Enforcement – Network Access Devices – Switches, Wireless, Routers Policy Information – NAC Agent, NAC Web Agent, 802.1X Supplicant (AnyConnect) Authentication Methods: 802.1x (NAC Agent, 802.1x supplicant) MAC Authentication bypass (MAB) – Database of the MAC Address of the devices that don’t… Read More »