Advanced Security and Network Forensics

[Bill's Home] The Advanced Security and Network Forensics teaching pack is at [Part 1][Labs]:

NetworkSims install [http://www.soc.napier.ac.uk/~bill/downloads/napier.zip] Remember to register with the Red button and your Napier email address. Thanks!

Unit 1: Fundamentals

  • Notes.
  • Lecture.
  • Tutorial.
  • Lab 1: [Investigate Windows 2003 Services and start developing the Toolkit]
    • Accessing services on Windows 2003. This gives an overview of accessing important services, such as Telnet, FTP, SMTP, and so on, from Windows 2003 for Lab 1 (Page 176).
    • Toolkit 1 demo. This provides an overview of Toolkit 1 lab for Lab 1 (Page 182). Source code [here].
  • Associated software:
    • Toolkit. This is a program which can be used to investigate client/server applications [demo]. Run client.exe and it should have the client and server program in it. Also it contains a packet capture tab, where you can see the network connections.

Unit 2 Vulnerabilities and Threats

  • Notes.
  • Lecture. [Standalone version]
  • Tutorial.
  • Lab 2: [Investigate Unix Services, SQL Injection and further Toolkit]
    • Demo of Linux services. This gives an overview of accessing important services, such as Telnet, FTP, SMTP, and so on, from Linux (Lab 2).
    • Toolkit 2 demo. This provides an overview of Toolkit 2 lab for Lab 2 (Page 187). Source code [here].
  • Demos:
    • Demo of Nessus. Nessus is an excellent vulnerability scanner.
    • Cross scripting example. This shows an example of an SQL injection attack, which is an example of a cross-scripting threat.
    • SQL examples. This shows some examples of basic SQL.
    • IDS detecting ping and port scan. This shows a simple example of using IDS for detecting a ping on a host, and' also in using the sfportscan preprocessor to detect a port scan.
    • Snort example using ProfSIMS.
    • Hydra vulnerability scanning. The Hydra program allow administrators to scan their servers, such as for FTP and Telnet, for vulnerabilities. This example shows a practical scan for a range of user names and passwords.
    • Hping vulnerability scanning. The hping program can be used to craft data packet which can be used for vulnerability testing.

Unit 3: Network Forensics

Unit 4: Obfuscation and Data Hiding

Test 1

Unit 5: Web Infrastructure

Unit 6: Cloud

Coursework

A company (MyComp) has had a security breach where it is alleged that there has been illegal file sharing on the corporate server. The company has managed to get a virtual image of the computer, which contains traces of evidence that could be used for the investigation. It is thus your objective to investigate the virtual image, and produce a fair and unbiased report on the finds. You will be provided with a DVD of the image. The trace is in virtual image, but can also be downloaded from:

http://www.soc.napier.ac.uk/~bill/cw_capture.rar