Transcription
CompTIA Security 501CompTIA Security SY0-501Instructor: Ron Woerner, CISSP, CISMCompTIA Security Domain 2 –Technologies & Tools2.2 Given a scenario, use appropriate softwaretools to assess the security posture of anorganizationCybrary Instructor: Ron Woerner1
CompTIA Security 5012.2 Security Assessment Tools Protocol analyzer Data sanitization tools Network scanners Steganography tools Vulnerability scanner Honeypot Exploitation frameworks Backup utilities Configurationcompliance scanner Banner grabbing Passive vs. active Command line toolsProtocol Analyzers Aka Packet Sniffers Gathering packet-level information on a network Examples:WiresharkTCPDumpCybrary Instructor: Ron Woerner2
CompTIA Security 501WiresharkNetwork scanners / mappers Knowing what’s on your network Network enumerationCybrary Instructor: Ron Woerner3
CompTIA Security 501Network scannersNetwork scannersNmap / ZenMapCybrary Instructor: Ron Woerner4
CompTIA Security 501Network scannersFing(iOS & Android)Vulnerability scanner Software utility that scans a range of IP addresses andtests for the presence of known vulnerabilities insoftware configuration and accessible services Relies upon a database of known vulnerabilitiesCybrary Instructor: Ron Woerner5
CompTIA Security 501Vulnerability ScannersExamples: Nessus (Tenable) OpenVAS: Linux Nexpose Community Edition: Scan web applications,databases, and virtual environments, Qualys FreeScan: Checks for hidden malware and SSLissues, among other network vulnerabilitiesOWASP ZAP ZAP - Zed Application Proxy Discovers security vulnerabilities in web applicationsCybrary Instructor: Ron Woerner6
CompTIA Security 501Exploitation Frameworks Platforms used for penetration testing and risk assessments Frameworks contains a set of exploits for known vulnerabilities Examples:Metasploit, Canvas, and Core Impact Browser Exploitation Framework (BeEF) – pen testing tool for exploiting webvulnerabilitiesKali Linux Kali Linux is a Debian-derived Linuxdistribution, designed for digital forensicsand penetration testing. Kali Linux is preinstalled with numerouspenetration-testing programs. Kali Linux can be run from a hard disk, liveCD, or live USB. It is a supported platformof the Metasploit Project's MetasploitFramework, a tool for developing andexecuting security exploits.14Cybrary Instructor: Ron Woerner7
CompTIA Security 501Social Engineering Toolkit (SET)Cybrary Instructor: Ron Woerner8
CompTIA Security 501Wireless Scanners Gather information about Wi-Fi networks Detect access points (rogue or valid) Break encryption keysExamples: Aerodump Kismet/KisMAC Netstumbler Vistumber inSSIDerCybrary Instructor: Ron Woerner9
CompTIA Security 501Configuration compliance Microsoft Baseline Security Analyzer (MBSA):A software vulnerability scanner to analyze targeted Microsoft systems, todetect whether software security patches or baseline configuration settingsare missing Center for Internet Security (CIS) Nessus (Also vulnerability scanning)Banner Grabbing A technique to identify operating systems,applications and services on a system Narrows vulnerability searches Netcat Free download for Windows and Linux Read & Write TCP & UDP network connections Run from the command lineCybrary Instructor: Ron Woerner10
CompTIA Security 501Password Crackers Used to disclose passwords and assess password strength Online password-cracking tools enable you to type in the hashand get the password returned in plain text Examples: Brutus Cain and Able John the Ripper THC HydraHoneypots / HoneynetsUse: Systems or networks exposed to capture malicious activity Gather investigation evidence Study attack strategiesSeparated from any business networkhttp://www.honeyd.org/Cybrary Instructor: Ron Woerner11
CompTIA Security 501Steganography Means “hidden writing” – hiding messages, often in other media, sothat unintended recipients are not even aware of any message Approaches: Least significant bit insertionMasking and filteringAlgorithms and transformations Common steganography tools include: OpenPuff Camouflage Steghide rStegData Sanitization Tools Sanitization – the process of removing contents from a device or media Examples: DBAN BCWipe Cryptographic erase (CE)Cybrary Instructor: Ron Woerner12
CompTIA Security 501Command Line Tools configtcpdumpnmapnetcatCommand Line ToolsSysInternals Suite Autoruns Process ExplorerVideo:Mark Russinovich,Malware HuntingRon Woerner, 2017Cybrary Instructor: Ron Woerner13
CompTIA Security 501Exam PreparationAlso known as packet sniffers, these tools help youtroubleshoot network issues by gathering packet-levelinformation across the network?A.B.C.D.Vulnerability scannersExploitation frameworksConfiguration complianceProtocol analyzersExam PreparationAlex is conduct forensics of a phishing email. Sheknows the IP address of the originating email server.What command would show Alex the compete path tothat IP address?A.B.C.D.pingtracertnetstatnslookupCybrary Instructor: Ron Woerner14
CompTIA Security 501Security Lab GuideIn this exercise, you will learn how to use the following tools: Nmap / ZenMap WiresharkSecurity Lab GuideIn this exercise, you will learn how to use the following password cracking tools: Cain & Abel PWDump LMHash Detecting RootkitsCybrary Instructor: Ron Woerner15
CompTIA Security 501Security Lab GuideCompTIA Security Domain 2 –Technologies & Tools2.2 Given a scenario, use appropriate softwaretools to assess the security posture of anorganizationCybrary Instructor: Ron Woerner16
Kali Linux Kali Linux is a Debian-derived Linux distribution, designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs. Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit
