Procedure for identifying active hosts on a network – The best of Hakin9 2012
23 articles written by experts
Nmap, Backtrack, Nessus, Snort and Helix as the source of hacking
Get the biggest Hakin9 publication in this year!
Partial Exposure Key Attacks on RSA
by Theodosis Mourouzis
We study the attacks on RSA scheme when partial secret information is available. We focus on the following fundamental questions: (A) how many bits of secret key d does an adversary require in order to reconstruct all of d?, (B) How many randomly located bits from the prime divisor of p of the modulus N are required in order to factorize the modulus completely and efficiently?
How to Scan with Nessus from within Metasploit
by Michael Boman
When you perform a penetration test with Metasploit you sometimes import vulnerability scanning results for example Nessus Vulnerability Scanner. Usually you start the scan externally from Metasploit framework and then import the results into Metasploit.
How to Use Multiplayer Metasploit with Armitage
By Michael Boman
Metasploit is a very cool tool to use in your penetration testing: add Armitage for a really good time. Penetration test engagements are more and more often a collaborative effort with teams of talented security practitioners rather than a solo effort.
Create a Basic Web Application Scan Policy
By Johan Loos
In this document, you will learn how to create a generic policy that can be used for scanning unknown web applications. We will start from an existing policy and use the policy “Web App Tests” as the base for your policy.
Five Steps to Nessus 5
By Walter Cuestas
Nessus is one of the best vulnerability assessment tools, if not the best one. It went from a free software version (free as freedom) through “free” software (as free beer), ending up as a 100% commercial version (Professional Feed).
Vulnerability Assesments On Scada Systems With Nessus 5.0
By Indranil Banerjee
Think about what would happen to you if all of New York City’s /[your city’s] power grid went down for a day. Think about what would happen if the biggest dam wall cracked and broke down in an hour. Think about what would happen if a government [secret?] Nuclear project was hijacked.
Analyzing Vulnerable Systems Using Nessus 5
By Steve Myers
A good network or systems administrator should be constantly assessing their environment for vulnerabilities that have potential for exploitation. A security agent, such as a penetration tester or attacker, may be looking for these same vulnerabilities in order to breach the network to access sensitive information.
Nessus 5.0 Installation and Configuration Guide
By Vikas Kumar
Nessus® is the world’s most widely-deployed vulnerability and configuration assessment product with more than five million downloads to date. Nessus 5 features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture with features that enhance usability, effectiveness, efficiency, and communication with all parts of your organization.
New to Nessus 5?? Well then don’t miss this!!
By Johan Loos
Are you new to Nessus 5 or you have not used Nessus 5 before? Don’t miss this step by step lab which will start with downloading Nessus 5 till you make your scan and generate the Vulnerability Scanning reports.
Compliance Auditing with Nessus 5
By Paul Battle
“Compliance”. For those responsible for configuring and monitoring devices for compliance it can be a challenge. The Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), are just two of the many compliance standards companies need to consider in their IT infrastructure design and data storage requirements.
How Exposed To Hackers Is the WordPress Website You Built?
By Alex Kah
WordPress is likely the most popular website framework used on the web today. With over 65 million downloads and a very active community you can accomplish many goals with ease using WordPress.
BackTrack 5 Toolkit Tutorial
By Vikas Kumar
BackTrack is an operating system that is based on the Ubuntu GNU/Linux distribution, aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5, code name: “Revolution.”
Android Exploitation with Metasploit
By Aditya Gupta
This article looks into practical usage of Backtrack and its tools. The article is divided into three sections – Android Exploitation through Metasploit, Nikto Vulnerability Scanner, and w3af. The reader is expected to have basic knowledge of Backtrack and be familiar with common web application vulnerabilities.
Use Metasploit in Backtrack 5
By Johan Loos
Metasploit comes in several flavors: Metasploit framework, Metasploit community edition, Metasploit pro. In Backtrack 5, Metasploit framework is installed by default. Metasploit framework provides one with information on security vulnerabilities, which can be used to exploit a system. Penetration testers can also use this tool to launch manual or automated scans.
Helix2009R1 is forensically sound… Surely?
By Amy Cox and Eyal Lemberger
Helix3 is a bootable Live CD for use by forensic investigators for analysing systems running Windows or Linux. This article will discuss the issues that the forensic community have brought to light regarding the tool and test the forensic validity of the most recent open source version of the boot CD. It will end by discussing if any of the issues actually affect its usefulness as a tool.
Real World Imaging Tips using Helix
By Keith Swanson
We are charged with the response to almost anything in todays Law Enforcement age. We may get called to a terrorist attack, homicide, robbery, or just a theft of beer. Who knows? Can you be prepared for everything? Can you build a kit that will cover all of your needs?
Helix 3 Pro: An Experience
By Elias Psyllos
The Request: I received a call for a collection of computers on-site and needed to respond quickly. I grabbed my forensic go-kit that I had built, containing a wide variety of products; such as write blockers, wiped hard drives, cables, and imaging software, etc.
Know Your Tracks using Nmap
By Ali Hadi
There’s no better description than the ones from the developer himself: Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing.
Nmap Network Forensics
By David Harrison
A few years ago, we were called in to do forensics for a government agency that had been hacked. As soon as the hack was discovered, system administrators scurried about, closing up firewall rules and covering up evidence, making it virtually impossible to determine how the attackers had gotten in.
Nmap How to Use it
By Salih Khan
Nmap stands for “Network Mapper”. it’s been seen in many films like the Matrix Reloaded, Bourne Ultimatum, Die Hard 4, etc. When Nmap was created it could only be used on the Linux Platform but now it supports the all major OS like Linux, UNIX, Windows, and Mac OS platforms.
PfSense + Snort: Fast approach
By Salih Khan
Pfsense is a FreeBSD based distro specially oriented as a security appliance for firewall UTM with many modules ready for more functions. You can integrate things like squid, dansdnsguardian, varnish, mod_security, and… snort!
Using Snort for Intrusion Detection for Small to Medium sized Enterprise (SME)
By Keith DeBus
Snort is an open source, modular intrusion detection system (IDS) that is capable of effectively detecting network intrusions such as cybercrime and cyber attacks This IDS is efficient and useful for every nearly any business, from the smallest mom and pop business to the largest telecommunication firms.
Snort for SOHO and Enterprise Networks
By Rafael L. Torres Jr.
Intrusion Detection Systems (IDS) are essential to any network’s security defense strategy. Their function is to monitor network traffic for malicious activities and alert or, in the case of an Intrusion Protection System (IPS), to prevent malicious traffic from entering the network.