msec - thực hành tấn công hệ thống
TRANSCRIPT
![Page 1: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/1.jpg)
ATTACK - DEFEND
Attack – Defend Computer Networks
Tools and Pratical Author: Hoang Cuong
21/01/2015 Hoàng Cường - MSEC 1
![Page 2: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/2.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 2
![Page 3: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/3.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 3
![Page 4: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/4.jpg)
GATHERING INFORMATIONS (Footprinting).
21/01/2015 Hoàng Cường - MSEC 4
I. Web Tools.
• http://whois.domaintools.com/
• http://whois.pns.vn/
• http://www.vnnic.vn/tenmien/whois
• http://whois.gltec.com/
I. Applications.
• WHOIS Lookup Tools
• DNS Interrogation Tools
• DNS online Interrogation Tools
• Email Tracking Tools
• Google Hacking Tool
• Monitoring Web Updates Tool
• Tools to Extract Company’s Data
• Traceroute Tool
• Website Mirroring Tools
![Page 5: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/5.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 5
![Page 6: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/6.jpg)
SCANNING TOOLS
1. NMAP - http://nmap.org
2. Acunetix Web Vulnerability Scanner 9.5
3. Nessus
4. OpenVAS
5. Core Impact
6. NexPose
7. Rentina
8. BurpSuite
9. W3af
10. Websecurity
21/01/2015 Hoàng Cường - MSEC 6
![Page 7: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/7.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 7
![Page 8: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/8.jpg)
EXPLOITION
1. Metasploit
2. W3af
3. Sqlmap
4. Core Impact
5. Canvas
6. Social Engineer Toolkit
7. BeFF
8. Burp Suite
9. Webshell
10. Other Tool.
21/01/2015 Hoàng Cường - MSEC 8
![Page 9: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/9.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 9
![Page 10: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/10.jpg)
PRIVILEGE ESCALATION
1. Exploit code
2. System vulnerabilities
3. Sofware vulnerabilities
4. Get root or Jailbreak
5. RootKit
6. Using malware
21/01/2015 Hoàng Cường - MSEC 10
![Page 11: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/11.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 11
![Page 12: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/12.jpg)
EXPANTION
21/01/2015 Hoàng Cường - MSEC 12
![Page 13: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/13.jpg)
CONTENTS
PART I: TOOLS
I. Gathering Information (Footprinting ).
II. Scanning.
III. Exploited.
IV. Privilege Escalation.
V. Expansion.
VI. Backdoor.
VII. Remove Tracks.
21/01/2015 Hoàng Cường - MSEC 13
![Page 14: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/14.jpg)
BACKDOOR
1. Using as malware
21/01/2015 Hoàng Cường - MSEC 14
![Page 15: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/15.jpg)
Q&A
21/01/2015 Hoàng Cường - MSEC 15
![Page 16: MSEC - Thực hành tấn công hệ thống](https://reader031.vdocuments.pub/reader031/viewer/2022020307/55aa182a1a28ab38248b46d0/html5/thumbnails/16.jpg)
Pratical
21/01/2015 Hoàng Cường - MSEC 16
http://truongyduochanoi.edu.vn/
http://truongyduochanoi.edu.vn/error.php