Preparation
Detect Vulnerabilities:
-
Penetration Testing Tools in Kali Linux, commonly used ones (14 pages, sparse)
-
Known
-
Vulnerability Scanning: gvm (1 page)
-
Vulnerability Exploitation: metasploit
-
Introduction (1 page)
-
Commands (use, show, set run) (2 pages)
-
-
-
Unknown
-
Fuzzing: American Fuzzy Lop (1 page)
-
Binary Analysis: angr (2 pages)
-
Detect Attacks:
-
Ongoing
-
Intrusion Detection: Overview, by Kemmerer & Vigna (4 pages)
-
-
Past
-
Logging Cheat Sheet, by OWASP (6 pages)
-
Log Analysis Tools, by Hoagland, sections 1, 2 and 6 (2 pages)
-
Malware Removal, by Nachenberg (6 pages)
-
Mitigation:
-
Firewalls (1 page)
-
Isolation
Exercise
-
follow the Assignment 2 instructions for "Setup a Vulnerable Server". then, from your Kali VM, find the vulnerable server (see start of Problem 1), and scan it (see start of Problem 2).
-
gvm howto:
-
start gvm daemon:
-
run
sudo gvm-start
-
-
access the (Web-based) UI:
-
the above step should open a browser tab with the UI to the running gvm daemon inside your VM. in any case, you can access this UI by navigating to https://127.0.0.1:9392
-
you may be greeted by a warning saying that the Web service does not have a valid certificate. press the advanced settings and ignore the warning.
-
the username/password combination for logging into this UI is contained in a text file on the desktop of your VM.
-
-
scan:
-
user manual, section 10.1.1
-
-
Further Reading
-
Common Vulnerabilities and Exposures (CVE), maintained by The MITRE Corporation
-
ATT&CK knowledge base, maintained by the MITRE Corporation
-
Denial of Service Attacks, first 11 pagesnote: out of scope of this course.