Selil Blog

With this ten part series I wanted to get some ideas down and hopefully start some discussion. Over the last few weeks each segment has looked at cyber warfare from a different viewpoint. I’ve been told that my blog posts are way to long and that nobody reads my stuff, but I’d rather provide detailed content over other options. Right or wrong each segment tried to look from a high level at what cyber warfare means. I have succeeded at creating some stir with several other blogs picking up on themes and posts. Here at the end of the series I thought I’d try and clarify a few things and tell you where the future is going to take me. Expect a few minor rants too. [Read more →]

[Read more →]

Abstract

Within lab 3 we will be looking at obtaining the information wanted by using passive approaches and comparing various tools. By first reading and comparing the literature we will gain a better understand on what we will be doing and the purpose of the lab. Then we will go onto the actual testing and the creation of a table for various tools and where the attack can be place on the OSI model with McCumber cube coordinates. We will then give any findings that we obtained from the lab and will be able to discuss the issue more in depth. [Read more →]

Abstract

Unlike the last lab where we analyzed different means of actively retrieving information from a network, in this lab we are going to look into passively analyzing a network to gain knowledge of the system in question. Passive reconnaissance is the gathering of knowledge from a target without the intended target being aware.

This lab will look at tools that can be used to analyze traffic that is flowing across a network in a passive nature. This lab will also explore how passive reconnaissance can also be used to analyze how active reconnaissance tools perform their many tasks by running passive analysis tools on a network with active tools performing scans on a target. This knowledge can be used to gain information on the active reconnaissance tool and how the target of that tool reacts to the various requests. Lastly, an analysis of a set of case studies that show how even reconnaissance tools can be compromised to ether gain control of a target or causing that target to become available. An analysis of ways that network analysis tools can be examined for malicious activities will be done. This analysis will show how analyzing these tools are not viable in an enterprise environment. [Read more →]

Abstract

The purpose of this exercise was to examine the role, application, and concerns associated with the employment of passive reconnaissance tools. First, we develop a definition of ‘active reconnaissance’ within the scope of network penetration attacks. Using this, we test and classify a significant sampling of security tools into this category, with reference to network and security models. Additionally, we examine the concept of a ‘meta exploit’ and evaluate its application, along with recounting patterns and biases found in common network reconnaissance tools. We continue, and research the concept of ‘hostile’ security tools, both in case studies and preventative measures to counteract this threat. Furthermore, we evaluate existing literature available with regards to the effective execution of this exercise. [Read more →]

Abstract

The act of performing network reconnaissance can mean the difference between a successful penetration test, and a failed one.  Without taking the time to gather as much information as one can on a target network or system the attacker is going in blind, and might be caught in the process.  In order to alleviate that concern the question is not whether or not to perform network recon; but whether or not to perform active network recon or passive network recon.  While laboratory two dealt with the topic of active network recon, laboratory three focuses on the topic of passive network recon, meaning performing information gathering on a target network with limited possibility of being discovered.

In lab three we will be looking at passive network recon.  We will be discovering the tools and techniques that will allow us to gather information without interaction with or destruction of the target network.  This will be accomplished first through a current literature review on the topic of black box fuzzing. Second by creating a chart of passive network recon tools, and aligning them to the McCumber cube.  Third by running a simulated attack with penetration testing tools, and finally though a collection of case studies examining penetration testing tools that where used against the tester all while answering a series of specific questions on the topic. [Read more →]

Abstract

The first part of the lab is to research passive reconnaissance tools and how they operate. The students will identify if the tools can or cannot recreate the packet stream passively.  The ability for tools to change the duration of their tests will be covered. The importance of the ability to change the duration of a test will also be discussed. The next part of the lab will include the research of scanning tools, such as Nmap and Nessus. These tools will be tested to see if their scanning results can be detected on another system using a packet sniffer. The student will also discuss operating system biases for these tools and how the exploits that they perform relate to the security tools grid. The methods and results of this test will be discussed in detail. For the last part of the lab, a set of case studies will be discussed, based on research of network penetration tools that have been exploited. The risks to the enterprise that use untested or exploited tools in penetration testing will also be discussed. The student will discuss all of their findings and report any issues and problems encountered in the lab. [Read more →]

