Security Power Tools
Security Power Tools By Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
August 2007
Pages: 856

| Table of Contents | Index | Sample Chapter | Colophon

Table of Contents

  1. Legal and Ethics

    1. Chapter 1 Legal and Ethics Issues

      1. Core Issues
      2. Computer Trespass Laws: No "Hacking" Allowed
      3. Reverse Engineering
      4. Vulnerability Reporting
      5. What to Do from Now On

  2. Reconnaissance

    1. Chapter 2 Network Scanning

      1. How Scanners Work
      2. Superuser Privileges
      3. Three Network Scanners to Consider
      4. Host Discovery
      5. Port Scanning
      6. Specifying Custom Ports
      7. Specifying Targets to Scan
      8. Different Scan Types
      9. Tuning the Scan Speed
      10. Application Fingerprinting
      11. Operating System Detection
      12. Saving Nmap Output
      13. Resuming Nmap Scans
      14. Avoiding Detection
      15. Conclusion

    2. Chapter 3 Vulnerability Scanning

      1. Nessus
      2. Nikto
      3. WebInspect

    3. Chapter 4 LAN Reconnaissance

      1. Mapping the LAN
      2. Using ettercap and arpspoof on a Switched Network
      3. Dealing with Static ARP Tables
      4. Getting Information from the LAN
      5. Manipulating Packet Data

    4. Chapter 5 Wireless Reconnaissance

      1. Get the Right Wardriving Gear
      2. 802.11 Network Basics
      3. 802.11 Frames
      4. How Wireless Discovery Tools Work
      5. Netstumbler
      6. Kismet at a Glance
      7. Using Kismet
      8. Sorting the Kismet Network List
      9. Using Network Groups with Kismet
      10. Using Kismet to Find Networks by Probe Requests
      11. Kismet GPS Support Using gpsd
      12. Looking Closer at Traffic with Kismet
      13. Capturing Packets and Decrypting Traffic with Kismet
      14. Wireshark at a Glance
      15. Using Wireshark
      16. AirDefense Mobile I was a founding employee of AirDefense, Inc. I wrote a considerable portion of AirDefense Mobile's core engine, and while I no longer work for AirDefense, Inc., I remain a shareholder.
      17. AirMagnet Analyzers
      18. Other Wardriving Tools

    5. Chapter 6 Custom Packet Generation

      1. Why Create Custom Packets?
      2. Scapy
      3. Packet-Crafting Examples with Scapy
      4. Packet Mangling with Netfilter
      5. References

  3. Legal and Ethics

    1. Chapter 7 Metasploit

      1. Metasploit Interfaces
      2. Updating Metasploit
      3. Choosing an Exploit
      4. Choosing a Payload
      5. Setting Options
      6. Running an Exploit
      7. Managing Sessions and Jobs
      8. The Meterpreter
      9. Security Device Evasion
      10. Sample Evasion Output
      11. Evasion Using NOPs and Encoders
      12. In Conclusion

    2. Chapter 8 Wireless Penetration

      1. WEP and WPA Encryption
      2. Aircrack
      3. Installing Aircrack-ng
      4. Running Aircrack-ng
      5. Airpwn
      6. Basic Airpwn Usage
      7. Airpwn Configuration Files
      8. Using Airpwn on WEP-Encrypted Networks
      9. Scripting with Airpwn
      10. Karma
      11. Conclusion

    3. Chapter 9 Exploitation Framework Applications

      1. Task Overview
      2. Core Impact Overview
      3. Network Reconnaissance with Core Impact
      4. Core Impact Exploit Search Engine
      5. Running an Exploit
      6. Running Macros
      7. Bouncing Off an Installed Agent
      8. Enabling an Agent to Survive a Reboot
      9. Mass Scale Exploitation
      10. Writing Modules for Core Impact
      11. The Canvas Exploit Framework
      12. Porting Exploits Within Canvas
      13. Using Canvas from the Command Line
      14. Digging Deeper with Canvas
      15. Advanced Exploitation with MOSDEF
      16. Writing Exploits for Canvas
      17. Exploiting Alternative Tools

    4. Chapter 10 Custom Exploitation

      1. Understanding Vulnerabilities
      2. Analyzing Shellcode
      3. Testing Shellcode
      4. Creating Shellcode
      5. Disguising Shellcode
      6. Execution Flow Hijacking
      7. References

  4. Control

    1. Chapter 11 Backdoors

      1. Choosing a Backdoor
      2. VNC
      3. Creating and Packaging a VNC Backdoor
      4. Connecting to and Removing the VNC Backdoor
      5. Back Orifice 2000
      6. Configuring a BO2k Server
      7. Configuring a BO2k Client
      8. Adding New Servers to the BO2k Workspace
      9. Using the BO2k Backdoor
      10. BO2k Powertools
      11. Encryption for BO2k Communications
      12. Concealing the BO2k Protocol
      13. Removing BO2k
      14. A Few Unix Backdoors

