7/31/2019 eF Free 01.12. Teaser
1/181www.eForensicsMag.com
Issue 1/2012 (1) July
ORACLE FORENSICSDetection of Attacks Through
Default Accounts and Passwordsin Oracle
FREEVOL. 1 NO. 1
ADVANCED STEGANOGRAPHY:
ADD SILENCE TO SOUND
LIVE CAPTURE PROCEDURES
MOBILE PHONE FORENSICS:
HUGE CHALLENGE OF THE FUTURE
ISSUES IN MOBILE DEVICE FORENSICS
INVESTIGATING FRAUD IN WINDOWS-BASED DRIVING
EXAMINATION THEORY SYSTEMS AND SOFTWARE
DRIVE AND PARTITION CARVING PROCEDURES
7/31/2019 eF Free 01.12. Teaser
2/18
http://www.titania.com/http://www.titania.com/http://www.titania.com/7/31/2019 eF Free 01.12. Teaser
3/183www.eForensicsMag.com
Although various tools exist that can examinesome elements of a configuration, the assessmentwould typically end up being a largely manualprocess. Nipper Studio is a tool that en-ables penetration testers, and non-securityprofessionals, to quickly perform a detailed
analysis of network infrastructure devices.Nipper Studio does this by examining theactual configuration of the device, enablinga much more comprehensive and preciseaudit than a scanner could ever achieve.
With Nipper Studio penetration testerscan be experts in every device that thesoftware supports, giving them the abil-ity to identify device, version and con-figuration specific issues without havingto manually reference multiple sourcesof information. With support for around100 firewalls, routers, switches and other
infrastructure devices, you can speedup the audit process without compro-
mising the detail.You can customize the audit policy foryour customers specific requirements(e.g. password policy), audit the de-vice to that policy and then create thereport detailing the issues identified.The reports can include device spe-cific mitigation actions and be custom-ized with your own companies styling.Each report can then be saved in a
variety of formats for management ofthe issues.
Ian has been working with leading global organizations and government agencies to help improvecomputer security for more than a decade. He has been accredited by CESG for his security and
team leading expertise for over 5 years. In 2009 Ian Whiting founded Titania with the aim of produc-ing security auditing software products that can be used by non-security specialists and provide
the detailed analysis that traditionally only an experienced penetration tester could achieve. TodayTitanias products are used in over 40 countries by government and military agencies, financial institu-
tions, telecommunications companies, national infrastructure organizations and auditing companies,to help them secure critical systems.
www.titania.com
http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/7/31/2019 eF Free 01.12. Teaser
4/184
Dear Readers!
Digital forensics is a very young eld of science but
nowadays its becoming more and more popular.
Although it was originally designed for invesga-ng crimes, soon it has become a big part of com-
puter systems engineering and contributed to the
development of mobile devices. To meet your pro-
fessional interests we have created a new publica-
on devoted to digital forensic issues. I present to
you our rst eForensics ospring - eForensics Free
Magazine. Its a monthly compilaon of the best
arcles from four tles: eForensics Mobile, eForen-
sics Computer, eForensics Database and eForensicsNetwork.
Within the issue of eForensics Free you will nd
two posions concerning mobile forensics, an ar-
cle about network forensics, three pieces focused
on computer forensics and an arcle about databa-
se forensics.
The arcle created by M-Tahar Kechadi and La-
mine Aoud will discuss an increasingly important
role of mobile forensics in criminal invesgaons,law disputes and in informaon security. Eamon
Doherty will describe tools used to recover data
from mobile devices.
Craig S. Wright will introduce you to free tools
which can be used to create a powerful network
forensics and incident response toolkit. Arup Nan-
da will show you how to idenfy potenal aacks
by adversaries through default accounts. George
Chlapoutakis guides you step by step through digi-
tal forensic invesgaon.
Last but not least, I would like to announce the
beginning of two arcle series. One of them, by
Craig S. Wright, will take you through the process
of carving les from a hard drive . The other, by
Praveen Parihar, will take you on a journey through
advanced Steganography.
Thank you all for your great support and invaluable
help.
Enjoy reading!
