DOCSLIB.ORG

Mastering Kali Linux for Advanced Penetration Testing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Mastering Kali Linux for Advanced Penetration Testing A practical guide to testing your network's security with Kali Linux, the preferred choice of penetration testers and hackers Robert W. Beggs BIRMINGHAM - MUMBAI Mastering Kali Linux for Advanced Penetration Testing Copyright © 2014 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2014 Production reference: 1160614 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78216-312-1 www.packtpub.com Cover image by Robert W. Beggs ([email protected]) Credits Author Copy Editors Robert W. Beggs Tanvi Gaitonde Dipti Kapadia Reviewers Insiya Morbiwala Terry P. Cutler Kirti Pai Danang Heriyadi Alfida Paiva Tajinder Singh Kalsi Stuti Srivastava Amit Pandurang Karpe Ashish Pandurang Karpe Proofreaders Simran Bhogal Kunal Sehgal Mario Cecere Joel Johnson Acquisition Editor James Jones Indexers Hemangini Bari Content Development Editor Amey Varangaonkar Monica Ajmera Mehta Technical Editors Graphics Pragnesh Bilimoria Ronak Dhruv Mrunal Chavan Production Coordinators Aparna Kumar Pooja Chiplunkar Pooja Nair Manu Joseph Project Coordinator Cover Work Akash Poojary Pooja Chiplunkar About the Author Robert W. Beggs is the founder and CEO of Digital Defence, a company that specializes in preventing and responding to information security incidents. He has more than 15 years of experience in the technical leadership of security engagements, including penetration testing of wired and wireless networks, incident response, and data forensics. Robert is a strong evangelist of security and is a cofounder of Toronto Area Security Klatch, the largest known vendor-independent security user group in North America. He is a member on the advisory board of the SecTor Security Conference as well as on several academic security programs. He is an enthusiastic security trainer and has taught graduates, undergraduates, and continuing education students courses in information security at several Canadian universities. Robert holds an MBA in Science and Technology from Queen's University and is a Certified Information Systems Security Professional. Firstly, and perhaps most importantly, I would like to thank the developers and supporters of Kali Linux. Together, they have produced one of the most significant tools for securing networks and data. I would like to thank the editors and reviewers at Packt Publishing for their support and seemingly unending patience during the writing of this book. I promise that the next one will go quicker! I would also like to thank Brian Bourne and other members of the Toronto Area Security Klatch. They've given me an incredible opportunity to learn and share knowledge with the best-ever community of security geeks. Throughout the writing of this book, my family has given me both incredible motivation and support. Thank you Sarah, Alex, and Annika. And finally, a very special thank you to my mother and father—I can't remember when I first learned to read—with your encouragement, it was always just natural to have a book in my hands. Thank you. About the Reviewers Terry P. Cutler is a cyber security expert (a certified ethical hacker) and the cofounder and chief technology officer of IT security and data defense firm, Digital Locksmiths Inc. in Montréal, Canada. They protect small businesses, large agencies, families, and individuals from cyber criminals who victimize an estimated 1.5 million people a day (600,000 on Facebook alone). He specializes in anticipation, assessment, and prevention of security breaches for governments, corporations, businesses, and consumers. Having been a certified ethical hacker, among other things since 2005, he had an opportunity to present in front of a live audience of 2,500 people and with tens of thousands across the world, on live and recorded streaming, how a hacker could break into almost any company with a fake LinkedIn request. You can view this video on his YouTube channel. Terry has been delivering Internet safety for children, parents, and law enforcement since 2006. He believes that prevention, street proofing, and parent-child communication are the most effective ways to prevent a child from being abducted or falling victim to aggression and exploitation. Giving children the knowledge and practical skills they need to look after themselves is as important as teaching them to read and write. You can find out more on this at http://www.TheCourseOnInternetSafety.com. He is a frequent contributor to media reportage about