SDL Episode59

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #59

Recorded on April 10, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • Topic: Intro to Vulnerability Scanning

    HACKNYC The two-day Ethical Hacking Workshop runs $1499 and you're welcome to have your viewers use this code: TZ10 for a 10% discount.

    Here's a link for further info:

    https://iclass.eccouncil.org/schedule/cyber-security-workshop-series-newyork-ny-2/

    RSA -- I will be speaking at RSA 2018 in San Francisco on the 18th of April so be sure and come by. I will be there shooting SDL on Tuesday at the NetSparker booth so if you want to see the show live, now's your chance. I am speaking at 8 am on the 18th but the show will be there on the 17th at the Marriott Marquis.


    The very basics of VS

    • VS is all about collection of data but just up front

    there is no such thing as an automated scan that is comprehensive. Beware of automated tests that seem too easy.

    • Origin of scanning: The original scanner was called SATAN

    System Administrators Tool Analyzing Networks or something like that

    • The SATAN engine was essentially a port scanner.
    • A Wintel based NIC has 65536 potential ports which can be open

    Listening Daemons (spell it) are simply code which opens a port and subsequently listens on that port for inbound queries.

    • For instance, SSHD is a daemon which listens for TCP/SYN packets

    on port 22. If a tcp syn packet arrives, it negotiates the the three way tcp handshake and creates a socket.

    • That socket then consists of the two ports (22 and some other port on the remote)

    which are used to exchange information.

    • So, initially, you could write a program which sent syn packets to all 65,536 ports

    at some ip address and tries to connect on each one. If the connection is achieved, then you have learned something about the system. This is called port scanning and is the basis for VS.

    • You can also then use IP addresses since they range from 0.0.0.0 to 255.255.255.255 and

    you can use another set of loops to try and scan for all those (the entire internet).

    • SATAN became NMAP (insecure.org) which provides a multi purpose scanning tool which can

    be used to examine networks, segments, or ips, for everything from ICMP response to UDP to TCP. This can also include stealth type scans (syn with no ack), etc.

    • When we do this type of scanning, we are essentially collecting intel about the device

    being scanned with the idea that we will learn something about what daemons are listening.

    • httpd, that's port 80/tcp, bind tcp or udp/53 and on and on. This can include very

    interesting ports like 3389 (that is where remote desktop listens for connects).