Aleksandra Bielska
& eForensics Team
Logo eForensics Magazine napis Free
TEAM
Editor: Aleksandra Bielska
Associate Editors: Sudhanshu Chauhan (sudhan-
[email protected]), Praveen Parihar
([email protected]), Hussein Rajabali
Betatesters/Proofreaders: Nicolas Villatte, Je We-
aver, Danilo Massa, Cor Massar, Jason Lange, Himan-
shu anand, Dan Hill, Raymond Morsman, Alessandro
Fiorenzi, Nima Majidi, Dave Mikesch, Brett Shavers,
Cristian Bertoldi, Jacopo Lazzari, Juan Bidini, Olivier
Cale, Johan Snyman
Senior Consultant/Publisher: Pawe Marciniak
CEO: Ewa Dudzic
Art Director: Mateusz Jagielski
DTP: Mateusz Jagielski
Production Director:Andrzej Kuca
Marketing Director: Ewa Dudzic
Publisher: Sotware Media Sp. z o.o. SK
02-682 Warszawa, ul. Bokserska 1
Phone: 1 917 338 3631
www.eorensicsmag.com
DISCLAIMER!
The techniques described in our articles may only be
used in private, local networks. The editors hold no
responsibility for misuse of the presented techniques or
consequent data loss.
7/31/2019 eF Free 01.12. Teaser
5/185www.eForensicsMag.com
6 . ISSUES IN MOBILE DEVICE FORENSICS
by Eamon DohertyThis article discusses some of the mobile devices and accessories that one may encounter on a suspect during
an investigation, examples of usage of these mobile devices and accessories and the tools that one can use to
examine them. The article also starts off with some certications that make one more marketable in this emerging
eld. In this article author discusses using tools such as Access Datas FTK, Guidance Softwares Encase, and
RecoverMyFiles to recover evidence from a digital camera with a FAT le system.
12. MOBILE PHONE FORENICS: HUGE CHALLENGE OF THE FUTURE
by M-Tahar Kechadi, Lamine AouadWhile the processes and procedures are well established in traditional hard drive based computer forensics, their
counterparts for the rapidly emerging mobile ecosystem have proven to be much more challenging. In this article
author shares some thoughts about the reasons leading to this, as well as the current state of mobile digital foren-
sics, what is needed, and what to expect in the future.
8. LIVE CAPTURE PROCEDURES
by Craig S. WrightAs we move to a world of cloud based systems, we are increasingly nding that we are required to capture and
analyse data over networks. Once, analysing a disk drive was a source of incident analysis and forensic material.Now we nd that we cannot access the disk in an increasingly cloud based and remote world requiring the use of
network captures. This is not a problem however. The tools that are freely available in both Windows and Linux offer
a means to capture trafc and carve out the evidence we require. In this article author introduces a few tools that,
although free, can be used together to create a powerful network forensics and incident response toolkit.
24. ADVANCED STEGANOGRAPHY: ADD SILENCE TO SOUND
by Praveen PariharSteganography is a very comprehensive topic for all techno-geeks because it involves such an interesting and
comprehensive analysis to extract the truth, as we have heard this term many times in the context of terrorist acti-
vities and their communications. In this article author discusses methods of Steganography.
28. INVESTIGATING FRAUD IN WINDOWS-BASED
DRIVING EXAMINATION THEORY SYSTEMS AND SOFTWARE
by George ChlapoutakisFraud can take many forms, can take place practically anywhere, any when and any how. Theoretical driving exa-
minations are now computerized in most parts of the world and the overwhelming majority of such systems tend to
have some to no security at all, relying instead on the invigilators of the exam to catch those suspected of fraud.
But, what happens when the invigilators fail and you, the digital forensic investigator, is asked to look into the ca -
se?In this article author shares his experience from the point of view of the digital forensics investigator.
32. DRIVE AND PARTITION CARVING PROCEDURES
by Craig S. WrightThis article is the start of a series of papers that will take the reader through the process of carving les from a hard
drive. We explore the various partition types and how to determine these (even on formatted disks), learn what the
starting sector of each partition is and also work through identifying the length the sector for each partition. In this,
we cover the last two bytes of the MBR and why they are important to the forensic analyst. We start by learning
about hard disk drive geometry. In this article author takes the reader through the process of carving les from a
hard drive.