cybercrime, spying, security failures, Internet scams, and the real social network dangers that families and individuals face every day. He is acknowledged as a transformational leader, problem solver, and trusted advisor with a genuine talent for fostering positive and collaborative working relationships at all organizational levels. Before leaving his job in 2011 to concentrate full time on Digital Locksmiths, Terry worked for a software giant, Novell. He joined this global software corporation that specializes in enterprise operating systems and identity, security, and systems management solutions to provide engineering support to the company's premium service customers consisting of up to 45,000 users and 600 servers all across the world. I'd like to take a moment to thank Robert W. Beggs for generously taking me under his wing as a mentor back in 2004 and guiding me through the processes and pitfalls of working in this industry. Now that I've matured as an industry specialist, I'm honored to be able to share some of my own learning and experiences with Rob and with his readers. A very special thanks to my family, my wife, Franca, and our sons, David and Matthew, for their support, encouragement, patience, hugs, and unconditional love over the last few years. Danang Heriyadi is an Indonesian computer security researcher, specialized in reverse engineering and software exploitation with more than five years of hands-on experience. He is currently working at Hatsecure as an instructor for Advanced Exploit and Shellcode Development. As a researcher, he loves to share IT security knowledge through his blog at Fuzzerbyte (http://www.fuzzerbyte.com). I would like to thank my parents for giving me life; without them, I wouldn't be here today; my girlfriend, for supporting me every day with her smile and love; and my friends, whom I have no words to describe. Tajinder Singh Kalsi is the cofounder and a technical evangelist at Virscent Technologies Pvt. Ltd., with more than six years of working experience in the field of IT. He commenced his career with Wipro as a technical associate and later became an IT consultant and trainer. As of now, he conducts seminars in colleges across India on topics such as information security, Android application development, website development, and cloud computing. At this point, he has covered more than 120 colleges and more than 9,000 students. Apart from imparting training, he also maintains a blog (www.virscent.com/blog), which explains various hacking tricks. He has earlier reviewed Web Penetration Testing with Kali Linux, Joseph Muniz and Aamir Lakhani, Packt Publishing. He can be found on Facebook at www.facebook.com/tajinder.kalsi.tj or you can follow him on his website at www.tajinderkalsi.com. I would like to thank the team of Packt Publishing for approaching me through my blog and offering me this opportunity again. I would also like to thank my family and close friends for all the support they have given while I was working on this project. Amit Pandurang Karpe works for FireEye, Inc., a global information security company, as a support engineer supporting their Asia Pacific customers. He stays in Singapore with his wife, Swatee, and son, Sparsh. He has been active in the open source community from his college days, especially in Pune, where he was able to organize various activities with the help of vibrant and thriving communities, such as PLUG, TechPune, IT-Milan, and Embedded Nirvana. He writes blog posts about technologies at http://www.amitkarpe.com. He has worked on Rapid BeagleBoard Prototyping with MATLAB and Simulink, Dr. Xuewu Dai and Dr. Fei Qin, Packt Publishing. Currently, he is working on Building Virtual Pentesting Labs for Advanced Penetration Testing, Kevin Cardwell and Kali Linux CTF Blueprints, Cam Buchanan, both by Packt Publishing. I would like to thank the open source community, without whom I couldn't have succeeded. A special thanks to the visionaries behind Kali Linux, who believed in open source and led by providing various examples. Also, many thanks to the community members and information security experts, who keep doing a great job, which makes Kali Linux a success. I would like to thank the Packt Publishing team, editors, and the project coordinator, who kept doing the right things so that I was able to perform my job to the best of my abilities. I would like to thank Pune Linux Users Group (PLUG), Embedded Nirvana group, and VSS friends, because of whom I was able to work on this project.
Recommended publications
  • Damn Vulnerable Linux CCERT-PUBDOC-2007-04-190

