Recon, Pen Tests and Forensics

1
Recon, Pen Tests and Forensics

• Resources and their use

2
Introductions

• Kristi Yauch
• Beckie Mossman
• Candace Morse
• David Bryan
• Heather Bryan

3
Overview

• Reconnaissance
• Penetration testing
• Investigations and Forensics
• Memory Forensics
• Resources and Organizations
• QA

4
Reconnaissance

• Learn about target systems and environment
• Network scanning
• NMAP
• ZenMap GUI
• UMIT
• Vulnerability scanning
• Nessus
• Open VAS
• Data mining
• - Maltego

11/23/2009
5
Penetration Testing

• Metasploit
• http//www.offensive-security.com/metasploit-unlea
  shed/
• De-Ice PenTest Project
• OWASP Application Security
• - Community Projects and Resources
• Presentations, Meetings, Podcasts
• WebScarab, WebGoat
• Attacks, Vulnerabilities, Controls

11/23/2009
6
Investigations and Forensics

• Analyze
• Document
• Recover Data
• LogiCube
• EnCase
• The Forensic Toolkit
• http//forensicscontest.com/

11/23/2009
7
Memory Forensics

• Volatility
• WinDD and MDD
• Cold Boot attack

11/23/2009
8
Volatilty

• PSList Print list of running processes

11/23/2009
9
Volatilty (continued)

• Files print list of open files

11/23/2009
10
Volatilty (continued)

• Connections print list of open connections

11/23/2009
11
Additional Resources and Organizations

• Resources
• Complete list available at
• wmfs-tc.org/resources.html
• http//www.metasploit.com/
• http//www.offensive-security.com/metasploit-unlea
  shed/
• https//www.volatilesystems.com/default/volatility
  
• http//dftt.sourceforge.net/
• http//www.de-ice.net/
• http//opensourceforensics.org/
• http//forensicscontest.com/
• Organizations
• OWASP
• dc612.org
• wmfs-tc.org

11/23/2009
12
Q A
wmfs-tc.org