CISSP Fix

Hello Friends

MCTS practice test such as 70-680, 70-685, 70-683, 70-620, 70-622, 70-640, 70-270, MCDST preactice test such as 70-271, and 70-272 are available in huge discount here.. You can save up to 50%. The discount is also available for other certification practice test, such as CCNA, LPIC, Adobe, GIAC, Sun, Oracle, and CompTIA. This is the Freedom sale. Make the most of it.

Click Here to get the discount.

Incident handling is the process of managing incidents in an Enterprise, Business, or an Organization. It involves the thinking of the prospective suitable to the enterprise and then the implementation of the prospective in a clean and manageable manner. It involves completing the incident report and presenting the conclusion to the management and providing ways to improve the process both from a technical and administrative aspect. Incident handling ensures that the overall process of an enterprise runs in an uninterrupted continuity.

There are six different phases of the Incident handling process, which are as follows:

1. Preparation phase

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool since it can produce almost any kind of correlation one would need and has a number of built-in capabilities.

The common Netcat switches are as follows:

It is one of the best method to dive in other system and retrieve the information. Atleast better then the dumbster diving. I am giving the list of the tools, which you can use to perform OS fingerprinting. Go ahead and experiment. Your comments are important for me.

• PRADS – Passive comprehensive TCP/IP stack fingerprinting and service detection.
• Ettercap – passive TCP/IP stack fingerprinting.
• NetworkMiner – passive DHCP and TCP/IP stack fingerprinting (combines p0f, Ettercap and Satori databases)
• Nmap – comprehensive active stack fingerprinting.
• p0f – comprehensive passive TCP/IP stack fingerprinting.

pOf is one of its own kind type of tool. As the name suggests it is used for OS fingerprinting. P0f is a versatile passive OS fingerprinting tool. P0f can identify the system on machines that connect to your box, machines you connect to, and even machines that merely go through or near your box. All this even if the device is behind a fascist packet firewall.

NetworkMiner is a network forensic analysis tool (NFAT) for Windows. It is used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner is also used to parse PCAP files for off-line analysis and to regenerate or reassemble transmitted files and certificates from PCAP files.

The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

Another work to help my friend with his white paper. I am including overview because each topic can elaborate in long epic. I like to add topics as it gives me chance to post atomic topics later. I will surely come with the elaborate post for each atomic topic.

Remote hacking is the process of entering a target system remotely by using the advantage of vulnerability.

Remote Hacking Steps:

1. Information Gathering / Foot Printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintaining Access

Lately I came up with a new methodical challenge. One of my friend is writing white paper on the effect of different tools used in hacking and penetration testing. He came to me with a weird kind of problem. He wants to categorize the password cracking tools according to their usage and effectiveness. It took my whole weekend to complete this work, but its worth like spending so much time. I learned what I thought never existed. Rare elites are out there in World. I am sharing the part of my work in this blog. KNOWLEDGE FOR ALL, ALL FOR KNOWLEDGE. I tried my best to omit any lame mistake and keep the content appropriate. I know many websites are also giving these lists but I tested each tool with my hands on practical experiences.

A rootkit is software that is installed on your server with the purpose of hiding the fact that your server has been compromised and providing access to your server so that the intruder can easily return. It is important to understand that in order for an intruder to install a rootkit they will have to have gained the rights to do so on your server. This means that the first line of defense is good security that prevents the installation of a rootkit.

This is important to learn. Couple of days back I experienced the threat more or less like it. That day I decided to fight with it and let my readers aware of this type of security. Its short and simple and easy to implement. Friends, prevention si better than the cure. Go through and please let me know your feedback.

Network security is a hot cake in contemporary IT industry scenario, and this trend will only increase in importance in the years ahead. Generally, all of the attention is focused to exterior threats and attacks, there are some steps we can take to prevent unwanted Cisco router access from within an organization (internal network).