Help (or '?') – shows the existing commands in msfconsole
show exploits – shows the exploits we can run
show payloads – shows the various payload options we can execute on the exploited system such as spawn a command shell, uploading programs to run.
info exploit [exploit name] – shows a description of a particular exploit name along with its various options and requirements
info payload [payload name] – shows a description of a particular payload name along with its various options and requirements
use [exploit name] – instructs msfconsole to enter into a particular exploit's environment
show options – shows the various parameters for the specific exploit we're functioning with
show payloads – shows the payloads compatible with the specific exploit we're working with
set PAYLOAD – allows we to set the specific payload for exploit
show targets – shows the existing target OSs and applications that can be exploited
set TARGET – allows we to select our specific target OS/application
set RHOST – allows we to set our target host's IP address
set LHOST – allows we to set the local host's IP address for the reverse communications needed to open the reverse command shell
back – allows us to exit the present exploit environment we've loaded and go back to the main msfconsole prompt
Sunday, June 19, 2011
Security management plan reduces the disaster risks
Security management plan offers an efficient way to deploy information security inside the organization. Its approach supports trade goals and provides a manner to demonstrate compliance with associated regulatory & statutory requirements. Moreover, the service reduces cost, time & resources for security management plan permit the organization to concentrate on other activities. A disaster can be a natural or man-made hazard. A natural disaster is a result when a natural hazard (ie Sunami or earthquake) affects humans and the build surroundings. Man-made disasters are disasters consequential from man-made hazards.
Disaster recovery phases
1. Activation Phase: In this phase, the disaster effects are assessed and announced.
The activation phase involves:
• Notification procedures
• Damage assessment
• Disaster recovery activation planning
2. Execution Phase: Recovery operations begin just following the disaster recovery plan has been activated, suitable operations staff has been notified and suitable teams have been mobilized. The activities of this phase concentrate on bringing up the disaster recovery system. Depending on the recovery strategies define in the plan; these functions could contain momentary manual processing, recovery and operation on an alternate system, or relocation and recovery at an alternate site.
3. Reconstitution Phase: In this phase the original system is restored and execution phase procedures are stopped.
The following main activities arise in this phase:
• Shut down the incident system
• Terminate incident operations
• make sure that all needed infrastructure services, such as power, water, telecommunications, security, environmental controls, office equipment, and supplies, are outfitted
• Secure, eliminate, and relocate all sensitive materials at the incident site
• Place for operations staff to return to the original facility
• Constantly monitor the site or facility's fitness for reoccupation
• confirm that the site is free from after effects of the disaster and that there are no more threats
• create connectivity among internal and external systems
• Test system operations to ensure full functionality
• Install system hardware, software, and firmware
The activation phase involves:
• Notification procedures
• Damage assessment
• Disaster recovery activation planning
2. Execution Phase: Recovery operations begin just following the disaster recovery plan has been activated, suitable operations staff has been notified and suitable teams have been mobilized. The activities of this phase concentrate on bringing up the disaster recovery system. Depending on the recovery strategies define in the plan; these functions could contain momentary manual processing, recovery and operation on an alternate system, or relocation and recovery at an alternate site.
3. Reconstitution Phase: In this phase the original system is restored and execution phase procedures are stopped.
The following main activities arise in this phase:
• Shut down the incident system
• Terminate incident operations
• make sure that all needed infrastructure services, such as power, water, telecommunications, security, environmental controls, office equipment, and supplies, are outfitted
• Secure, eliminate, and relocate all sensitive materials at the incident site
• Place for operations staff to return to the original facility
• Constantly monitor the site or facility's fitness for reoccupation
• confirm that the site is free from after effects of the disaster and that there are no more threats
• create connectivity among internal and external systems
• Test system operations to ensure full functionality
• Install system hardware, software, and firmware
Ethical and legal obligation by security assessment and penetration testing
Ethical and legal obligation by security assessment and penetration testing
In order to offer a robust and adaptable assessment measured, it is essential that we realize necessary measures needed in general to protect organizational information assets. This lets in several technical, operational and managerial prospects to protect the confidentiality, integrity, and availability of the organization system and its data. These assesses are required to achieve organizational objectives, protect information assets, fulfill legal obligations, and protect interest of several stakeholders.
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
Ethical and legal obligations of an ethical hacker that bound his action. What are the safeguards to ensure that an ethical hacker does not turn maliciousWhen executing ethical hacking is the correct thing from a security viewpoint, much conduct may unintentionally produce avoidable legal and contractual exposure while advanced precautions are not taken.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
In order to offer a robust and adaptable assessment measured, it is essential that we realize necessary measures needed in general to protect organizational information assets. This lets in several technical, operational and managerial prospects to protect the confidentiality, integrity, and availability of the organization system and its data. These assesses are required to achieve organizational objectives, protect information assets, fulfill legal obligations, and protect interest of several stakeholders.
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
Ethical and legal obligations of an ethical hacker that bound his action. What are the safeguards to ensure that an ethical hacker does not turn maliciousWhen executing ethical hacking is the correct thing from a security viewpoint, much conduct may unintentionally produce avoidable legal and contractual exposure while advanced precautions are not taken.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
Different techniques of footprinting and how they can be used as a baseline for other stages of hacking
Web Search: Scan the web for:
· Phone Numbers, Contact Names, electronic mail Addresses, and individual Details
· Current Events
· Mergers, scandals, layoffs, etc. create security holes
· Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
· Extract data from Usenet
· Review Groups.google.com
· Search for Employee Resumes
· Perform Google Hacking
Whois is a database that holds registration records of whole available domain names. Holds thrall information on each internet web site, containing domain name, company name and its destination, administrator name, administrator contact data, technical contact data, and when the name was registered. The Whois customer is accessible by default on UNIX/LINUX based system and essential to be downloaded for the windows OS. Armed with this data an individual could go to the yellow pages and find more about the WWW site.
Traceroute essentially does what its name means. It traces the packet and reads the route in which it takes. It is commonly used to detect network troubles.
NSLookup admits us to query the DNS database from whatever computer on the network. This may also be used to determine which computers are with the network and what are there uses in the network infrastructure. It is as well used to exhibits all current TCP/UDP connections, and to list the routing table which are significant to decide the activities the OS has been doing.
· Phone Numbers, Contact Names, electronic mail Addresses, and individual Details
· Current Events
· Mergers, scandals, layoffs, etc. create security holes
· Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
· Extract data from Usenet
· Review Groups.google.com
· Search for Employee Resumes
· Perform Google Hacking
Whois is a database that holds registration records of whole available domain names. Holds thrall information on each internet web site, containing domain name, company name and its destination, administrator name, administrator contact data, technical contact data, and when the name was registered. The Whois customer is accessible by default on UNIX/LINUX based system and essential to be downloaded for the windows OS. Armed with this data an individual could go to the yellow pages and find more about the WWW site.
Traceroute essentially does what its name means. It traces the packet and reads the route in which it takes. It is commonly used to detect network troubles.
NSLookup admits us to query the DNS database from whatever computer on the network. This may also be used to determine which computers are with the network and what are there uses in the network infrastructure. It is as well used to exhibits all current TCP/UDP connections, and to list the routing table which are significant to decide the activities the OS has been doing.
Saturday, June 18, 2011
The direct and indirect consequences of email hacking in an organization
In several countries, email hacking is classed as a third-degree felony. This is a critical violation that can direct to prison time and hefty fines, even as a initiative conviction. If we have accessed some other person's email, we may be shocked while we observe that they have chosen to press charges against us. Nevertheless, it is their legal right to push charges if they want, even if you have a present-day or historical relationship to the person. Family, friends, exes, present partners, coworkers, and others have been committed with email hacking.
If you have accessed some other individual's email for the use of defrauding him or her, or to obtain property (documents, photos, files, and so on.) from him or her, the charge may be advanced to a second-degree felony under law.
Penalties
For a third-degree felony judgment of conviction, an email hacker can anticipate to face the following penalties
• Up to 5 years in prison
• Up to $5,000 in fines
A charge that has been elevated to a second-degree felony may contain the following penalties if guilty:
• Up to 15 years in prison
• Up to $10,000 in fines
As well these court-ordered penalties, you will be needed to register as a criminal with the state. This can negatively affect your individual and professional reputation and can make it hard for you to discover or keep a occupation, apply to school, or assure a loan. It is therefore significant to look up with a outlaw defense attorney as soon as you find out that you have been charged with email hacking. An knowledgeable criminal attorney will fight to guard your case and will assure that your legitimate rights are saved throughout your continuing.
If you have accessed some other individual's email for the use of defrauding him or her, or to obtain property (documents, photos, files, and so on.) from him or her, the charge may be advanced to a second-degree felony under law.
Penalties
For a third-degree felony judgment of conviction, an email hacker can anticipate to face the following penalties
• Up to 5 years in prison
• Up to $5,000 in fines
A charge that has been elevated to a second-degree felony may contain the following penalties if guilty:
• Up to 15 years in prison
• Up to $10,000 in fines
As well these court-ordered penalties, you will be needed to register as a criminal with the state. This can negatively affect your individual and professional reputation and can make it hard for you to discover or keep a occupation, apply to school, or assure a loan. It is therefore significant to look up with a outlaw defense attorney as soon as you find out that you have been charged with email hacking. An knowledgeable criminal attorney will fight to guard your case and will assure that your legitimate rights are saved throughout your continuing.
Subscribe to:
Comments (Atom)
Posts