    Damn Vulnerable Linux CCERT-PUBDOC-2007-04-190

    Damn Vulnerable Linux CCERT-PUBDOC-2007-04-190 Sigurnosni problemi u računalnim programima i operativnim sustavima područje je na kojem CARNet CERT kontinuirano radi. Rezultat toga rada ovaj je dokument, koji je nastao suradnjom CARNet CERT-a i LS&S-a, a za koji se nadamo se da će Vam koristiti u poboljšanju sigurnosti Vašeg sustava. CARNet CERT, www.cert.hr - nacionalno središte za sigurnost računalnih mreža i sustava. LS&S, www.lss.hr - laboratorij za sustave i signale pri Zavodu za elektroničke sustave i obradbu informacija Fakulteta elektrotehnike i računarstva Sveučilišta u Zagrebu. Ovaj dokument predstavlja vlasništvo CARNet-a (CARNet CERT-a). Namijenjen je za javnu objavu, njime se može svatko koristiti, na njega se pozivati, ali samo u originalnom obliku, bez ikakvih izmjena, uz obavezno navođenje izvora podataka. Korištenje ovog dokumenta protivno gornjim navodima, povreda je autorskih prava CARNet-a, sukladno Zakonu o autorskim pravima. Počinitelj takve aktivnosti podliježe kaznenoj odgovornosti koja je regulirana Kaznenim zakonom RH. Revizija v1.0 CCERT-PUBDOC-2007-04-190 Stranica 2 / 15 Sadržaj 1 UVOD .............................................................................................................................................. 4 2 OPĆENITO O DAMN VULNERABLE LINUX SUSTAVU .................................................................................. 5 2.1 SVRHA SUSTAVA..................................................................................................................................... 5 2.2
  • Evaluation and Testing of Several Free/Open Source Web Vulnerability Scanners

    Evaluation and Testing of Several Free/Open Source Web Vulnerability Scanners

    The 10th Conference for Informatics and Information Technology (CIIT 2013) The 10 th Conference for Informatics and Information Technology (CIIT 2013) EVALUATION AND TESTING OF SEVERAL FREE/OPEN SOURCE WEB VULNERABILITY SCANNERS Nataša Šuteva Dragi Zlatkovski, Aleksandra Mileva Faculty of Computer Science, UGD Faculty of Computer Science, UGD Štip, Macedonia Štip, Macedonia ABSTRACT significant number of vulnerabilities in test applications [1, 4, 12, 14, 15, 22]. Bau et al [1], testing eight WVSs, showed that Web Vulnerability Scanners (WVSs) are software tools for WVSs need to be improved in detection of the “stored” and identifying vulnerabilities in web applications. There are second-order forms of XSS and SQLI, and in understanding commercial WVSs, free/open source WVSs, and some of active content and scripting languages. Khoury [7, 8] companies offer them as a Software-as-a-Service. In this analyzed three state-of –art black box WVSs against stored paper, we test and evaluate six free/open source WVSs using SQLI, and their results showed that stored (persistent) SQLI the web application WackoPicko with many known are not detected even when these automated scanners are vulnerabilities, primary for false negative rates. taught to exploit the vulnerability. They propose also a set of recommendations for increasing a detection rate in WVSs for I. INTRODUCTION this type of vulnerability. Doupé et al [4] tested eleven WVSs, Our everyday live heavily depends on using different web and found that eight out of sixteen vulnerabilities were not applications, as web e-mail clients, web instant messaging detected by any of the used scanners. They discuss also a clients, Voice over IP services, e-learning portals, social critical limitations of current WVSs, lack of better support for networks, electronic banking, e-commerce platforms, etc.
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix

    Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix

    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
  • Kali Linux Web Penetration Testing Cookbook

    Kali Linux Web Penetration Testing Cookbook

    Kali Linux Web Penetration Testing Cookbook Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2 Gilberto Nájera-Gutiérrez BIRMINGHAM - MUMBAI Kali Linux Web Penetration Testing Cookbook Copyright © 2016 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2016 Production reference: 1220216 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78439-291-8 www.packtpub.com Credits Author Copy Editor Gilberto Nájera-Gutiérrez Sneha Singh Reviewers Project Coordinator Gregory Douglas Hill Nikhil Nair Nikunj Jadawala Abhinav Rai Proofreader Safis Editing Commissioning Editor Julian Ursell Indexer Rekha Nair Acquisition Editors Tushar Gupta Graphics Abhinash Sahu Usha Iyer Production Coordinator Content Development Editor Manu Joseph Arun Nadar Cover Work Technical Editor Manu Joseph Pramod Kumavat About the Author Gilberto Nájera-Gutiérrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico.
  • Performance Evaluation of Open Source Web Application Vulnerability Scanners Based on OWASP Benchmark

    Performance Evaluation of Open Source Web Application Vulnerability Scanners Based on OWASP Benchmark

