|
Thanks again to everybody who showed up today. I was floored by the turnout. It was great to meet new people and see some familiar faces. David, we missed ya. Thanks to Rob Guba and TraceSecurity for the food. Thanks to Dustin for hosting, and Ronnie for putting in work after-hours to get the Windows and Linux machines setup. There’s no way we could have done it without them.
I hope everybody took something away from our gathering today. I think today really illustrated what ISSA is all about. We had a good forum for discussion and lots of open dialog. We did more than just eat and talk about what is going on with each others’ jobs, so I hope we continue this trend well into the next year.
For those of you who attended and enjoyed being there, I would like to encourage you to go ahead and pay dues and join up with us. By paying dues, you allow the chapter to function and continue to provide useful discussion like the ones we had today. Plus you also get a monthly issue of ISSA Journal, which is an industry magazine featuring great articles on security. I have to say that I prefer ISSA Journal over its competitors (like SC) because it doesn’t try to cram new products down your throat at every turn.
Anyway, thanks again for coming. Here are the minutes from our meeting :)
We talked about using Look@LAN to perform host enumeration on a network. Look@LAN also provides a portscan of each host when you double click the host, so you can get some basic port information from it too.
Nmap is a port scanner that we also used to perform port scans on the Windows machine. It’s CLI driven, but does support a GUI called “nmap-fe” or “nmap front end”.
Mark had some good information on how Windows domains are setup in both native and mixed mode. Be sure to direct any AD or Windows questions to him! I know he isn’t that busy... :)
We tried to use nbtdump.exe, but failed miserably. Nbtdump.exe will identify null BIOS sessions that can be established, as well as available shares and account details. For some reason, it didn’t return any account information... guess I’ll have to look into that.
We also took a look at Cain & Abel, and used it to enumerate hosts on a Windows workgroup as well as list some specific details about user accounts on the system. Cain & Abel can also be used for password cracking, dictionary/brute force attacks and sniffing network traffic. Perhaps in another session, we’ll go over sniffing traffic with it?
We talked briefly about patching, SNMP and some of the Foundstone tools I use. Foundstone tools can be useful for finding unpatched systems or systems lacking critical updates for common MS security bulletins. We talked about MS06-040 and MS04-011.
We also talked about doing banner grabbing using a Telnet client. We looked at some common web server methods which are normally in use: GET, PUT, TRACE, OPTIONS, etc... we also talked about how to interpret some of the information you’re getting back from your banner grabbing. Next time we’ll look at SMTP as well.
Here’s a list of places to find the tools:
http://www.foundstone.com/us/resources-free-tools.asp - Free Foundstone tools!
http://www.zone-h.org/component/option,com_remository/Itemid,47/func,fileinfo/id,4824/ - nbtdump. Looks like Cerberus, the company who made it, is out of business. Be careful where you download it from, but a Google search should turn up plenty. Just run an AV over it before you execute.
http://www.oxid.it/cain.html - Cain & Abel. Great for recovering passwords, viewing network resources, sniffing traffic.
http://www.lookatlan.com/ - Network scanning and discovery tool.
http://insecure.org/nmap/ - nmap – port scanner, what else can I say? :)
Again, great seeing you all. Hope to see you at the next meeting and on the list!
Jarred White
Security Engineer
TraceSecurity, Inc.
225-612-2121 x31027
225-612-2269 fax
|