There are a lot of arguments over why cyber warfare and cyber terrorism get so little attention. The attention it gets arrives in waves and departs. There is almost a decade swing between being ignored and being the hottest new thing. The current president says he will make it a priority much like the previous five presidents. Think tanks and experts trot across the stage in front of legislators and people discuss the issues much like they have for forty years. Nearly the exact problems of decades ago exist within the cyber infrastructure today. It is pretty obvious that we as a society do not take cyber conflict seriously despite extensive evidence of the issues. Cyber has changed our society in many negative ways. [Read more →]

The nation state as an entity is a conglomeration of power and social structure having a history stretching back to the Westphalian peace and treaty. This concept of nations rises out of western tradition that had recognized empires previously but began to create borders and gather the city-state around the more regionalized powers. This is a gross simplification of the process, but for our purposes justified by the larger idea. As we know nations now, could an individual, challenge their power and inflict grievous harm, without being beholden to another nation or using their resources? As a simple example, should I as an individual go to evil despots country and push the giant red button unleashing nuclear Armageddon, I as an individual may have taken action but it was using another nations power. An interesting corollary is the idea of insurgencies and guerilla groups who use a nation states power or weapons against that central seat of power. As a further example should I create a bunch of nuclear bombs and keep them in the basement I might be able to force a nuclear détente’ of some sorts for a short time.  Not likely though. Note to Homeland Security. I don’t have a basement, and I’m allergic to radiation. [Read more →]

This week is attack of the climbers! The pole beans have exploded and are quickly making their way up the tomato cage I provided for them. They are also looking lustily at the hanging garden’s wooden A-frame. The snow peas are also making their way skyward by way of the tomato cage in their pot. They are not quite as adventurous as the beans prefer to stay closer to the cage. [Read more →]

What is the value of a university? The building and land have value. The resources and materials for research are often expensive and even priceless. The trade and product of a university is the talent and intellectual capital that is created and traded with each turn over of graduating classes. This pool is not just the faculty and staff but the students who enter and exit while creating an educational cycle in ideas and knowledge. Each graduating class represents a completion of scholarly aptitude. This is a rosy picture that has been eroded by time to be sure. This is a question of why knowledge and the difference between education and training. There is a difference between determining wisdom and training application.  Distance education has become a salve for the guilt of society that won’t serve under represented populations and marketing gimmick used to draw tuition dollars.  Oh, wait, there is more. I’m here to tell you how we can make distance education the best thing ever to come to our society. [Read more →]

[Read more →]

Abstract

Active reconnaissance is a method used by attackers to footprint a remote system by actively probing the network for information and getting results back.  This method risks exposing the attacker and steps can be made to obscure the source of the probes but the tools that do so may provide unreliable results to the attacker.  Tools used for active reconnaissance will be aligned with the OSI and TCP/IP models and their McCumber cube coordinates.

In this lab we also look at a comparison of the TCP/IP protocol, SCADA protocols, and the OSI 7 layer model and analyze the potential risks of merging TCP/IP networks with SCADA networks.  By analyzing the tools used to probe a TCP/IP network, we can see how a SCADA network could also be probed for information and vulnerabilities to be used by an attacker. [Read more →]

Abstract

Laboratory two will require the student team to identify and tabulate active reconnaissance tools   and tools that could give an individual anonymity on a network based on where they lie in OSI model and McCumber’s Cube. The student team will install these tools into the virtual environment. The team will align the TCP/IP model to the OSI model and determine if the model should contain four or five layers. The team will align layers from MODBUS, DNP3 and DeviceNet, as well as two other SCADA protocols to the OSI and TCP/IP models. The student team will also explain the functionality of each of the applicable layers within these SCADA standards. [Read more →]

Abstract

The purpose of this exercise is essentially two-fold in areas of research: active reconnaissance methods and automated process control protocols.  First, the concept of ‘active reconnaissance’ is examined along with the tools used in these types of attacks. A functional installation of a subset of these tools is implemented for use within a mock-up penetration testing environment.  In addition, network and security model classification of these tools are presented, along with methods for concealment in their use. Furthermore, existing literature presented on these topics is evaluated. In relation to the second area of research, a number of Supervisory and Data Acquisition (SCADA) protocols are listed and their relationship to common network models is explored.  Finally, the possibilities associated with the malicious use of these SCADA protocols are examined. [Read more →]