Module 4 - Post Exploitation (COMPLETE)

Post Exploitation
Network Security
Intended Learning Outcomes
After studying this module, you should be able to:
 Generalize some of the factors driving the need for Post Exploitation
network security
 Distinguish Network Attack Method
 Classify particular examples of attacks
 define the terms vulnerability, threat and attack
 Assess physical points of vulnerability in simple networks
 Compare and contrast symmetric and asymmetric encryption systems and
their vulnerability to attack, and explain the characteristics of hybrid
systems.
Network Security (Post Exploitation)
Network security is any activity

designed to protect the usability and
Integrity of network and data.
It includes both hardware and

software technologies.
Network Attack Methodology
 Recon – Information gathering
 Scanning – Enumeration
 Vulnerability Identification
 Exploit
 Gaining access, Elevating given access, Application/ Web Level attacks, DOS
 Post Exploitation
 Persistence
 Access
 Removing Forensic
 Evidence
 Exfiltration
Persistence, Trojan, Backdoors
Network security is any activity
designed to protect the usability and
Integrity of network and data.
It includes both hardware and

software technologies.
Persistence – Maintaining Access
 Real attackers attempt to be on the compromised system for a long time
 The longer the attackers has access, the more damage can be done
 Some exploits only work one time.
Persistence, Trojans, Backdoors
Trojans
 Non self replicating “back door” program which runs hidden on the
infected computer
 Can be installed using one of the following methods
 Non-trusted software download
 Attachments
 Application level exploits
 Executable content on websites (Flash or ActiveX)
 Trojan can be used to maintain control of the system, access password,
keylog, etc.
The Objectives of Trojans
 Typically motivated by financial gain
 they look for credit card, account data, confidential documents, financial data,
etc.
 Make victims computer become a remote proxy
 allow for the attacker to mask their tracks for additional attacks
 Make the infected computer part of a BOTnet
 plant the ability to launch DDOS type attacks
TCP/UDP Port Typically Used by Trojans
Determining which ports are listening
 Windows – Start->Run->CMD
 netstat –an
 netstat –an |findstr <port number>
Proxy Server Trojans
 Starts a hidden http proxy on the victims computer
 Uses the victim’s computer
 as a transit point to attack yet another victim
 Hides the location of the attacker
NetBus Trojan
 Remote control Trojan program
 Allows anyone running the client (control program)
 to control any machine infected with NetBus Trojan
Netcat
 Written by “Hobbit”
 Released in March 1996
 Currently hosted at: http://netcat.sourceforge.net/
 Blindly reads and writes data to and from network connections
 Often called the “Swiss Army Knife” of network tools
 Runs on almost all platforms
 Linux, Windows, OS X, SunOS, Solaris, etc.
 Working Mode
 Client mode
 Listen mode
Netcat Uses
 Data Transfer
 Backdoors
 Replay Attacks
 Vulnerability Scanning
 Port Scanning
 Relays
Wrappers
 So how does one get a Trojan on a machine?

 Typical method
 “wrapping” the Trojan with another executable file which the user runs
 The two programs are wrapped together into a single file
 However, the user only sees the exe which was used to wrap the Trojan
 The Trojan runs in the background
Wrappers - Examples
Network Steganography for Data Exfiltration
Steganography Concept
 In Art and science
 a secret message can be hidden
 no one other than the sender and receiver is aware of the message
 Physical steganography
 Can be dated back to ancient Greece
 Stories told of tattoos on the heads of slaves
 Heads can then be shaved to reveal the message
Steganography Example
 During WWII “microdots”
 where used extensively to transmit messages.
 Microdots are small dots
 which covers a hidden message.
Steganography
Covert Channel
 The “message” is hidden within the traffic of a legitimate communications
channel.
Network Steganography
 The “message” is hidden within the traffic of a legitimate communications
channel
In network security, three common terms

are used as:
1. Vulnerabilities
2. Threats
3. Attacks
Vulnerability is a weakness that

allows an attacker to reduce a system
information assurance.
Primary vulnerabilities in network

