Fri_Jan_17
Refs: 1. Book: Security Power Tools
2. http://blog.csdn.net/magod/article/details/6171633
Chap 1: Law Issue
chap 2: Net Scan
1. imap -> Internet Message Access Protocol
2.
TCP / UDP scanning
TCP [6 types]: SYN, ACK, PSH, URG, FIN, RST
UDP
[2 types]: empty scan, portocol data scan
3. Three Tools:
1. Nmap:
*****
2. Unicornscan: ***
3. Scanrand: ***
4.
Ports to Scan: e.g. 80 HTTP, 21 FTP.
5. Target: e.g. 192.175.1.20,
192.15-42.42.1,35,42
6. IDS -> Intrusion Detection
System
IPS -> Intrusion Prevention system
7. finger print
=> the running apps listenning on that port
8. os scan
9. idle
scan
chap 3: Hole Scan
1. Nessus: *****
2. WebInspect: *** [only for
Windows]
1. Tools:
1. HTTP Editor
2. SPI
Proxy
3. SQL Injector
4. SPI Fuzzer
chap 4: LAN Searching
1. map the ethernet
2. Tools:
1.
Ettercap
2. Arpspoof
3. p0f
4. tcpdump
5.
dsniff
3. ARP poisoning
4. mocof -> MAC Overflow
5. Bridged
Sniffing
chap 5: Wireless Searching
1. Wardialing
2. Wardriving
3.
802.11 Newwork Essentials:
1. Types: Infrastructure, Ad hoc
2.
BSSID, ESSID, SSID: SSID -> Service Set Identifier
3. frame:
数据帧、控制帧、管理帧(Beacon, Probe Request, Probe Response, Disassociation and
Deauthentication...)
4.
Tools:
1. Netstumbler: [for windows]
2. Kismet: [bonus: gpsd
supported Kismet GPS]
1. Track Loc
2. Build Map
3.
Wireshark: *****
4. AirDefense Mobile
5. AirMagnet
6.
Airopeek
7. KisMac
chap 6: Create Packet
1. Why? -- For testing, etc.
2. e.g.: Ping of
Death
[On Win 95]: >>ping -l <A_BIG_NUM>
<TARGET>
3. Tools:
1. hping, hping2, tcl
2. Scapy:
*****
3.
4. QoS -> Quality of Service
5. ICMP ->
Internet Control Management Protocol
6. NAT -> Network
Address Translation
7. Firewall <--> Firewalking
chap 7: Metasploit
1. Tools:
1. Metasploit
2.
Meterpreter
2. NOP -> [?]: NOP generator
chap 8: Wirelss Penetration
1. Airtap
2. WEP -> Wireless
Equivalent Privacy
=> TKIP -> Temporal Key Integrity
Protocol
3. WPA -> Wifi Protected Access [WPA-v1]
4. WPA2 -> WPA
[?]
5. WPA-PSK -> WPA PreSharedKey
6. Tools:
1. Aircrack:
*****
FMS(3 names) Attack, KoreK Attack
Aircrack-ng =
aircrack-ng + \
airdecap-ng +
\
airmon-ng + \
aireplay-ng +
\
airodump-ng + \
some
other tools;
2. Airpwn
3. Karma
chap 9: Penetration Framework App:
1. For faster tapping, for easier to
use
2. Tools:
1. Core Impact
2. Canvas
3.
Metasploit
4. Security Forest [ Open Source ]
chap 10: D.I.Y
chap 11: Backdoor
VNC, BO2k...
chap 12: Rootkit
NAT -> Natwork Address Translation
Inner:
192.168.x.x; 172.16,32.x.x; 10.x.x.x(this 3 ranges of IPs are special reserved
for inner net)
chap 13: Host Harden
chap 14:
chap 15: Communication Safety
1. Telnet -> rsh(remote shell) ->
rlogin(remote login)
=> SSH(Secure Shell):
1. RSA, DSA; AES, Blowfish, 3DES,
CAST128 => encraption(asym,sym)
2. MD5, SHA => check
integrity
3. Gzip => compression
2. SSH on Windows:
1.
Cygwin
2. PuTTY
3. WinSCP
4. SecureCRT
chap 16: Email Safety and Anti Spam
1. Norton(by Symantec.cop)
2.
...
chap 17: Dev Safety Test
1. Tcpreply
2. Traffic IQ Pro
chap 18: Packet Capture
1. tcpdump
2. BPF filtering [?]
[Berkeley Packet Filter] or [Band-pass Filter]
3. Ethereal /
Wireshark
4. TShark
5.
chap 19: Network Monitor
1. NIDS -> Network Intrusion Detection
Sensors
2. Snort
1. Three modes:
1. NIDS
2. NIPS
(‘P‘ stands for "Prevention")
3. Packet Sniff
2. ...
3.
HoneyPot
4. honeyd as "tar pit"
chap 20: Host Monitoring
1. hash integrity: --> avalanche
effect
2. most popular hash function: SHA-1 & MD5
chap 21: Forensic Tools
1. Netstat
2. Forensic Tookit
3.
Sysinternal
4. RootkitRevealer: to find Revealer
5. TCPVIew: like
"gNetstat"
6. Process Explorer
chap 22: Process Fuzzing
1. Flipper: bit flipper
2. Spike: fuzzing
framework
3. Spike API
4.
chap 23: Bit Tracks
1. Interactive Disassembler
2.
Sysinternals
3. OllyDbg
原文:http://www.cnblogs.com/gnat-tang/p/3536464.html