Network penetration and testing — OZONE Asylum, home of the Mad Scientists

OZONE

Network penetration and testing

This page's ID: 28132

Edit Post

Who can edit a post?	The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	Didn't know it, reminder: I speak french as the default... Hence my: [quote] I am not gonna make assumptions, had you asked about "securing a network", I'd had showed you a few things. But "network penetration"? ... are you? yeah, -script- kidding. [/quote] Somebody said misunderstanding? I did my best to avoid making it judgemental, but had to tell the audience "hacking is bad bad bad". Ok, soo.... The core knowledge required for this boils down to core networking (protocols, networking models and standards, rfcs, etc...) Check the "Internet Engineering Task Force" website, it's the source: RFCs define the protocols, and theyre flaws - that's where hackers look for really interesting things to test. IEEE references may help too. Good hackers will try to exploit those, low, core flaws. Next major hint, along the lines of "give a man a fish..." Re-ve-rs-e engineering. Hackers have a foot in once they have managed to guess how a network is made. And that's the core skill: don't use common subnets on wireless networks for instance, encrypt where you can, proxy and firewall where you can, etc. Try to imagine scenarios that won't give out - any - information on a server, network, etc. When Cyco simulates an attack, he perform the two above steps: documenting, he doesn't need. He then sends "wrong" packets, commands, whatever, on ports he has scanned and knows are open, and listens. Sooner or later, the other party spits out something usable, he just has to know how to use it, and he does. Two big factors, for a company network, help create gaps between the onion layers I like to quote: Lack of stability of the network and... Internet. Java applets or ActiveX can often be wisely crafted to spy or do bad things... with recent JVM improvements, this becomes less and less true for Java, but there is no such thing as a perfect security, but the easiest way in is the internet. Next to it, people who numbly refuse to upgrade to SP2, for instance, expose theyre system to instabilities that Cyco could "tickle" using the aboe mentionned strategies. In a way, an unstable system is a "call" to hackers: it will respond to some ways to tickle it, and based on that, the black hat can guess how your network is made, and finally.... Spot the flaws. Now you know what to look for. Loading...
Options:	Enable Slimies Enable Linkwords

« Backwards — Onwards »

Show Forum Drop Down Menu