1. Technology vulnerabilities
2. Configuration vulnerabilities
3. Security policy vulnerabilities
Computer and network technologies have intrinsic(built-in) security weakness.
 TCP/IP protocol vulnerabilities
 (HTTP, FTP are inherently unsecure)
 Operating system vulnerabilities
 (Windows, Linux have security problems)
 Network equipment vulnerabilities
 (routers, switches have security weaknesses)
Network administrator need to correctly configure their computing and network
devices to compensate.
 Unsecured user accounts
 (information transmitted insecurely across network)
 System account with easily guessed passwords
 Unsecured default settings within products
 Misconfigured internet services
 (untrusted sites on dynamic webpages)
 Misconfigured network equipment
 (misconfiguration itself cause security problem)
The network can pose security risk if users do not follow the security policies.
 Lack of written security policy
 (policies in booklet)
 Politics
 (political battles makes it difficult to implement security policies)
 Lack of continuity
 (easily cracked or default password allows unauthorized access)
 Logical access control. Not applied
 (imperfect monitoring allows unauthorized access)
 Disaster recovery plan non-existent
 (lack of disaster recovery plan allows panic (a sudden fear) when someone
attacks the enterprise.)
Threats
The people eager, willing and qualified to
take advantage of each security vulnerability,
they continually search for new exploits and,
weaknesses.
Classes of Threats
There are four main classes of threats:
1. Structured threats
2. Unstructured threats
3. External threats
4. Internal threats
Classes of Threats
 Implemented by a technically skilled person who is trying to gain access to
your network.
 Created by an inexperienced / non-technical person who is trying to gain
access to your network.
Classes of Threats
3. Internal threats
 Occurs when someone from inside your network creates a security threat to
your network.
4. External threats
 Occurs when someone from outside your network creates a security threat
to your network.
Attacks The threats use a variety of

tools, scripts and programs to launch
attacks against networks and network
devices.
Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses and Trojan Horses
Classes of attack
1. Reconnaissance
 It is a primary step of computer attack.
 It involve unauthorized discovery of
targeted system to gather information
about vulnerabilities.
 The hacker surveys a network and
collects data for a future attack.
Reconnaissance attacks can consist of the following:
1. Ping sweeps
 (tells the attacker, Which IP addresses are alive?)
2. Port scans
 (art of scanning to determine what network services or ports are active on
the live IP addresses)
3. Internet information queries

 (queries the ports to determine the application and operating system of
targeted host and determines the possible vulnerability exists that can be
exploited?)
4. Packet sniffers
 (to capture data being transmitted on a network)
Eavesdropping is listening into a conversation. (spying, prying or

snooping).
 Network snooping and packet sniffing are common terms for
eavesdropping. A common method for eavesdropping on communication
is to capture protocol packets.
Types of eavesdropping:
1.information gathering
 Intruder identifies sensitive information i.e credit card number
2.Information theft
 Intruder steals data through unauthorized access
Tools used to perform eavesdropping:

1. Network or protocol analyzers
2. Packet capturing utilities on networked computers
Classes of attack
2. Access
 An Access attack is just what it
sounds like: an attempt to access
another user account or network
device through improper means.
 Access attack can consist of the following:

1.Password attack
2.Trust exploitation
3. Port redirection
4.Man-in-the-Middle attack
5.Social engineering
6. Phishing
Password attacks
 Password attacks can be
implemented using brute-force
attack (repeated attempts to
identify users password).
Methods for computing passwords:

1.Dictionary cracking
2.Brute-force computation
Trust exploitation
 Trust exploitation refers to an attack
in which an individual take advantage of a trust
relationship within a network.
Port redirection
 A type of trust exploitation attack that uses a compromised host to pass
traffic through a firewall that would otherwise be dropped.
Man-in-the-Middle attack requires that the hacker have access to

network packets that come across a network.
Social engineering. The easiest hack (social engineering) involves

no computer skill at all. Social engineering is the art of manipulating people so
they give up confidential information.
Phishing
 Phishing is a type of social engineering attack that involves using e-mail or
other types of messages in an attempt to trick others into providing sensitive
information.
Denial of service (DoS)