38. DETECTION OF ATTACKS THROUGH DEFAUL ACCOUNTS
AND PASSWORDS IN ORACLE
by Arup Nanda
An Oracle database comes with many default userids (and, worse, well known default passwords), which ideallyshouldnt have a place in a typical production database but database administrators may have forgotten to remo -
ve the accounts or lock them after setting up production environment. This provides for one of the many ways an
adversary attacks a database system by attempting to guess the presence of a default userid and password,
either by brute force or by a social engineering techniques. In this article author will show you how to identify such
attacks and trace back to the source quickly and effectively. You will also learn how to set up a honey pot to lure
such adversaries into attacking so as to disclose their identity.
MOBILE
NETWORK
COMPUTER
DATABASE
http://www.pannone.com/7/31/2019 eF Free 01.12. Teaser
6/186
MOBILE
http://www.pannone.com/7/31/2019 eF Free 01.12. Teaser
7/187www.eForensicsMag.com
CYBER CRIMELAWYERS
Pannone are one o the frst UK frms to recognise theneed or specialist cyber crime advice. We can bothdeend and prosecute matters on behal o privateindividuals and corporate bodies.
We are able to examine material or secure evidencein-situ and will then represent your needs at every stepo the way.
Our team has a wealth o experience in this growingarea and are able to give discrete, specialist advice.
www.pannone.com
Please contact David Cook on
0161 909 3000or a discussion in confdence or email
http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/7/31/2019 eF Free 01.12. Teaser
8/188
MOBILE
MOBILE PHONE
FORENSICS:HUGE CHALLENGE OF THE
FUTUREWhile the processes and procedures are well established in tra-ditional hard drive based computer orensics, their counterparts orthe rapidly emerging mobile ecosystem have proven to be muchmore challenging. This article shares some thoughts about the re-asons leading to this, as well as the current state o mobile digitalorensics, what is needed, and what to expect in the uture.
The information and data era is rapidly evolving. As a result,
there has been an exponential growth of consumer electro-
nics, and especially mobile devices over the past few years,
with ever-increasing trends and forecasts for the coming
years. Mobile devices have already overtaken PCs, and mobi-
le data trafc is expected to increase 18-fold over the next ve
years to approach 11 Exabyte per month, according to Cisco
systems [1]. Their computing power, storage, and functionality
have tremendously increased. Phones have been transfor-
med from simple handheld devices, essentially emitting and
receiving calls or text messages, into highly effective devicescapable of doing more or less everything a desktop or a laptop
computer can do, and even more. A large range of Android
-based smartphones, iPhones, BlackBerrys, and even tablets
products, are all examples of these mobile devices. Their ty-
pical storage capacity today is higher than a powerful desktop
back in the late 1990s! And the vast majority can also be fed
memory cards.
This tremendous computational and storage capacity have
turned mobile devices into data repositories capable of com-
puting and storing a large amount of personal, organisatio-
nal and also sensorial information. Indeed, although these
devices can be input limited, they have remarkable contextawareness because of all the sensors and various connectivi-
ty options. Unfortunately, criminals use this technology. They
have not missed this proliferation of mobile systems and its
data revolution, and these devices are being used as a sup-
port to criminal activities.
For instance, earlier this year, a US ofcer found out that the
suspect he was about to arrest was using his smartphone to
listen to the police secure channels streaming via the Inter-
net! [2]. All classes of crimes can involve some type of digital
evidence (a photo, a video, a received or emitted call, messa-
ges, web pages, etc.). These devices are also commonly used
is social networking nowadays, and in carrying out sensitive
operations online, including online banking, shopping, electro-
nic reservations, etc. Hacking becomes then a huge problem.
In February 2011, hackers were remotely monitoring the calls
made and received from about 150,000 infected mobile de-
vices in China [3]. Another example is the Zeus man-in-the-mobile Trojan, discovered in September 2010, which was the
rst Trojan in the mobile devices environment to compromise
the online bankings two-factor authentication mechanism [4]
[5]. It is indeed quite easy for cyber criminals to build a Trojan
application nowadays [6], because these mobile systems are
at their early stages.
