Battle for the Internet: The War is On!

C'est la guerre m4n !!!

L'école du Tricot d'argent continue son odysée. Gloire à la spirale noire !

SANS Institute met en ligne un papier sur les tests d'intrusions. Ce documents de 27 pages en langue anglaise et au format *.pdf se veut complet. A première vue, pas de révolution, c'est l'approche "classique" qui est traîté ici. Utile pour protéger son réseau >:]

There is a battle raging between security professionals and hackers. By placing people into the shoes of a hacker, and teaching them the skills to gain access to a system, one is better able to defend against them. The first step is Foot Printing/Reconnaissance. As a hacker, we dig up information on companies/individuals by mirroring their websites, using search engines, whois databases and traceroute. Next, we move on to Scanning. We ping their computers, look at which ports are open, identify their operating system, map their networks, and see if they have any available modem connections. Then we move on to Enumeration, looking at valid user accounts and network shares. To Gain Access we search for vulnerabilities our opponent has, crack their passwords, and sniff the data on their network. Escalating Privilege is the next step to go from a low-level user account to having administrator equivalency. With these privileges, we manipulate files and directories to help us Maintain Access with the help of backdoors, rootkits, and Trojans. Lastly, we do not want to loose our accounts hence we Cover Our Tracks by modifying or deleting log files, hide files, and use protocols covertly to hide what we are doing. If computer security professionals stay on the cutting edge of hacker tools and methods of entry, they will be able to defeat

http://www.sans.org/rr/paper.php?id=1075

les derniers papiers de l'Institut :
http://www.sans.org/rr/catindex.php?cat_id=42

PS: Sun Tzu est encore de la partie ;) Les guerres sont éternelles....