 DoS attacks are often implemented by a
hacker as a means of denying a service that
is normally available to a user or organization.
 DoS attacks involve either crashing the system or
slowing it down to the point that it is unusable.
Distributed DoS attack

 DDoS uses attack methods similar to standard DoS attack but operates on
a much large scale.
Malicious code - Worms, viruses and Trojan Horses

 Malicious code is the kind of harmful computer code designed to create
system vulnerabilities leading to back doors and other potential damages
to files and computing systems. It's a type of threat that may not be
blocked by antivirus software on its own
Worms
 It uses a malicious software to spread itself, relying
on security failures on the target computer to access it.
Worms cause harm to the network.
Viruses
 Malicious software that is attached to another program to execute a
particular unwanted function on the user workstation.
Trojan Horses
 An application written to look like something else that in fact is an attack
tool.
Summary
 Vulnerabilities
 Technology, Configuration, Security policy
 Threats
 Structured, Unstructured, Internal, External
 Attacks
 Reconnaissance, Access, DOS, Malicious code
4.0 Intended Learning Outcomes
(ILOs)
At the end of the module, you should be able to :
1. Generalize some of the factors driving the need for Post

Exploitation network security
2. Distinguish Network Attack Method
3. Classify particular examples of attacks
4. Define the terms vulnerability, threat, and attack
5. Assess physical points of vulnerability in simple networks
6. Compare and contrast symmetric and asymmetric encryption
systems and their vulnerability to attack, and explain the
characteristics of hybrid systems.
4.1 Post Exploitation

Hello again, here's another interesting topic about the Internet.
Post Exploitation
Network Security (Post

Exploitation)
• Network security is any activity designed to protect the usability and
integrity of networks and data.
• It includes both hardware and software technologies.
Network Attack Methodology
• Recon – Information gathering
• Scanning – Enumeration
• Vulnerability Identification
• Exploit
o Gaining access, Elevating given access, Application/ Web Level attacks,
DOS
• Post Exploitation
o Persistence
o Access
o Removing Forensic
o Evidence
o Exfiltration

Persistence – Maintaining Access
• Real attackers attempt to be on the compromised system for a long time
• The longer the attackers have access, the more damage can be done
• Some exploits only work one time.
Trojans
• Non-self-replicating “back door” program which runs hidden on the infected
computer
• Can be installed using one of the following methods
• Non-trusted software download
• Attachments
• Application-level exploits
• Executable content on websites (Flash or ActiveX)
• Trojan can be used to maintain control of the system, access password, keylogger,
etc.
The Objectives of Trojans
• Typically motivated by financial gain

o they look for credit card, account data, confidential documents, financial
data, etc.
• Make victims computer become a remote proxy
o allow for the attacker to mask their tracks for additional attacks
• Make the infected computer part of a BOTnet
o plant the ability to launch DDOS type attacks
TCP/UDP Port Typically Used by Trojans
Determining which ports are listening

• Windows – Start->Run->CMD
• netstat –an
• netstat –an |findstr <port number>
Proxy Server Trojans
• Starts a hidden HTTP proxy on the victim's computer
• Uses the victim’s computer as a transit point to attack yet another victim
• Hides the location of the attacker
NetBus Trojan
• Remote control Trojan program
• Allows anyone running the client (control program)
• To control any machine infected with NetBus Trojan
Netcat
• Written by “Hobbit”
• Released in March 1996
• Currently hosted at: http://netcat.sourceforge.net/
• Blindly reads and writes data to and from network connections
• Often called the “Swiss Army Knife” of network tools
• Runs on almost all platforms
o Linux, Windows, OS X, SunOS, Solaris, etc.
• Working Mode
o Client mode
o Listen mode
Netcat Uses
• Data Transfer
• Backdoors
• Replay Attacks
• Vulnerability Scanning
• Port Scanning
• Relays
Wrappers
• So how does one get a Trojan on a machine?
• Typical method
o “wrapping” the Trojan with another executable file which the user runs
o The two programs are wrapped together into a single file
o However, the user only sees the .exe which was used to wrap the Trojan
o The Trojan runs in the background
Wrappers - Examples
Network Steganography for Data Exfiltration
Steganography Concept
• In Art and science

o a secret message can be hidden
o no one other than the sender and receiver is aware of the message
• Physical steganography
o Can be dated back to ancient Greece
o Stories told of tattoos on the heads of slaves
o Heads can then be shaved to reveal the message
Steganography Example
• During WWII “microdots”
o where used extensively to transmit messages.
• Microdots are small dots
o which covers a hidden message.
Covert Channel
• The “message” is hidden within the traffic of a legitimate communications channel.

Network Steganography
• The “message” is hidden within the traffic of a legitimate communications channel
In network security, three common terms are used:

1. Vulnerabilities
2. Threats
3. Attacks
Vulnerability
• It is a weakness that allows an attacker to reduce a system's information assurance.
Primary vulnerabilities in network
Computer and network technologies have intrinsic(built-in) security weaknesses.
• TCP/IP protocol vulnerabilities

o (HTTP, FTP are inherently unsecure)
• Operating system vulnerabilities
o (Windows, Linux have security problems)
• Network equipment vulnerabilities
o (routers, switches have security weaknesses)
Network administrators need to correctly configure their computing and network devices
to compensate.
• Unsecured user accounts

o (information transmitted insecurely across the network)
• System account with easily guessed passwords
• Unsecured default settings within products
• Misconfigured internet services
o (untrusted sites on dynamic web pages)
• Misconfigured network equipment
o (misconfiguration itself cause security problem)
The network can pose a security risk if users do not follow the security policies.
• Lack of written security policy

o (policies in the booklet)
• Politics
o (political battles makes it difficult to implement security policies)
• Lack of continuity
o (easily cracked or default password allows unauthorized access)
• Logical access control. Not applied
o (imperfect monitoring allows unauthorized access)
• Disaster recovery plan non-existent
o (lack of disaster recovery plan allows panic (a sudden fear) when
someone attacks the enterprise.)
Threats
• The people eager, willing and qualified to take advantage of each security
vulnerability, they continually search for new exploits and, weaknesses.
Classes of Threats
There are four main classes of threats:
3. External threats
4. Internal threats
Classes of Threats
• Implemented by a technically skilled person who is trying to gain access to your

network.
• Created by an inexperienced / non-technical person who is trying to gain access to

your network.
3. Internal threats
• Occurs when someone from inside your network creates a security threat to your
network.
4. External threats
• Occurs when someone from outside your network creates a security threat to your
network.
Attacks
• The threats use a variety of tools, scripts, and programs to launch attacks against
networks and network devices.
Classes of attack
1. Reconnaissance
2. Access
3. Denial of service (DOS)
4. Worms, viruses, and Trojan Horses
Classes of attack
1. Reconnaissance
• It is a primary step of a computer attack.

• It involves the unauthorized discovery of the targeted system to gather information
about vulnerabilities.
• The hacker surveys a network and collects data for a future attack.
Reconnaissance attacks can consist of the following:
1. Ping sweeps
• (tells the attacker, Which IP addresses are alive?)
2. Port scans
• (the art of scanning to determine what network services or ports are active on the
live IP addresses)
3. Internet information queries
• (queries the ports to determine the application and operating system of the targeted
host and determines the possible vulnerability exists that can be exploited?)
4. Packet sniffers
• (to capture data being transmitted on a network)
Eavesdropping is listening to a conversation. (spying, prying, or snooping).
• Network snooping and packet sniffing are common terms for eavesdropping. A
common method for eavesdropping on communication is to capture protocol
packets.
Types of eavesdropping:
1.information gathering
• Intruder identifies sensitive information i.e credit card number
2.Information theft
• Intruder steals data through unauthorized access
Tools used to perform eavesdropping:
1. Network or protocol analyzers

2. Packet capturing utilities on networked computers
Classes of attack
2. Access Attack
• An Access attack is just what it sounds like: an attempt to access another user
account or network device through improper means.
Access attack can consist of the following:
1. Password attack
2. Trust exploitation
3. Port redirection
4. Man-in-the-Middle attack
5. Social engineering
6. Phishing
Password attacks
• Password attacks can be implemented using brute-force attacks (repeated attempts

to identify users' passwords).
Methods for computing passwords:

1.Dictionary cracking
2.Brute-force computation
Trust exploitation
• Trust exploitation refers to an attack in which an individual takes advantage of a trust
relationship within a network.
Port redirection
• A type of trust exploitation attack that uses a compromised host to pass traffic
through a firewall that would otherwise be dropped.
Man-in-the-Middle attack
• It requires that the hacker have access to network packets that come across a
network.
Social engineering.
• The easiest hack (social engineering) involves no computer skill at all. Social
engineering is the art of manipulating people so they give up confidential information.
Phishing
• Phishing is a type of social engineering attack that involves using e-mail or other
types of messages in an attempt to trick others into providing sensitive information.
Denial of service (DoS)
• DoS attacks are often implemented by a hacker as a means of denying a service

that is normally available to a user or organization.
• DoS attacks involve either crashing the system or slowing it down to the point that it
is unusable.
Distributed DoS attack
• DDoS uses attack methods similar to standard DoS attacks but operates on a much
large scale.
Malicious code - Worms, viruses, and Trojan Horses
• Malicious code is the kind of harmful computer code designed to create system
vulnerabilities leading to back doors and other potential damages to files and
computing systems. It's a type of threat that may not be blocked by antivirus
software on its own
Worms
• It uses malicious software to spread itself, relying on security failures on the target
computer to access it.
• Worms cause harm to the network.
Viruses
• Malicious software is attached to another program to execute a particular unwanted

function on the user workstation.
Trojan Horses
• An application is written to look like something else that in fact is an attack tool.
Summary
• Vulnerabilities
o Technology, Configuration, Security policy
• Threats
o Structured, Unstructured, Internal, External
• Attacks
o Reconnaissance, Access, DOS, Malicious code

Module 4 - Post Exploitation (COMPLETE)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 4 - Post Exploitation (COMPLETE)

Uploaded by

Copyright:

Available Formats

Post Exploitation

After studying this module, you should be able to:

Network security is any activity

It includes both hardware and

It includes both hardware and

 So how does one get a Trojan on a machine?

In network security, three common terms

Vulnerability is a weakness that

Primary vulnerabilities in network

Attacks The threats use a variety of

3. Internet information queries

Eavesdropping is listening into a conversation. (spying, prying or

Tools used to perform eavesdropping:

 Access attack can consist of the following:

Methods for computing passwords:

Man-in-the-Middle attack requires that the hacker have access to

Social engineering. The easiest hack (social engineering) involves

Denial of service (DoS)

Distributed DoS attack

Malicious code - Worms, viruses and Trojan Horses

At the end of the module, you should be able to :

1. Generalize some of the factors driving the need for Post

4.1 Post Exploitation

Network Security (Post

Persistence, Trojan, Backdoors

The Objectives of Trojans

• Typically motivated by financial gain

TCP/UDP Port Typically Used by Trojans

Determining which ports are listening

• In Art and science

• The “message” is hidden within the traffic of a legitimate communications channel.

In network security, three common terms are used:

Primary vulnerabilities in network

Computer and network technologies have intrinsic(built-in) security weaknesses.

• TCP/IP protocol vulnerabilities

• Unsecured user accounts

3. Security policy vulnerabilities

• Lack of written security policy

• Implemented by a technically skilled person who is trying to gain access to your

• Created by an inexperienced / non-technical person who is trying to gain access to

• It is a primary step of a computer attack.

Reconnaissance attacks can consist of the following:

• (tells the attacker, Which IP addresses are alive?)

3. Internet information queries

• (to capture data being transmitted on a network)

Eavesdropping is listening to a conversation. (spying, prying, or snooping).

• Intruder identifies sensitive information i.e credit card number

• Intruder steals data through unauthorized access

Tools used to perform eavesdropping:

1. Network or protocol analyzers

Access attack can consist of the following:

• Password attacks can be implemented using brute-force attacks (repeated attempts

Methods for computing passwords:

Denial of service (DoS)

• DoS attacks are often implemented by a hacker as a means of denying a service

Distributed DoS attack

• Malicious software is attached to another program to execute a particular unwanted

You might also like