Future Cyber Warriors

Future Cyber Warriors

Why Network Forensics?

• Encrypted Hard Disks• Re-imaged Boxes• USB Response Difficulty • Increase in Number of Intrusions• IP End Point Analysis• Log Analysis• Geolocation– Proxies

How do they get in?

• Spear Phish• Links (Twitter)• Vulnerabilities– Applications– OS

• Weak Passwords

And Let’s Not Forget

• The Insider Threat

The Old Ping Scan

Can’t We be Quieter ?

• Use tcpdump with no IP– Listen Passively

Zenmap can be Indecisive

• Accurate as the weather…

• And noisy, so you will be noticed in Logs

Getting a Better OS Guess

Searching for 08 exploits

Setting Options within Metasploit

Exploiting the Victim

• Firewall and UAC Enabled…

Important Facts when you Hacks

• Who are You?

• How are you in?• Got PID?• Why no GUI?

Step Right Up – Get Your Malware

• How do you get malware on the victim?– Meterpreter upload– FTP Answer File– Write a BAT FILE– Use DEBUG to Compile– TFTP (not likely)– wget or curl (if Linux)

You got caught doing bad things

• At least rename your stuff

I hate it when I get Dumped

You don’t want to get Caned Either

Help the Admin Manage Users

Looking at the Traffic

Snort Sees Bad People

Summary

• Hackers get in• Network Forensics may explain:– Who– How– What– When

• At a minimum, endpoint analysis• Actions can help mitigate future attacks

Questions and Comments

• Thank You!