[Bill's Home] The Advanced Security and Network Forensics teaching pack is at [Notes][Labs]:
Unit 1: Fundamentals
- Install ProfSIMs. Register with your Napier email address.
- Tutorial. [Use the tutorial in Networksims]
- Lab 1: [Investigate Linux Services and start developing the Toolkit] [Connect to cluster]
- Associated software:
- Toolkit. This is a program which can be used to investigate client/server applications [demo]. Run client.exe and it should have the client and server program in it. Also it contains a packet capture tab, where you can see the network connections.
Unit 2 Vulnerabilities and Threats
Unit 3: Network Forensics
- Lecture. [Standalone version]
- Example traces: Ping, Telnet, DNS Lookup, FTP, NMAP, Tracrt, Web page, SSL, Spoof Address, IPSec, GoogleWeb, IP Packet (Windows). IP Packet (Ubuntu).
- Hydra traces: hydra_ftp, hydra_telnet
- Hping traces: hping_fin, hping_ping_scan, hping_port80, hping_port80_fin, hping_syn, hping_udp_scan, hydra_ftp, hydra_telnet.
Unit 4: Obfuscation and Data Hiding
Unit 5: Web Infrastructure
Unit 6: Cloud
Test 2 will be on Wednesday 24 April 2012 from 9am. The study guides are:
- CSN10102. Certification focus: Ethical Hacking (1 -7). 35 questions ... approximately 25 Ethical Hacking questions taken from Units 1 (
Business Aspects of Pen Testing) to 7 (Hijacking).
A company (MyComp) has had a security breach where it is alleged that there has been illegal file sharing on the corporate server. The company has managed to get a virtual image of the computer, which contains traces of evidence that could be used for the investigation. It is thus your objective to investigate the virtual image, and produce a fair and unbiased report on the finds. You will be provided with a DVD of the image. The trace is in virtual image, but can also be downloaded from: