Routing Protocols Distance-Vector Protocols: RIPv1, RIPv2, IGRP, EIGRP Based on Bellman–Ford algorithm, Ford–Fulkerson algorithm or DUAL FSM A node inform to the neighbors about the topology changes. Each node doesn’t have knowledge of the entire path to a destination. They know about the direction and the distance to its destination. Less computational complexity and message overhead. Best route… Read More »


  Hash Algorithm Message Digest – MD2, MD4, MD5 Secure Hash Algorithm – SHA-1, SHA-256. SHA-384, SHA-512 When hashing the passwords for storage or transfer, avoid the use of the rainbow tables using a salt. Diffie-Hellman Key management protocol   Asymmetric Confidentiality – Use the public key of the target. The target will use the… Read More »

Buffer Overflow

Buffer Overflow Put more data than defined in a buffer to access other part of the memory that will be run later. Attacker can add commands for his benefit. Stack – Got access to the OS Heap – Got access to the memory of the application Susceptible C functions: strcat, strcpy, sprintf, vspintf, bcopy, gets,… Read More »


Promiscuous mode – when the network card captures the traffic that receives, although the device is not the destination. Not all the wireless adapters allow promiscuous mode. Monitor mode is not promiscuous mode. WinPcap – Open source library for packet capture Wireshark – Application for sniffint and represent packets Passive sniffing – using hub, tap, span Active sniffing… Read More »

Social Engineering

Social Engineering Use influence and persuasion to deceive people to obtain information or perform some action. Techniques: Build trust relationship Get information piece by piece, and obtain it from different sources, so individually they are not aware of the information they are providing Use qualities on human nature: desire to be helpful, tendency to trust… Read More »


General terms: Bot / Zombie – Machine under the control of the attacker Backdoor – A way to access into the system without the owner knows Malware components: Insertion – getting on the computer Avoidance – hide Eradication – cover tracks Propagation – replication Trigger – initiation of payload Payload – what is delivered, malicious actions Types… Read More »

Reconnaissance – Footprinting & Network Scan

Footprinting Data Gathering Locations Contacts – Name, email, phone, address Hosting locations Public servers – Types, IPs, Domains DNS information – Authoritative DNS – A, CERT, HINFO, MX, NS Path to the destination, with router names Active machines, open ports, operating systems, services Map the network, access points Sources: Whois domains and IPs, reverse whois Nslookup… Read More »

Cisco Wireless

Compatibility Matrix Deployment modes: Converged access Centralized (or local) FlexConnect     Converged Access Converged Access requires a WLC 5760 / 5508 + 3850 Catalyst switches or a combination of 3850 switches Converged access components: Mobility Controller – Mobility management tasks and systemwide coordination tasks. Mobility Agent – keeps the wireless client database and handle authentication. Provides access point connectivity and CAPWAP… Read More »

Security Concepts

Basic concepts Threat – An action or event that might reduce security Threat Agent – A person who takes inappropriate action Vulnerability – A weakness, design flaw or implementation error Attack – An assault on a system Exploit – A defined way to take advantage of a vulnerability Hacker – a person who enjoys learning the… Read More »