Feb 24, 2016
Future Cyber Warriors
Why Network Forensics?
• Encrypted Hard Disks• Re-imaged Boxes• USB Response Difficulty • Increase in Number of Intrusions• IP End Point Analysis• Log Analysis• Geolocation– Proxies
How do they get in?
• Spear Phish• Links (Twitter)• Vulnerabilities– Applications– OS
• Weak Passwords
And Let’s Not Forget
• The Insider Threat
The Old Ping Scan
Can’t We be Quieter ?
• Use tcpdump with no IP– Listen Passively
Zenmap can be Indecisive
• Accurate as the weather…
• And noisy, so you will be noticed in Logs
Getting a Better OS Guess
Searching for 08 exploits
Setting Options within Metasploit
Exploiting the Victim
• Firewall and UAC Enabled…
Important Facts when you Hacks
• Who are You?
• How are you in?• Got PID?• Why no GUI?
Step Right Up – Get Your Malware
• How do you get malware on the victim?– Meterpreter upload– FTP Answer File– Write a BAT FILE– Use DEBUG to Compile– TFTP (not likely)– wget or curl (if Linux)
You got caught doing bad things
• At least rename your stuff
I hate it when I get Dumped
You don’t want to get Caned Either
Help the Admin Manage Users
Looking at the Traffic
Snort Sees Bad People
Summary
• Hackers get in• Network Forensics may explain:– Who– How– What– When
• At a minimum, endpoint analysis• Actions can help mitigate future attacks
Questions and Comments
• Thank You!