Netwitness is fantastic.  Thanks for the posting the link.

Thanks.  I was hoping I could do something with MetaSploit but maybe i'll wait for  that.

Cheers

Syn

Hi Chris,

In my opinion its all about the data, so effective methods of finding and extracting data from the network are pretty important.

Also, different ways of covering tracks is quite interesting, maybe overwriting tools by piping larger files into them using type (type bigfile.exe > evil.exe)

Also playing with the time on devices/hosts to make the forensics more interesting.  oh and log file manipulation, thats always fun.

Regards

Syn

Hi guys, I have a question regarding Metasploit. 

I'm happy with the process for running Metasploit against a remote host and with using the msfpayload function of Metasploit but...

Is it possible to create an executable using Metasploit that will exploit a vulnerabilty on the local machine that is running in the context of a restricted user to raise the priviledges of the user or execute any other payload that is specified such as create an Administrative Account or install a VNC server and connect back to another host?

Maybe i have missed something, but to run a payload that was created with msfpayload it seems to asume that the user/victim already has administrative rights on the target PC.

The reverse DNS i was well aware ofbut the traceroute and ping method is pretty interesting.  I had thought that traceroute might be useful for certain types of mapping or helping to ID honeynets but your method certainly sounds useful.

Thanks.

Thanks Jimbob.  Again, these are methods I already use.  Maybe I was looking for a tool that does the same as Senseposts qtrace.pl but it doesn't exist.

Thanks for the reply though.

Thanks RoleReversal.  That was one of my methods (nmap xxx.xxx.xxx.xxx/24 -sP) and then look for typical boundary type devices such as routers or firewalls.  Obviously this method isn't that reliable and I was hoping that there was another more reliable option for footprinting the target.

Oh well, worth a try.

Cheers.

Syn

I find that in general a whois might give me the isp assigned block.  but where i have found a host in a range by using something like Fierce, i want to find the size of that range assigned to the target network..

I would like to what tools and methods other people may use for IP address block enumeration.  I have used qtrace.pl in the past but i'm not aware of any other tools / websites that may be of use.

I find that in books, articles and websites there is often very little emphasis on clearly identify the network boundaries of the target.

Does anyone have any suggestions?

Thanks

SynJunkie

Dengar13

I have a holiday coming up, so my plan is to study as much as possible and take it in the next 8 weeks.  I have a pretty good idea of the types of questions and I think after a week or 2 of good studying I'll be ready.  I've been taking some of the practice tests at cccure.org for the CISSP and i'm averaging about 90% on the domains I have studied so far so hopefully i'll do okay.  Following the Security+ i'll get my head back in the CISSP study guide.

Hi

I'm currently studying for the CISSP but I would like to take the Security+ beforehand to make sure i'm on the right track.  Has anyone taken the Security+ recently and if so could you recommend a study guide?  There are many on Amazon but the reviews are quite poor.

Many thanks.

Syn

I'm a big fan of this podcast also. They have had some fantastic guests on the show. and the content always seems to be bang upto date.

Watch out pauldotcom!

For anyone interested, theres a new security podcast been started recently that shows potential called Securabit.  One of the hosts is Chris Gurling who some may recognise from Hak.5

And while i'm on the subject, a podcast i'm really hoping takes off is Armored Penguin.  This ones focuses on Linux Security and Episode 0 was very promising.  Links to both are below.

http://securabit.com/

http://www.armoredpenguin.net/

if w1mmy is interested in learning more about keyloggers and compiling his own, a couple of options are available on irongeeks site:

http://www.irongeek.com/i.php?page=security/keylogger

and on White Scorpions site:

http://www.white-scorpion.nl/programs/index.html

The source is available so these can be adapted for your own need or modified to work work with you favorite AV.

Syn

Regarding the firewall question, I've been reading about a firewall from Comodo.  It looks okay if your that way inclined but I must admit I haven't used it myself yet.  My suggestion is based purely on the write up from the website and from what i heard on a podcast recently.


http://www.comodo.com

I used to be a big fan of the Sygate firewall but it got brought up by Norton I think and was no longer developed.  Shame, it was quite good. Probably wouldn't work on Vista ...bastards..thank god for linux.  Sorry, i'm rambling now.





 

I agree, the built in FW does work well.

I'm a big fan of Avast for AV but I have heard that AVG has recently upgraded it's free version so that may be worth a look.

What do anyone use for anti-spyware? I like spybot S&D but I havent tried many others.  I like to think that patching, careful browsing, Firefox and NoScript help alot.

Oh, and using a well patched linux system for the majority of web activity is nice too.