    International Journal of Computer Applications (0975 – 8887) Volume 174 – No. 18, February 2021 Performance Evaluation of Open Source Web Applica- tion Vulnerability Scanners based on OWASP Bench- mark Pious Akwasi Sarpong Lawrence Sakyi Larbi Daniel Paa Korsah S.D.A Coll. Of Educ Presby Coll. Of Educ Komenda Col.l of Educ Asokore-Koforidua, Ghana Akropong-Akuapem Komenda, Ghana Issah Bala Abdulai Richard Amankwah Akwasi Amponsah Kibi Presby Coll. of Educ Presby Coll. Of Educ Mamp. Tech Coll. of Educ. Kibi, Ghana Akropong-Akuapem, Akropong, Asante Mampong, Ghana Ghana ABSTRACT These vulnerabilities normally cause data breaches and have The use of web application has become a critical component in serious security implications when exploited. For this purpose, a our daily routine work due to its enormous benefits. Unfortu- number of web application vulnerability scanners (WAVS) such nately, most of the web application deployed are not totally de- as (W3af) [3] OWASP Zed Attack Proxy (OWASP ZAP) [4], void of bugs which makes them vulnerable to attacks. Web ap- Skipfish [5], Arachni, Vega, [6], Stalker and Iron WASP [7] plication scanners are tools that detect security vulnerability in emerged to address this phenomenon. Tung et al. [8] defined web application. Although there are several commercial and these WAVS as tools used to test and detect common security open-source web application vulnerability scanners proposed in breaches in web application. literature, the performance of these scanners varies in relation to These tools are automated and provide an easy way of detecting their detection capabilities. The aim of this paper is to assess security vulnerability in web applications in order develop miti- and compare the vulnerability detection capabilities of five gation strategies.
  • CERN Web Application Detection

    CERN Web Application Detection

    CERN Web Application Detection Refactoring and release as open source software by Piotr Lizończyk Supervised by Sebastian Łopieński and Dr. Stefan Lüders Summer Students Programme 2015 Geneva, 28. August 2015 1 Table of contents 1. Abstract ...........................................................................................................................3 2. Project specification ........................................................................................................4 2.1. What is Web Application Detection (WAD)? .............................................................4 2.2. Original project goals ................................................................................................4 2.3. Additional achievements ..........................................................................................4 3. Initial code assessment and refactoring ...........................................................................5 3.1. Determining project usability for public audience ....................................................5 3.2. Creating environment for code development ...........................................................5 3.3. Code refactoring .......................................................................................................5 3.4. Improving code maintenance ...................................................................................6 3.5. Ensuring compatibility with Python 3 .......................................................................7 4. Public release
  • Msc Project Report

    Msc Project Report

    MSc Project Report Study on Web application Honey pots Submitted By KAMALDEEP SEHGAL [1135553] Course : MSc Computer Science Supervisor : Dr. Ali Mansour Year : 2013 1 | P a g e Thesis Author Consent Form AUTHOR’S NAME: Kamaldeep Sehgal TITLE OF THESIS: Study on Web application Honey pots DEGREE: MSc Computer Science Please read carefully and sign the following as appropriate. I have read and understood the University’s regulations and procedures concerning the submission of my thesis. I understand that I have already signed a declaration agreeing to my dissertations being kept in the Learning Resources Centre (LRC) when I enrolled. We would like now, to extend this agreement by making the thesis available online. Further to this, I AGREE AS FOLLOWS: - That I am the author of the work. - That I have exercised reasonable care to ensure that the Work is original, and does not to the best of my knowledge break any UK law or infringe any third party’s copyright or other Intellectual Property Right. - The LRC and BREO administrators do not hold any obligation to take legal action on behalf of the Depositor (you), or other rights holders, in the event of breach of intellectual property rights, or any other right, in the material deposited. I hereby extend my consent to this thesis being included in the LRC as well as on BREO via online access. AUTHOR’S PERSONAL SIGNATURE: Kamaldeep Sehgal AUTHOR’S STUDENT NUMBER: 1135553 DATE: 22/05/2013 2 | P a g e Acknowledgement It would be hard to complete my project without the guidance of several people who helped me to make my dissertation successful.
  • Smashing the Stack in 2011 | My

    Smashing the Stack in 2011 | My

    my 20% hacking, breaking things, malware, free time, etc. Home About Me Undergraduate Thesis (TRECC) Type text to search here... Home > Uncategorized > Smashing the Stack in 2011 Smashing the Stack in 2011 January 25, 2011 Recently, as part of Professor Brumley‘s Vulnerability, Defense Systems, and Malware Analysis class at Carnegie Mellon, I took another look at Aleph One (Elias Levy)’s Smashing the Stack for Fun and Profit article which had originally appeared in Phrack and on Bugtraq in November of 1996. Newcomers to exploit development are often still referred (and rightly so) to Aleph’s paper. Smashing the Stack was the first lucid tutorial on the topic of exploiting stack based buffer overflow vulnerabilities. Perhaps even more important was Smashing the Stack‘s ability to force the reader to think like an attacker. While the specifics mentioned in the paper apply only to stack based buffer overflows, the thought process that Aleph suggested to the reader is one that will yield success in any type of exploit development. (Un)fortunately for today’s would be exploit developer, much has changed since 1996, and unless Aleph’s tutorial is carried out with additional instructions or on a particularly old machine, some of the exercises presented in Smashing the Stack will no longer work. There are a number of reasons for this, some incidental, some intentional. I attempt to enumerate the intentional hurdles here and provide instruction for overcoming some of the challenges that fifteen years of exploit defense research has presented to the attacker. An effort is made to maintain the tutorial feel of Aleph’s article.
  • Using W3af to Achieve Automated Penetration Testing by Live DVD / Live USB

    Using W3af to Achieve Automated Penetration Testing by Live DVD / Live USB

    Using w3af to Achieve Automated Penetration Testing By Live DVD / Live USB Jiun-Kai Ke Chung-Huang Yang Tae-Nam Ahn* Graduate Institute of Graduate Institute of Security Engineering Information and Computer Information and Computer Research Center* Education, National Education, National Hannam University, Korea* Kaohsiung Normal Kaohsiung Normal [email protected] University, Taiwan University, Taiwan [email protected] [email protected] Abstract automated assessments found nearly 97 percent of sites carry a severe vulnerability. About 7.72% of As the popularity of the Internet continues growing, applications had a high-severity vulnerability detected there are more and more services appeared, security during automated scanning, detailed manual and measures are expected to become all the most automated assessment using white and black box important on the Internet. Personal privacy and methods show that probability to detect high-severity confidentiality of information also need to be protected vulnerability reaches 96.85 percent [6]. and be resolved of vulnerabilities and weaknesses In this research, we developed a user-friendly quickly. It is the user the most concerned about one of implementation of automated penetration testing tools the topics on the Internet now. based on an open source. It doesn’t need to use manual In this research, we developed automated techniques to find vulnerabilities. User just enter the penetration testing tools based on an open source, we target URL, and the system can automate penetration just enter the target URL, and we can automate testing with Live DVD/Live USB platform, which can penetration testing with Live DVD/Live USB platform, be used on any operation system.
  • Vulnerability Scanning

    Vulnerability Scanning

    Publication Since 2012 | ISSN: 2321-9939 | ©IJEDR 2020 Year 2020, Volume 8, Issue 1 Vulnerability Scanning 1Prajakta Subhash Jagtap 1M.Tech Student 1K J Somaiya College of Engineering _____________________________________________________________________________________________________ Abstract - Scientific advances of higher education institutions make them attractive targets for malicious cyberattacks. Modern scanners such as Nessus and Burp can pinpoint an organization’s vulnerabilities for subsequent mitigation. However, the correction reports generated from the tools typically cause important info overload whereas failing to produce unjust solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. However, while not understanding vulnerabilities in a very system, it would be difficult to conduct successful network defence in order to prevent intruders in the real world. Therefore, vulnerability scanning is a key element to the success of cybersecurity curriculum. In this paper, we tend to review the state of the art of current open source vulnerability scanning tools. Literature survey is done on vulnerability, vulnerability scanning, vulnerability scanning tools, security vulnerabilities, system security and application security, malicious cyber-attacks shows that a lot of work is being carried out in vulnerability assessment and reporting. In this report gives exhaustive study on vulnerability scanning tools. We presented two main aspects in this paper vulnerability scanning and reporting. Then we identify the gaps in relevant practices and presenting selected results, we highlight future directions and conclude this research. We provide thorough descriptions on the top open source network vulnerability scanning tools. We then propose our hands-on labs research design in detail on network vulnerability scanning that we design specifically to enhance the cybersecurity curriculum.

