ten tools for security professionals
Post on 08-Jul-2015
2.628 Views
Preview:
DESCRIPTION
TRANSCRIPT
Ten security tools you can pick up and use right now
(and a few extras)
CSE 4/6243January 28, 2008Wesley McGrew rwm8@cse.msstate.edu
Introduction
Focus is on “everyday” kinds of tools.
Many security tools are double-edged swords
The same tool that can be used to test your defenses can be used in an attack
Use these tools in the lab! Never attack a network or system without explicit and specific permission!
Introduction
This list is inspired by previous “tool” lectures given by Russ Ward and myself
http://sectools.org/ also a great resource
Focus is on free tools, unless otherwise stated
also plenty of good commercial tools out there, such as Core Impact
Watch the network, file, and registry activity of specific processes
Great for
Analyzing the behavior of known malware
Determining how programs store/transmit information
http://technet.microsoft.com/en-us/sysinternals/default.aspx
FileMon - File access monitoring
ProcessMonitor - General purpose task monitor
PsTools - Command-line process tools (can work remotely)
TCPView - View active TCP connections
RegMon - Monitor registry reads/writes
Many more
Signature-based Intrusion Detection and Prevention
Can also be used as a general-purpose sniffer
Very powerful when used with custom rules
snort.org and bleedingthreats.net for up-to-date signatures
Framework for developing exploits rapidly
Many exploits for popular vulnerabilities built-in
Mix and match exploits with payloads
Interfaces: command-line, console, web
Versions 2.x and prior used Perl
Started using Ruby with Version 3
Formerly known as Ethereal
Excellent packet sniffer and protocol analyzer
Built-in dissectors for most protocols
Follows TCP streams
Be very careful with viewing packets captured live (RAM and security issues).
Nessus
Vulnerability Scanner
Was open-source, now free to use, so long as you don’t mind subscribing to the plugin feed (or getting a delayed feed for free)
Good for getting an overall view of what’s on the network, and some common vulnerabilities that may exist
Schedule vulnerability scans, track improvement
Burp Suite
Java-based set of applications for attacking web applications
Proxy allows you to change GET/POST parameters and cookies in-transit
Spider allows you to map a web app as you’re using it
http://www.portswigger.net/suite/
Burp Suite
Burp Suite
Burp Suite
Burp Suite
Burp Suite
The best option for wireless AP mapping, reconnaissance, sniffing
Unlike netstumbler/etc., Kismet operates in “Monitor mode”
Completely passive
Will discover APs that other tools won’t find
Wireshark can be used to analyze packets it captures
nmapMost versatile port scanner out there
Become familiar with different types of scans. The most useful are:
-sS : SYN Stealth scan
-sV : Full-connect with version probing
-sP : Ping sweep
Be aware of its defaults (especially on what ports are scanned)
nmap “sightings”
nmap “sightings”
nmap “sightings”
nmap “sightings”
nmap “sightings”
Emulates a fully-functional PC
You can install Linux/Windows/etc. on it
Use tools you normally couldn’t use
Checkpoints allow you to experiment
Have a multi-computer lab in the convenience of one laptop
Python/Perl/Ruby/etc.
Learn a scripting language
Great for small one-off tools
Be lazy! Automate things!
If you can already write C/C++/Java, it’s very easy to pick up one of these languages
Many packages/modules available for security-related activities
A few extras:Backtrack - Live CD distro containing many of these tools
Google - In the right hands, the best recon tool you could ask for
Scapy - Python framework for sniffing and packet crafting
Tor - Anonymous browsing
OllyDbg - For “design recovery” or “deep analysis”
Truecrypt - Encrypted volumes with plausible
Useful Resources
milw0rm.com - Up-to-date archive of exploits
isc.sans.org - Internet Storm Center blog
dshield.org - Aggregated statistics/trends
sectools.org - Top 100 Security Tools
securityfocus.com - Security news, articles, and tutorials
top related