[Bill's Home] The Advanced Security and Network Forensics teaching pack is at [Part 1][Labs]:
NetworkSims install [http://www.soc.napier.ac.uk/~bill/downloads/napier.zip] Remember to register with the Red button and your Napier email address. Thanks!
Unit 1: Fundamentals
- Install ProfSIMs.
- Tutorial. [Use the tutorial in Networksims]
- Lab 1: [Investigate Linux Services and start developing the Toolkit] [Connect to cluster]
- Associated software:
- Toolkit. This is a program which can be used to investigate client/server applications [demo]. Run client.exe and it should have the client and server program in it. Also it contains a packet capture tab, where you can see the network connections.
Unit 2 Vulnerabilities and Threats
Unit 3: Network Forensics
- Lecture. [Standalone version]
- Example traces: Ping, Telnet, DNS Lookup, FTP, NMAP, Tracrt, Web page, SSL, Spoof Address, IPSec, GoogleWeb, IP Packet (Windows). IP Packet (Ubuntu).
- Hydra traces: hydra_ftp, hydra_telnet
- Hping traces: hping_fin, hping_ping_scan, hping_port80, hping_port80_fin, hping_syn, hping_udp_scan, hydra_ftp, hydra_telnet.
Unit 4: Obfuscation and Data Hiding
Unit 5: Web Infrastructure
Unit 6: Cloud
Test 2 will be on Wednesday 28 April 2010 from 9-9:55am or 10-10:55am (you will be sent an email with the time). The study guides are:
- CSN10102. Certification focus: Ethical Hacking (1 -7). 35 questions ... approximately 25 Ethical Hacking questions taken from Units 1 (
Business Aspects of Pen Testing) to 7 (Hijacking).
- CSN11112. Certification focus: CISSP (1-7). 35 questions ... approximately 25 CISSP questions taken from Units 1 (Physical Security) to 7 (Law).
A company (MyComp) has had a security breach where it is alleged that there has been illegal file sharing on the corporate server. The company has managed to get a virtual image of the computer, which contains traces of evidence that could be used for the investigation. It is thus your objective to investigate the virtual image, and produce a fair and unbiased report on the finds. You will be provided with a DVD of the image. The trace is in virtual image, but can also be downloaded from: