Penetration Testing and Network Defense

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

packet sniffers

     detecting session hijacking     Ethereal, monitoring session hijacking attacks 2nd

packets, out-of-sequence

Pandora

Passive reconnaissance

passive scanners, Kismet passive session hijackingpassword cracking

     attacks, detecting    brute force attacks         Brutus         detecting 2nd

         HTTP Brute Forcer         protecting against     case study     employee education, implementing     protecting against     salts     utilities

         Boson GetPass

         Hypnopædia         John the Ripper         L0phtcrack 2nd 3rd

         Nutcracker

         pwdump

         pwdump3

         RainbowCrack         Snadboy Revelation

password hashing     on Microsoft systems

     on UNIX systems password policies passwords [See also password cracking]     brute force attacks         detecting on SQL servers

     encrypted

     erasing

     hidden field exploit 2nd

     securing on routers

     testing for vulnerabilities

patience as social engineer trait

penetration tests

     preparing for

     vendors, selecting

Perl (Practical Extraction and Report Language)

permissions, UNIX

     assigning to root user

     elevation techniques

persuasion     authority-based persuasion

     conformity persuasion

     information-based persuasion

     logic persuasion

     need-based persuasion     reciprocation-based persuasion     similarity-based persuasion

phishing 2nd phone numbers of telecommuters, obtaining PHP (Hypertext Preprocessor) PHP (Personal Home Page)

Phrack Magazine physical access policies physical protection, implementing PictureClock.class Ping of Death attacks PipeUpAdmin plain-text passwords

plug-ins, BO2K

port scanning     ACK scans     case study

     dumb scans

     FIN scans

     inadvertant DoS attacks

     NMAP     NULL scans

     SYN scans     TCP connect() port scans

     Xmas-Tree scansports     monitoring 2nd     on Microsoft SQL Serverpreparing

     for penetration testing

     security policies

preventing

     attacks on wireless networks 2nd

         MITM attacks

     backdoor applications

     buffer overflows

     DoS attacks

         through application hardening

         through network hardening

     server attacks

     Trojan horse applications

privilege escalation on IIS web servers

privileged exec mode Project Scope

protecting

     against brute force attacks

     against database attacks

     against password-cracking attacks     against session hijacking     against social engineering attacks

protocol exceptions PS/SQL (Procedural Language/Structured Query Language) Public Role (Microsoft SQL Server) pwdump

pwdump3