[Bill's Home] The Advanced Security and Network Forensics teaching pack is at [Part 1][Labs]:
NetworkSims install [http://www.soc.napier.ac.uk/~bill/downloads/napier.zip] Remember to register with the Red button and your Napier email address. Thanks!
Unit 1: Fundamentals
- Lab 1: [Investigate Windows 2003 Services and start developing the Toolkit]
- Accessing services on Windows 2003. This gives an overview of accessing important services, such as Telnet, FTP, SMTP, and so on, from Windows 2003 for Lab 1 (Page 176).
- Toolkit 1 demo. This provides an overview of Toolkit 1 lab for Lab 1 (Page 182). Source code [here].
- Associated software:
- Toolkit. This is a program which can be used to investigate client/server applications [demo]. Run client.exe and it should have the client and server program in it. Also it contains a packet capture tab, where you can see the network connections.
Unit 2 Vulnerabilities and Threats
- Lecture. [Standalone version]
- Lab 2: [Investigate Unix Services, SQL Injection and further Toolkit]
- Demo of Linux services. This gives an overview of accessing important services, such as Telnet, FTP, SMTP, and so on, from Linux (Lab 2).
- Toolkit 2 demo. This provides an overview of Toolkit 2 lab for Lab 2 (Page 187). Source code [here].
- Demo of Nessus. Nessus is an excellent vulnerability scanner.
- Cross scripting example. This shows an example of an SQL injection attack, which is an example of a cross-scripting threat.
- SQL examples. This shows some examples of basic SQL.
- IDS detecting ping and port scan. This shows a simple example of using IDS for detecting a ping on a host, and' also in using the sfportscan preprocessor to detect a port scan.
- Snort example using ProfSIMS.
- Hydra vulnerability scanning. The Hydra program allow administrators to scan their servers, such as for FTP and Telnet, for vulnerabilities. This example shows a practical scan for a range of user names and passwords.
- Hping vulnerability scanning. The hping program can be used to craft data packet which can be used for vulnerability testing.
Unit 3: Network Forensics
Unit 4: Obfuscation and Data Hiding
Unit 5: Web Infrastructure
Unit 6: Cloud
A company (MyComp) has had a security breach where it is alleged that there has been illegal file sharing on the corporate server. The company has managed to get a virtual image of the computer, which contains traces of evidence that could be used for the investigation. It is thus your objective to investigate the virtual image, and produce a fair and unbiased report on the finds. You will be provided with a DVD of the image. The trace is in virtual image, but can also be downloaded from: