13 – References
1 – Introduction
Evers, Joris (2005, June 1). Panel paints grim picture of cybercrime battle. CNET news.com
Rollins, John and Wilson, Clay. (2005, October 5) Terrorist Capabilities for Cyberattack: Overview and Policy Issues. CRS Report for Congress – order code RL33-123.
Magregor, Pat. (2001, October 3). Cyberterrorism: The Bloodless War? Powerpoint presentation
Sutherland, Blake. (2006, December 4). Enemy at the Gates! Your Computer Systems Are Under Attack. Radiology Today, Vol. 7 No. 24 P. 12.
2 – Preparation
Ross, Ron et al. (2006, December). Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53. National Institute of Standards and Technology, U.S. Dept of Commerce.
Ross, Ron et al. (2007, June). Guide for Assessing the Security Controls in Federal Information Systems, NIST Special Publication 800-53A, Third Public Draft. National Institute of Standards and Technology, U.S. Dept of Commerce.
Bowen, Hash & Wilson. (2006, October). Information Security Handbook: A Guide for Managers, NIST Special Publication 800-100. National Institute of Standards and Technology, U.S. Dept of Commerce.
Ibid., 88.
Hammond, Grant T. (2001). The Mind of War, John Boyd and American Security. Smithsonian Books.
Sun Tzu. (6th century BC). The Art of War. Retrieved from http://en.wikiquote.org/wiki/The_Art_of_War
Hammond, Grant T. (2001). The Mind of War, John Boyd and American Security. Smithsonian Books.
Schmitt, John F. (1989). Fleet Marine Forces Manual-1 Warfighting. U.S. Marine Corps.
3 – Using Google for Reconnaissance
Long, Johnny. (2005). Google Hacking for Penetration Testers. Rockland, MA. Syngress Publishing.
Long, Johhny. (2007). Google Hacking Database. Retrieved June 10, 2007 http://johnny.ihackstuff.com/ghdb.php
4 – Perimeter
Metasploit. The Metasploit Project. Downloaded from http://www.metasploit.com
Nmap. Insecure.org. Downloaded from http://insecure.org/nmap
Nessus. Tenable Network Security. Downloaded from http://www.nessus.org
5 – Wireless Network
Kershaw, Mike. Kismet. Downloaded from www.kismetwireless.org
Backtrack2. RemoteExploits. Downloaded from www.remoteexploits.org
Aircrack. Downloaded from http://www.aircrack-ng.org
Vladimirov, Gavrilenko, & Mikhailovsky. (2004). WI-FOO, The Secrets of Wireless Hacking. Addison Wesley.
Peikari, Cyrus and Fogie, Seth. (2003). Wireless, Maximum Security. SAMS.
Hurley, Thornton, Puchol, & Rogers. (2004). Wardriving, Drive, Detect, Defend. Syngress.
Gast, Matthew. (2005). 802.11 Wireless Networks: The Definitive Guide, Second Edition. O’Reilly.
6 – Bypass
Rutkowska, Joanna. (2006, March). Rootkits vs. Stealth by Design Malware. Powerpoint presentation from BlackHat Europe 2006, Amsterdam.
Heyman, Karen. (2007, April 23). New Attack Tricks Antivirus Software. Computer Magazine – IEEE Computer Society. Retrieved from http://www.computer.org/portal/cms_docs_computer/computer/homepage/May07/COM_018-020.pdf
Evers, Joris. (2006, October 13). The future of malware: Trojan horses. CNET Networks.
Skoudis, Ed. (2006, December 13). What Are Polymorphic Viruses? TechTarget. Retrieved from http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1247142,00.html
Jackson, Don. (2007, March 21). Gozi Trojan. SecureWorks. Retrieved from http://www.secureworks.com/research/threats/gozi
Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov and Wenke Lee. (2006, August). Polymorphic Blending Attacks. 15th Usenix Security Symposium. Vancouver, BC, Canada.
Secureworks. (2004, August). Hackers make the evolutionary leap – Download.Ject signals new wave of attack methods. Retrieved from http://www.secureworks.com/research/newsletter/2004/08/
Giani, Berk and Cybenko. (2006) Data Exfiltration and Covert Channels. Giani_SPIE2006.pdf. Thayer School of Engineering, Dartmouth College, Hanover, NH 03755 USA
Koot, Matthijs and Smeets, Mark. (2006, February 5). Research Report: Covert Channels. University of Amsterdam
8 – Entrench
Ed skoudis on SANS – “Windows Command-Line Kung Fu with WMIC”
http://isc.sans.org/diary.html?storyid=1229
Microsoft. (2007). Using the Windows Management Instrumentation Command-line (WMIC) tool. Retrieved from http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic.mspx
Microsoft. (2007). Wmic. Retrieved from http://msdn2.microsoft.com/en-us/library/aa394531.aspx
Johansson, Jesper & Riley, Steve (2005) Protect Your Windows Network – from perimeter to data. New Jersey: Addison-Wesley
Pwdumpx. Retrieved from http://reedarvin.thearvins.com/tools.html
Oechslin, Phillippe (2005) Password Cracking: Rainbow Tables Explained Retrieved from https://www.isc2.org/cgi-bin/content.cgi?page=738
9 – Zero Day
Microsoft. (2007). Microsoft Security Bulletin MS07-017. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
Sotirov, Alexander. (2007). Windows Animated Cursor Stack Overflow Vulnerability. Determina Security Research. Retrieved from http://www.determina.com/security.research/vulnerabilities/ani-header.html
Naraine, Ryan. (2007, March 30). Microsoft knew of Windows .ANI flaw since December 2006. retrieved from
http://blogs.zdnet.com/security/?p=143
Sotirov, Alexander. (2007). Exploiting Vista with ANI. Determina Security Research. retrieved from http://determina.blogspot.com/2007/04/exploiting-vista-with-ani-html
Microsoft. (2007). Microsoft Security Bulletin MS07-029. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx
Microsoft. (2007). Microsoft Security Bulletin MS07-004. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
Naraine, Ryan. (2007, January 11). Exploit Released for Critical PC Hijack Flaw. eWeek.com
Ollman, Gunther. (2007). The 0-day Blues. Retrieved from http://www.technicalinfo.net/opinions/opinion030.html
10 – Distributed Denial of Service
Nariane, Ryan. (2006, October 6). Is the Botnet Battle Already Lost? eWeek.com.
Higgins, Kelly Jackson. (2007, January 7). Botnets Don Invisibility Cloaks. Dark Reading.
Lemos, Robert. (2006, May 02). Bot Software looks to improve peerage. Retrieved from www.securityfocus.com/news/11390
Dittrich, Dave. (2007, June 12). Distributed Denial of Service (DDoS) Attacks/tools. Retrieved from http://staff.washington.edu/dittrich/misc/ddos/
Vaas, Lisa. (2007, April 16). Researchers: Botnets Getting Beefier. eWeek.com. Retrieved from http://www.eweek.com/article2/0,1759,2114741,00.asp
Nazario, Jose. (2007). Botnet Tracking: Nazario, Jose “Botnet Tracking. Black Hat DC 2007.
11 – Aftermath and Lessons Learned
Skoudis, Ed and others. (2005). SANS courseware, SEC 504 Hacker Techniques, Exploits & Incident Handling. SANS Institute.
Messmer, Ellen. (2007, February 9). RSA – US cyber counterattack: Bomb one way or another. Retrieved from http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html
Bejtlich, Richard. (2005). Extrusion Detection. Addison Wesley.
Rogin, Josh. (2007, Feb 13). Cyber officials: Chinese hackers attack ‘anything and everything’. Federal Computer Week.
Tzu. (6th century BC). The Art of War. Retrieved from http://en.wikiquote.org/wiki/The_Art_of_War
Leave a Reply
You must be logged in to post a comment.