Network Defence's blog

[Know your tools] Packet Capture with tcpdump

Submitted by Network Defence on Mon, 25/06/2012 - 09:00

So you've got your big unknown network, you can see the blinking lights on your switch or router flashing away indicating the huge amounts of traffic zipping it's way from host to host and you want to know what that traffic is...

Then tcpdump is the tool for you!

Tip

On a switched network, to view all traffic on a link you may have to redirect traffic to your collection box using Cisco SPAN(or by using ARP poisoning).

[Hack Yourself First] Part 3 - Defending against Pass-the-Hash by Mike H

Submitted by Network Defence on Tue, 05/06/2012 - 09:00

The original pass-the-hash technique has been known about since 1997 but it in my experience it's implications are not widely understood by network administrators.

Understand the pass-the-hash attack

This attack essentially means that an attacker who compromises a single internal host and obtains cached credentials can gain control of ANY other host provided it's reachable on port 139/445 on the network. The attack essentially works by authenticating with the NTLM hash and using PSEXEC to execute code on the remote machine.

[Hack Yourself First] Finding and Fixing Common issues

Submitted by Network Defence on Mon, 28/05/2012 - 09:00

As much as we would like to believe that all of the issues we discover on our networks are new and exciting, the sad truth is that there are a number of issues that come up time and time again.

The quicker you learn how to fix and find them the better.

So, in no particular order - here is a list of the most common network issues and how to find/fix them.

Default passwords

[HACK YOURSELF FIRST] Part 1: Defending against basic attacks by Mike H

Submitted by Network Defence on Fri, 18/05/2012 - 09:00

In this article

Here is a list of tools we’ll be using:
- nmap (port scanning, service detection and versioning)
- medusa (bruteforce windows smb credentials, SSH and lots of others)
- metasploit (we are just going to use database support for building lists of services)

Background

You Can't Defend A Network You Don't Understand

Submitted by Network Defence on Mon, 30/04/2012 - 09:00

So, it's been a couple of weeks and since my last post (and with a little help getting your gear in order) you should now have a pretty good toolchain that you are comfortable using and also have some fundamental knowledge of *nix,regular expressions and scripting that you are eager to put to use!

5 Essential Tools for a Network Defence Professional

Submitted by Network Defence on Thu, 09/02/2012 - 20:35

So, before we get started....

I want to quickly zoom through 5 essential tools for a Network Defence professional.

These are tools that I use multiple times, everyday and which save me countless hours of effort. Unfortunately, these tools are mostly tools that will exist in your mind... fortunately, they are quick and easy to learn! An evenings worth of learning the basics will give you a good jumping off point.

So, without further ado :

1) Be comfortable at a Linux command line