by kriggins on April 30, 2008
in Tools
Once again I find a nifty tool via Darknet. CDPSnarf lets you passively capture CDP packets and see the yummy goodness inside.
For those who don't know, CDP stands for Cisco Discovery Protocol. It can be used to discover information about neighboring devices. For example, if I am on a Cisco router that has several interfaces and I want to know what is connected on each interface, I can execute 'show cdp neighbors detail.' This lovely command will tell me all about those neighboring devices with the following caveats:
- The devices are Cisco devices.
- CDP is enabled
Here is a good overview of CDP.
As the saying goes, "Knowledge is power." The more we know about the target network, the easier it is to get past the crunchy outer shell and snack on the chewy center.
Kevin
A few weeks ago I wrote about participating in Cyber Defense Competitions as a Red Team member. This weekend I had the opportunity to do so again. This time with a bunch of High School students.
This weekend was the annual IT Olympics event that is put on by Iowa State. The event is an opportunity for the High School students who participate in the IT-Adventures program to get together and compete. There are three competitions:
- Robotics
- Game Design
- Cyber Defense Competition
While the robotics and game design competitions were very interesting, I was there for the CDC. The Red Team didn't actually get to start attacking until Saturday morning, so I volunteered to show up on Friday and help the students with anything they might need during the setup period. These kids are amazing.
Twenty-fourish teams showed up and we had about 20 Red Team members. In my previous post I mentioned three ways in which you can provide value to the students when participating in this type of event:
- Keep good notes
- Write down remedies
- Attend the debrief
I am happy to say that we accomplished all three goals. Probably the best decision made was to setup a Wiki with pages for each team where we could all keep notes as the contest progressed. These notes then became the outline for our talks with the teams in the debrief.
If you have never had the opportunity to work with kids that are interested in IT, I highly recommend you find a way to do so. It is truly a rewarding experience.
Kevin
http://www.net-security.org/insecuremag.php - Issue 16 is out.
- Security policy considerations for virtual worlds
- US political elections and cybercrime
- Using packet analysis for network troubleshooting
- The effectiveness of industry certifications
- Is your data safe? Secure your web apps
- RSA Conference 2008 / Black Hat 2008 Europe
- Windows log forensics: did you cover your tracks?
- Traditional vs. non-tranditional database auditing
- Payment card data: know your defense options
- Security risks for mobile computing on public WLANs: hotspot registration
- Network event analysis with Net/FSE
- Producing secure software with security enhanced software development processes
- AND MORE!
http://mentornet.net/ - Share your experience. Be a mentor.
Defense in Depth, Reconsidered: Is Information Security Anything Like War? - An interesting read about defense in depth.
by kriggins on April 21, 2008
in Tips
In this post, I referenced a very interesting article over at Neohapsis about easily setting up a reverse shell using just the bash shell. Well there is a new post up which talks about the flip side of the equation; How to stop reverse shells.
Like the first post, this one is also a good read.