|eForensics Magazine 2020 07 Nmap, Metasploit & Netcat PREVIEW.pdf|
This month we are going to focus on network security, scanning, intrusion detection, gathering network forensic evidence, network mapping, and everything inbetween!
We have a few papers on nmap - a very popular tool for vulnerability scanning and network discovery. You can read about nmap and the legal ramifications of port scanning, and at the same time discover how to use PowerShell and the Linux terminal to perform some of the same tasks tools such as Nmap are able to perform.
You can also dive into Netcat, a computer networking utility for reading from, and writing to network connections using TCP or UDP. We’ve prepared A Practical Guide Using Netcat and msfvenom Payload Generator. Also, check out the Payload study “meterpreter_reverse_tcp.rb” and encoder “xor.rb” from Metasploit Framework. Coupled together, the two articles come off as a team!
What else? We will explore the growing importance of honeypots as not only a deception technology tool but also as a network forensic analysis tool, which provides several advantages for digital forensic readiness.
There are also different topics covered! The article on computer forensic tool Evimetry, an all-in-one platform capable of performing forensic acquisition, live analysis, remote forensics and triage, a paper that examines a few popular cases that were solved using digital forensics, and 2 very interesting interviews with representatives of NIST and Cellebrite.
Thanks to all our contributors!
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Nmap and the legal ramifications of port scanning
by Maciej Makowski
To many people who work in the information security business, port scanning is the bread and butter of their daily job. And nmap is probably one of the most recognised and respected port scanning tools, available in iterations compatible with every operating system. (...) At the same time, when infosec professionals are working to secure their systems, hackers scan those systems for vulnerabilities. Nmap, a benign security tool used for network security configuration, can be a dangerous weapon when used by hackers for the opposite reason – network intrusion.
Understanding Scanning Tools
by Matthew Kafami
This article will briefly discuss how to use PowerShell and the Linux terminal to perform some of the same tasks tools such as Nmap are able to perform.
Exploit Design and Forensics Analyses: Payload study “meterpreter_reverse_tcp.rb” and encoder “xor.rb” from Metasploit Framework
by Claudio Joel Brito Lóssio, Jose Luís Perdigão de São Bento and Afonso Jorge Ferreira Rodrigues
The volume of information in digital format that an entity has, whether it is a state, a company, or an ordinary citizen, grows exponentially throughout its life. Thus, the exposure of this information and, consequently, of its owner, must be considered very worrying and seen as extremely invasive, at a time when information is more vulnerable than ever and when each technological advance triggers new security challenges, which require only new approaches to achieve mitigation. Penetration tests, a method that assesses the security of a computer system simulating a malicious attack, also referred to as pentests, derived from the English Penetration Testing, are conducted to assess the security of a technological infrastructure by exposing, safely and in a controlled manner, their vulnerabilities. Ideally, these tests should be carried out regularly, allowing teams responsible for infrastructure security to identify and mitigate existing vulnerabilities, ensuring that they achieve higher security standards. Also, the forensic analysis procedure is essential for a better understanding of the exploit's attack process.
Basics of Remote Shell Access – A Practical Guide Using Netcat and msfvenom Payload Generator
by Sudharshan Kumar
Netcat is a multipurpose utility that is popularly known as the “Swiss Army Knife” due to its versatility. Netcat could be used to read/write data across TCP/UDP network connections. Also, it could be used for port scanning, banner grabbing, file transfer, a network relay chat, etc., which we will cover in this article with the major focus on remote shell access. (...) We will create a Netcat reverse shell payload executable using “msfvenom” which is a Metasploit based payload generator.
Honeynet Forensics: Using Deception Technology to Gather Network Forensic Evidence on Attackers
by Rhonda Johnson
The following article will explore the growing importance of honeynets as not only a deception technology tool but also as a network forensic analysis tool, or NFAT, that provides several advantages for digital forensic readiness.
An Introduction to Evimetry
by Divya Lakshmanan
This article is about the computer forensic tool Evimetry, an all-in-one platform capable of performing forensic acquisition, live analysis, remote forensics and triage.
Black Box Study
Interview with Barbara Guttman of NIST
Justice for victims through digital forensics
by Anudeep Nayakoti
This article gives you an introduction to Digital Forensics and explains various forms of metadata used for investigations. This paper examines a few popular cases that were solved using digital forensics.
Crypto Tracer Solution
Interview with Leeor Ben-Peretz, Chief Strategy Officer at Cellebrite
What’s under the hood of your antispam and facial recognition software?
by Alessandro Lofaro
We are going to talk about “machine learning”, neurons and neural networks (no, this is also not a neurosciences article), “deep learning”, various types of machine learning, some theoretical problems and their very practical impact on things as different as face recognition, chatbots, whether a judge in the USA will give someone “parole” or not, whether a computer system will decide if you are a criminal or not, etc. (If you are wondering, I am going to use real systems, and most of them are even “production” ones.)