Live in the Wire

Dear readers,

Welcome to the new edition of Hakin9! It’s summertime, so we prepared something special for you this month. As you know, packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass through a computer network, regardless of how the packet is addressed. There are various sniffer tools available, and many techniques to use. In this month’s edition, we decided to take a closer look at Packet Sniffing. Let’s dive in!

We start with the article Packet Sniffing and Sniffing Detection, which will introduce you to the topic. Inside you will learn about protocols that are vulnerable to sniffing, a detailed guide to packet sniffing tools, and what are the best defensive techniques. It’s a great article to start with! 

Once you understand the topic more, we highly recommend going through Live with the Wire! Our cover article shows a completely different angle, as you learn how to write a simple tool in Python to sniff all of the network traffic (protected and unprotected)! It’s a very useful skill.

Providing Intranet traffic monitoring by sniffing packets at the Local Area Network (LAN) server end to provide security and control is the focus of another article. It’s a great case scenario, where authors present their methodology and system design for this project. 

The Neighbor Discovery Protocol is a protocol in the internet protocol suite used with IPv6, and the next article you read presents how to make it more secure. You will read about improvements to the IPv6 and NDP protocols using HMAC (Hash-Base Message Authentication Code) and the DH (Diffie-Hellman) algorithms.

We also prepared two articles about Car Hacking! How to use CanBus, master the exploitation process, and utilize Cluster Simulator for SocketCAN. Both articles offer in-depth knowledge, with some introductions so you will have all information to start your journey! 

For ransomware fans, we have the second part of Using Python for Ransomware Creation  Part 2. In this part, we are going to examine Bypass-AV, Anti-VM & Anti-Sandbox solutions.

What else is in this edition? If you are interested in CTFs, the Top Six Platforms to run your CTF On will be a perfect choice for you. We close this edition with articles about Constrained Application Protocol Attacks and Detection of MITM Attack in Multi-SDN Controller.

We would like to send a big thank you to all contributors that joined this edition! Without you, this amazing issue wouldn’t be possible. Special thanks to all the reviewers and proofreaders involved in the process of creating this issue.

Don’t forget to enjoy the summer! Staying safe and positive is the most important part of today’s challenges. Remember, together we can remain strong and resilient! 

Enjoy the reading,

Hakin9 Editorial Team

---

Table of Contents

---

Packet Sniffing and Sniffing Detection

Ruchi Tuli

This article discusses the basic working of a packet sniffer, network protocols that are vulnerable to sniffing, and various software that can be used for sniffing. This article also describes possible defensive techniques used to defend against sniffing attacks. Finally, the research ends with describing some sniffing detection techniques. Sniffers are not hacking tools but they can help a hacker to launch further attacks such as session hijacking, DOS attacks, MITM attacks, etc.

---

Live in the Wire

Saeed Dehqan

Usually, sniffers are used in network security, threat analysis, and network troubleshooting. The most common packet sniffers and/or protocol analyzers are Wireshark and Tcpdump. Both of them are written in C. Sniffers can also be written in other languages like Python. In this article, we will learn how to write a simple tool in Python to sniff all of the network traffic (protected and unprotected).

---

Intranet Security Using A LAN Packet Sniffer To Monitor Traffic

Ogbu N. Henry, Moses Adah Agana

This article was designed to provide Intranet traffic monitoring by sniffing the packets at the Local Area Network (LAN) server end to provide security and control. It was implemented using five computer systems configured with static Internet Protocol (IP) addresses used in monitoring the IP traffic on the network by capturing and analyzing live packets from various sources and destinations in the network.

---

A more secure IPv6 neighborhood process

Leandro Almeida, Camilla Jácome

The process of neighborhood establishment in an IPv6 network is made through the NDP (Neighbor Discovery Protocol). Using ICMPv6 messages (NS - Neighbor Solicitation and NA - Neighbor Advertisement) that contain the IP address to be resolved, exposed during the exchange of messages, making communication vulnerable to various types of attacks. This article presents a proposal for a safer neighborhood establishment using the DH and HMAC algorithms. Experiments were performed in virtualized environments with the objective of analyzing the efficiency of the modification proposed in the NDP.

---

Using Python for Ransomware Creation Part 2

Nima Dabbaghi

In this part, we are going to examine Bypass-AV, Anti-VM & Anti-Sandbox solutions. In order to infect a computer with malicious software, cybercriminals must either: Entice the user into launching an infected file or try to penetrate the victim’s computer – via a vulnerability within the operating system or any application software that’s running on the machine.

---

Top Six Platforms to run your CTF On

Moataz Salah, Ahmed Nosir

Hosting or running a cyber security capture flag game (CTF) might be a nightmare if you don’t have the right plan. In this article, we will talk about one of the most important decisions that you must take during your planning phase, Which platform should you use to host your CTF?

---

CAR Hacking Using ICSim

Staford Titus

While in reality, it may not be overly practical or even completely viable to hack a car while sitting at your home and binging on Netflix, it is entirely possible to hack a car. This article encompasses hacking a simulated car.

---

Car Hacking: Exploiting the CAN Bus Protocol

Bryson Payne

This article describes the integration of a module on car hacking, including full installation and setup of all the open-source tools necessary to implement the hands-on labs. This work demonstrates how to test an automobile for vulnerabilities involving replay attacks, and how to reverse-engineer CAN bus messages, using a combination of open-source tools and a commodity CAN-to-USB cable or wireless connector for under $100 (USD).

---

Detection MITM Attack in Multi-SDN Controller

Anass Sebbar, Youssef Baddi

In this article, we present different attacks in Software Defined Networking (SDN) layers and interfaces, proposing two scenarios in order to describe the methodology of Man In The Middle (MITM) attacks in different controllers, like OpenDayLight (ODL), Open Network Operating System (ONOS) and RYU.

---

An Overview of Security in CoAP: Attack and Analysis

Anantha Narayanan V., Shaligram Arvind

In this work, a client-server architecture is set up, whose end devices communicate using CoAP. Also, a proxy system was installed across the client-side to launch an active interception between the client and the server. The work will further be enhanced to provide solutions to mitigate these attacks.