Valuable information can then be obtained from a mobile de-
vice: text messages, e-mails, communication logs, contacts,
multimedia les, geo-location information (GPS and Wi-Fi hot-
spots), etc. These can only help answering crucial questions
in cybercrime investigations, and solve the related cases. Ho-wever, there are still a huge number of challenges facing a
forensics investigator in obtaining forensically sound evidence
from these devices. In this article, we present the process of
recovering digital evidence and its challenges, and then share
some information about current methods and tools, and few
prospects for the future.
7/31/2019 eF Free 01.12. Teaser
9/189www.eForensicsMag.com
http://www.secureninja.com/http://www.secureninja.com/http://www.secureninja.com/7/31/2019 eF Free 01.12. Teaser
10/1810
NETWORK
LIVE CAPTURE
PROCEDURESAs we move to a world o cloud based systems, we are increasingly
fnding that we are required to capture and analyse data over ne-
tworks. Once, analysing a disk drive was a source o incident analysis
and orensic material. Now we fnd that we cannot access the disk inan increasingly cloud based and remote world requiring the use o
network captures. This is not a problem however. The tools that are
reely available in both Windows and Linux oer a means to capture
traffi c and carve out the evidence we require.
As we move to a world of cloud based systems, we are in-
creasingly nding that we are required to capture and analyse
data over networks. To do this, we need to become familiar
with the various tools that are available for these purposes.
In this article, we look at a few of the more common free tools
that will enable you to capture trafc for analysis within your
organisation.
Once, analysing a disk drive was a source of incident analy-
sis and forensic material. Now we nd that we cannot access
the disk in an increasingly cloud based and remote world
requiring the use of network captures. This is not a problem
however. The tools that are freely available in both Windows
and Linux offer a means to capture trafc and carve out the
evidence we require.
For this reason alone we would require the ability to capture
and analyse data over networks, but when we start to add allof the other benets, we need to ask, why are you not already
doing this?
LIVE CAPTURE PROCEDURESIn the event that a live network capture is warranted, we can
easily run a network sniffer to capture communication flows
to and from the compromised or otherwise suspect system.
There are many tools that can be used (such as WireShark,
SNORT and others) to capture network trafc, but Tcpdump is
generally the best capture program when set to capture raw
trafc. The primary benet is that this tool will minimize any
performance issues while allowing the data to be captured in a
format that can be loaded into more advanced protocol analy-sers for review.
That stated there are only minor differences between Tc-
pdump and Windump and most of what you can do in one is
the same on the other (some flags do vary).
TcpdumpTcpdump uses the libpcap library. This can capture trafc
from a le or an interface. This means that you can save a
capture and analyse it later. This is a great aid in incident re-
sponse and network forensics.
With a le such as, capture.pcap, we can read and display
the data using the -r flag. For instance: tcpdump -r capture.
pcap will replay the data saved in the le, capture.pcap. By
default, this will display the output to the screen. In reality, the
data is sent to STDOut (Standard Out), but for most purposes
the console and STDOut are one and the same thing.
Using BPF (Berkley Packet Filters), you can also restrict the
output - both collected and saved. In this way, you can collect
all data to and from a host and then strip selected ports (or
services) from this saved le. Some of the options that apply
to tcpdump include (quoted with alterations from the Redhattcpdump MAN le):
-A Print each packet (minus its link level header) in ASCII.
-c Exit after receiving a set number of packets (dened
after c).
-C Before writing a raw packet to a savele, check whether
the le is currently larger than a given le_size. Where
this is the case, close the current savele and open
a new one.
-d Dump the compiled packet-matching code in a human
readable form to standard output and stop.
-dd Dump packet-matching code as a C program fragment.
-ddd Dump packet-matching code as decimal numbers (prce
ded with a count).
-D Print the list of the network interfaces available on the
system and on which tcpdump can capture packets.
7/31/2019 eF Free 01.12. Teaser
11/1811www.eForensicsMag.com
COMPUTER
ADVANCED STEGANO-
GRAPHY: ADD SILENCETO SOUNDSteganography is a very comprehensive topic or all techno-geeks
because it involves such an interesting and comprehensive analysisto extract the truth, as we have heard this term many times in the
context o terrorist activities and their communications.
Steganography means covert writing: hiding condential
Information into a cover le. This cover le can be in the form
of pdf, xls, exe, jpeg, mp3 or mp4, etc.
Least Significant Bit (LSB) Method is very famous &
fascinating when Steganography is discussed because when
we discuss the case study of hiding a secret text behind an
image it actually sounds interesting, To understand this con-
cept, rst we need to understand how an image is classied
and what happens when a small bit is altered in an image
which has been described below:
Images are composed of small elements which are called
pixels and we have basically three types of images. A pixel is
the essential component of an image:
1) Black and white each pixel is composed of a single bit and
is either a zero or a one.2) Grayscale each pixel is composed of 8 bits (in rare cases,
16 bits) which denes the shade of grey of the pixel, from zero
(black) to 255 (white).
3) Full color also called 24-bit color as there are 3 primary
colors (red, green, blue), each of these are dened by 8 bits.
Although we can have different types of images, but we assu-
me that a grayscale image has been used and 8-bit grayscale
consists of pixels which have 28 = 256 possible levels of grey,
and each component in an image contributes its different parts
such as:
1. LSB (Least Significant Bit) contributes 1/256th of the
information
2. MSB (Most Significant Bit) contributes of the in-
formation
So, changing that LSB only affects 1/256th of the intensity
and humans simply cannot perceive a difference. In fact, it is
difcult to perceive a difference in 1/16th of an intensity chan-ge, so we can easily alter the 4 LSBs with little or no percep-
tible difference.
Here we have shown these two images which illustrates why
Steganography has become famous and how an image does
not get distorted even if we embed secret or condential in-
formation.
(Original Image)
7/31/2019 eF Free 01.12. Teaser
12/1812
COMPUTER
INVESTIGATING FRAUD
IN WINDOWS-BASED DRI-VING EXAMINATION
THEORY SYSTEMS AND
SOFTWAREFraud can take many orms, can take place practically anywhere, any
when and any how. Theoretical driving examinations are now com-
puterized in most parts o the world and the overwhelming majo-
rity o such systems tend to have some to no security at all, relying
instead on the invigilators o the exam to catch those suspected o
raud. But, what happens when the invigilators ail and you, the di-
gital orensic investigator, is asked to look into the case? Where does
one start, where does one go and where does one end up? What do
we investigate, how do we go about it and what tools with?
In this article, I will attempt to share my experiences investi-
gating such systems from the point of view of the digital foren-
sic investigator who rst arrives in the scene of the crime, from
the moment of arrival to the end report submitted to the client.
Let us, then, start our journey from the moment we (the di-
gital forensic investigators) get the fateful call, where we are
told its a case of fraud in the Driving Test Centre and we have
been called to investigate it and present a report.
To begin with, it should be stated that, as most driving test
centres are part of a countrys internal services, we are goingto always be dealing with a mixture of government ofcials (of
middle-management persuasion) and local law enforcement,
and we are always going to be needing to deal with red-tape
-style bureaucracy, where everything is moving much more
slowly than when dealing with the private sector.
This means we are going to be dealing with the nightmare
scenario where our crime scene is possibly several months
old and very seriously tainted (as non-essential government
bodies tend to respond fairly slowly and after much red-tape to
such cases), and where normal digital forensic processes and
practices dont usually work. The nightmare comes from the
fact that, in such a scenario, you cannot explicitly trust the data
you collect or any information that you are given and cannot
corroborate in a straightforward way.
The data has been tainted, the exams are running 2-3 times
a week and the test centre cannot be closed down for the du-ration of the investigation, so we are told we have to release
the (many, plus servers) computers within a very specic and
nite length of time (1-2 days at most).
So, we arrive in the vicinity of the crime scene (the building).
7/31/2019 eF Free 01.12. Teaser
13/1813www.eForensicsMag.com
COMPUTER
DRIVE AND PARTITION
CARVING PROCEDURESThis article is the start o a series o papers that will take the reader
through the process o carving fles rom a hard drive. We explore
the various partition types and how to determine these (even on
ormatted disks), learn what the starting sector o each partition isand also work through identiying the length the sector or each
partition. In this, we cover the last two bytes o the MBR and why
they are important to the orensic analyst. This process is one that
will help the budding analyst or tester in gaining an understanding
o drive partitions and hence how they can recover and carve these
rom a damaged or ormatted drive. We start by learning about hard
disk drive geometry.
This article is the start of a series of papers that will the re-
ader through the process of carving les from a hard drive.
We explore the various partition types and how to determine
these (even on formatted disks), learn what the starting sector
of each partition is and also work through identifying the length
the sector for each partition. In this, we cover the last two by-
tes of the MBR and why they are important to the forensic
analyst. This process is one that will help the budding analyst
or tester in gaining an understanding of drive partitions and
hence how they can recover and carve these from a damaged
or formatted drive. We start by learning about hard disk drivegeometry.
The format of this article is a step by step process that is de-
signed to take the reader through the analysis of a hard drive.
Although the process may vary somewhat for each drive, the
fundamentals remain the same and following these steps will
allow the analyst to recover drive partitions that have been
damaged or formatted even when the automated tools fail.
THE BEGINNINGThere are a number of commands we shall be using in this
article that are fairly standard on most Linux distros. In this
article, it is assumed that the analyst has already creates abitwise raw image of the hard disk drive to be examined using
dd or a similar tool.
The commands we will start with to copy our MBR (master
boot record):
dd if=Image.dd of=MBR.img bs=512 count=1
ls -al *img
khexedit MBR.img &
Here, we rst extract the MBR from our image le (in this case
IMG.dd) and extract the data to a le called MBR.img. Note
that we have extracted only the rst 512 bytes and we can vali-
date the size of this image le using the command ls -al *img.
MASTER BOOT RECORD (MBR)In most drive formats (there are exceptions with some RISC
systems etc.) that we will analyse, each Partition entry is al-
ways 16 bytes in length. More, the end of any MBR marker is
0x55AA (ALWAYS)! Many modern Linux, Macintosh and the
most recent of Intel PCs have started using GPT instead of
MBR. MBR limits the size of partitions to 2.19TB, this is why
it starts to be replaced. We will look at other partition formats
in later papers.
Partition Oset Byte Place
1st 0x01BE 446
2nd 0x01CE 462
3rd 0x01DE 478
4th 0x01EE 492
Table 1 The HDD table
7/31/2019 eF Free 01.12. Teaser
14/1814
A Network breach...Could cost your Job!
GENERAL SECURITY TRAININGCISSPTM CISSP & Exam PrepC)ISSO Certied Information Systems Security OcerC)SLO Certied Security Leadership OcerISCAP Info. Sys. Certication & Accred. Professional
PENETRATION TESTING (AKA ETHICAL HACKING)C)PTETM Certied Penetration Testing EngineerC)PTCTM Certied Penetration Testing Consultant
SECURE CODING TRAININGC)SCETM Certied Secure Coding Engineer
WIRELESS SECURITY TRAINING
C)WSETM Certied Wireless Security EngineerC)WNA/PTM Certied Wireless Network Associate / Professional
DR&BCP TRAININGDR/BCP Disaster Recovery & Business Continuity Planning
VIRTUALIZATION BEST PRACTICESC)SVMETM Certied Secure Virtual Machine Engineer
DIGITAL FORENSICSC)DFETM Certied Digital Forensics Examiner
ISYOURNETWORKSECU
RE?
W
orldwideLocations
Global I.T. Security Training & Consulting
In February 2002, Mile2 was established in response to thecritical need for an international team of IT security training
experts to mitigate threats to national and corporate secu-
rity far beyond USA borders in the aftermath of 9/11.
Other Mile2 services available Globally:
1. Penetration Testing
2. Vulnerability Assessments
3. Forensics Analysis & Expert Witnesses
4. PCI Compliance
5. Disaster Recovery & Business Continuity
We practice what
we teach.....