  • GNU/Linux Distro Timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A

    1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Libranet Omoikane (Arma) Gibraltar GNU/Linux distro timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A. Lundqvist, D. Rodic - futurist.se/gldt Freespire Published under the GNU Free Documentation License MEPIS SimplyMEPIS Impi Guadalinex Clonezilla Live Edubuntu Xubuntu gNewSense Geubuntu OpenGEU Fluxbuntu Eeebuntu Aurora OS Zebuntu ZevenOS Maryan Qimo wattOS Element Jolicloud Ubuntu Netrunner Ylmf Lubuntu eBox Zentyal Ubuntu eee Easy Peasy CrunchBang gOS Kiwi Ubuntulite U-lite Linux Mint nUbuntu Kubuntu Ulteo MoLinux BlankOn Elive OS2005 Maemo Epidemic sidux PelicanHPC Inquisitor Canaima Debian Metamorphose Estrella Roja BOSS PureOS NepaLinux Tuquito Trisquel Resulinux BeatriX grml DeadCD Olive Bluewall ASLinux gnuLiNex DeMuDi Progeny Quantian DSL-N Damn Small Linux Hikarunix Damn Vulnerable Linux Danix Parsix Kanotix Auditor Security Linux Backtrack Bioknoppix Whoppix WHAX Symphony OS Knoppix Musix ParallelKnoppix Kaella Shabdix Feather KnoppMyth Aquamorph Dreamlinux Morphix ZoneCD Hiwix Hiweed Deepin Kalango Kurumin Poseidon Dizinha NeoDizinha Patinho Faminto Finnix Storm Corel Xandros Moblin MeeGo Bogus Trans-Ameritech Android Mini Monkey Tinfoil Hat Tiny Core Yggdrasil Linux Universe Midori Quirky TAMU DILINUX DOSLINUX Mamona Craftworks BluePoint Yoper MCC Interim Pardus Xdenu EnGarde Puppy Macpup SmoothWall GPL SmoothWall Express IPCop IPFire Beehive Paldo Source Mage Sorcerer Lunar eIT easyLinux GoboLinux GeeXboX Dragora
  • Cybersecurity and Forensic Challenges - a Bibliographic Review

    Cybersecurity and Forensic Challenges - a Bibliographic Review

    https://doi.org/10.2352/ISSN.2470-1173.2018.06.MOBMU-100 © 2018, Society for Imaging Science and Technology Cybersecurity and Forensic Challenges - A Bibliographic Review Reiner Creutzburg Technische Hochschule Brandenburg, Department of Informatics and Media, IT- and Media Forensics Lab,, P.O.Box 2132, D-14737 Brandenburg, Germany Email: [email protected] Abstract professional obligations on their learning processes. One can in- The aim of this paper is to give a bibliographic review of creasingly observe that colleges and universities more and more the growing number of different Cybersecurity and Forensic Chal- have to adjust to this present generation of students and respond lenges for educational and vocational training purposes. by increasing the flexibility of the courses. For this reason, on- Special attention is given to the hacking lab, which enables effec- line degree programs, or suitable combinations of classroom and tive training in cybersecurity and computer forensics in the uni- online studies (blended learning) are increasingly offered. It is versity environment and in vocational education and training. well-known that man learns about 80% of its knowledge and skills by informal learning compared to learning from formal learning. Introduction Unfortunately, often this fact is not taken into account by plan- Nowadays, small- and medium-sized enterprises (SME) ners and decision-makers from school, university and companies. have to deal more and more with the issue of IT security. Due A well-known example is the now already for 10 years success- to the ever-growing popularity of mobile devices, but also by the fully operating ”Virtuelle Fachhochschule (Virtual University)”, general acceptance of IT technology in everyday life, new secu- an association of 10 established Universities of Applied Sciences rity threats to corporate data occur every day [1-13].