    2. Chapter 12 Rootkits

      1. Windows Rootkit: Hacker Defender
      2. Linux Rootkit: Adore-ng
      3. Detecting Rootkits Techniques
      4. Windows Rootkit Detectors
      5. Linux Rootkit Detectors
      6. Cleaning an Infected System
      7. The Future of Rootkits

  5. Defense

    1. Chapter 13 Proactive Defense: Firewalls

      1. Firewall Basics
      2. Network Address Translation
      3. Securing BSD Systems with ipfw/natd
      4. Securing GNU/Linux Systems with netfilter/iptables
      5. Securing Windows Systems with Windows Firewall/Internet Connection Sharing
      6. Verifying Your Coverage

    2. Chapter 14 Host Hardening

      1. Controlling Services
      2. Turning Off What You Do Not Need
      3. Limiting Access
      4. Limiting Damage
      5. Bastille Linux
      6. SELinux
      7. Password Cracking
      8. Chrooting
      9. Sandboxing with OS Virtualization

    3. Chapter 15 Securing Communications

      1. The SSH-2 Protocol
      2. SSH Configuration
      3. SSH Authentication
      4. SSH Shortcomings
      5. SSH Troubleshooting
      6. Remote File Access with SSH
      7. SSH Advanced Use
      8. Using SSH Under Windows
      9. File and Email Signing and Encryption
      10. GPG
      11. Create Your GPG Keys
      12. Encryption and Signature with GPG
      13. PGP Versus GPG Compatibility
      14. Encryption and Signature with S/MIME
      15. Stunnel
      16. Disk Encryption
      17. Windows Filesystem Encryption with PGP Disk
      18. Linux Filesystem Encryption with LUKS
      19. Conclusion

    4. Chapter 16 Email Security and Anti-Spam

      1. Norton Antivirus
      2. The ClamAV Project
      3. ClamWin
      4. Freshclam
      5. Clamscan
      6. clamd and clamdscan
      7. ClamAV Virus Signatures
      8. Procmail
      9. Basic Procmail Rules
      10. Advanced Procmail Rules
      11. ClamAV with Procmail
      12. Unsolicited Email
      13. Spam Filtering with Bayesian Filters
      14. SpamAssassin
      15. SpamAssassin Rules
      16. Plug-ins for SpamAssassin
      17. SpamAssassin with Procmail
      18. Anti-Phishing Tools
      19. Conclusion

    5. Chapter 17 Device Security Testing

      1. Replay Traffic with Tcpreplay
      2. Traffic IQ Pro
      3. ISIC Suite
      4. Protos

  6. Monitoring

    1. Chapter 18 Network Capture

      1. tcpdump
      2. Ethereal/Wireshark
      3. pcap Utilities: tcpflow and Netdude
      4. Python/Scapy Script Fixes Checksums
      5. Conclusion

    2. Chapter 19 Network Monitoring

      1. Snort
      2. Implementing Snort
      3. Honeypot Monitoring
      4. Gluing the Stuff Together

    3. Chapter 20 Host Monitoring

      1. Using File Integrity Checkers
      2. File Integrity Hashing
      3. The Do-It-Yourself Way with rpmverify
      4. Comparing File Integrity Checkers
      5. Prepping the Environment for Samhain and Tripwire
      6. Database Initialization with Samhain and Tripwire
      7. Securing the Baseline Storage with Samhain and Tripwire
      8. Running Filesystem Checks with Samhain and Tripwire
      9. Managing File Changes and Updating Storage Database with Samhain and Tripwire
      10. Recognizing Malicious Activity with Samhain and Tripwire
      11. Log Monitoring with Logwatch
      12. Improving Logwatch's Filters
      13. Host Monitoring in Large Environments with Prelude-IDS
      14. Conclusion

  7. Discovery

    1. Chapter 21 Forensics

      1. Netstat
      2. The Forensic ToolKit
      3. Sysinternals

    2. Chapter 22 Application Fuzzing

      1. Which Fuzzer to Use
      2. Different Types of Fuzzers for Different Tasks
      3. Writing a Fuzzer with Spike
      4. The Spike API
      5. File-Fuzzing Apps
      6. Fuzzing Web Applications
      7. Configuring WebProxy
      8. Automatic Fuzzing with WebInspect
      9. Next-Generation Fuzzing
      10. Fuzzing or Not Fuzzing

    3. Chapter 23 Binary Reverse Engineering

      1. Interactive Disassembler
      2. Sysinternals
      3. OllyDbg
      4. Other Tools

  1. Colophon

Return to Security Power Tools