1-800-81-MILE2+1-813-920-6799
INFORMATION ASSURANCE
SERVICES
mile2 Boot Camps
www.mile2.com
TM
1. F2F Classroom Based Training
2. CBT Self Paced CBT
3. LOT Live Online Training
4. KIT Study Kits & Exams
5. LHE Live Hacking Labs (War-Room)
Available Training Formats
Other New Courses!!ITIL Foundations v.3 & v.4CompTIA Security+, Network+ISC CISSP & CAP
SANS GSLC GIAC Sec. Leadership CourseSANS 440 Top 20 Security ControlsSANS GCIH GIAC Cert Incident Handler
(ISC)2 & CISSP are service marks of the IISSCC. Inc. Security+ is a trade mark of
CompTIA. ITIL is a trade mark of OGC.GSLC & GCIH are trademarks of GIAC.11928 Sheldon Rd Tampa, FL 33626
http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/7/31/2019 eF Free 01.12. Teaser
15/1815www.eForensicsMag.com
DATABASE
DETECTION OF
ATTACKSTHROUGH DEFAULT ACCO-
UNTS AND PASSWORDS IN
ORACLEAn Oracle database comes with many deault userids (and, worse,
well known deault passwords), which ideally shouldnt have a place
in a typical production database but database administrators may
have orgotten to remove the accounts or lock them ater setting up
production environment. This provides or one o the many ways an
adversary attacks a database system by attempting to guess the
presence o a deault userid and password, either by brute orce or
by a social engineering techniques. In this article you will learn how
to identiy such attacks and trace back to the source quickly and e-
ectively. You will also learn how to set up a honeypot to lure such
adversaries into attacking so as to disclose their identity. Besides,you will also be able to determine why a legitimate user account
gets locked out that needs unlocking or a password reset.
BACKGROUND
An Oracle database typically comes with several default ac-
counts. Some of them are necessary for database operations.
Examples of such userids are SYS and SYSTEM which have
the DBA privileges. Other default accounts such as SCOTT,SH, BI, etc. are for demonstration only and are never needed
by an application using that database. These accounts should
not have been created in the rst place. The database creation
assistant (DBCA) has a checkbox to install samples schema
(the SCOTT user), which should have been unchecked for a
production database. Many DBAs, while creating the databa-
se, likely ignore it resulting in the schema being present. In
other cases, the production database may be an upgrade from
its earlier incarnation as a development or QA database where
these sample schemas were indeed necessary and created.With the upgrade, these schemas have lost signicance; but in
the spirit of changing as little as possible during the database
upgrade, they are usually left untouched and continue to lin-
ger. Whatever the reason was, these default accounts leave a
backdoor entry to the database.
Another problem is the presence of default passwords.
7/31/2019 eF Free 01.12. Teaser
16/1816
In the Upcoming Issue of
Smartphone Forensics& More...
Available to download
on August 13th
I you would like to contact eForensics team, just send an email to [email protected]. We will
reply a.s.a.p.
eForensics Magazine has a rights to change the content o the next Magazine Edition.
FREE
http://www.senseofsecurity.com.au/7/31/2019 eF Free 01.12. Teaser
17/1817www.eForensicsMag.com
Quality
ntegrity
Sense of SecurityCompliance, Protection
and
www.senseofsecurity.com.au
Now Hiring
Sense of Security is an Australian based information security and risk management consulting
practice. From our offices in Sydney and Melbourne we deliver industry leading services and
research to our clients locally, nationally and internationally.
Since our inception in 2002, our company has performed tremendously well. We thrive on teamwork, service excellence and leadership through research and innovation. We are seeking
talented people to join our team. If you are an experienced security consultant with a thorough
understanding of Networking, Operation Systems and Application Security, please apply with a
resume to [email protected] and quote reference PTM-TS-12.
Teamwork
Innovation
Passion
http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/7/31/2019 eF Free 01.12. Teaser
18/18
The Only Magazine about Pentesting
200 Pages of the BestTechnical Content Every
Month
8500 Readers
4 Specialized Issues
PenTest gives an excellent opportunity to observe security trends on the market for thereaders, and for companies to share their invaluable knowledge.
From theory to practice, from methodologies and standards totools and real-life solutions!
http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/Top Related