13 – References

1 – Introduction
Evers, Joris (2005, June 1). Panel paints grim picture of cybercrime battle. CNET news.com

Rollins, John and Wilson, Clay. (2005, October 5) Terrorist Capabilities for Cyberattack: Overview and Policy Issues. CRS Report for Congress – order code RL33-123.

Magregor, Pat. (2001, October 3). Cyberterrorism: The Bloodless War? Powerpoint presentation

Sutherland, Blake. (2006, December 4). Enemy at the Gates! Your Computer Systems Are Under Attack. Radiology Today, Vol. 7 No. 24 P. 12.

2 – Preparation
Ross, Ron et al. (2006, December). Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53. National Institute of Standards and Technology, U.S. Dept of Commerce.

Ross, Ron et al. (2007, June). Guide for Assessing the Security Controls in Federal Information Systems, NIST Special Publication 800-53A, Third Public Draft. National Institute of Standards and Technology, U.S. Dept of Commerce.

Bowen, Hash & Wilson. (2006, October). Information Security Handbook: A Guide for Managers, NIST Special Publication 800-100. National Institute of Standards and Technology, U.S. Dept of Commerce.

Ibid., 88.

Hammond, Grant T. (2001). The Mind of War, John Boyd and American Security. Smithsonian Books.

Sun Tzu. (6th century BC). The Art of War. Retrieved from http://en.wikiquote.org/wiki/The_Art_of_War

Hammond, Grant T. (2001). The Mind of War, John Boyd and American Security. Smithsonian Books.

Schmitt, John F. (1989). Fleet Marine Forces Manual-1 Warfighting. U.S. Marine Corps.

3 – Using Google for Reconnaissance
Long, Johnny. (2005). Google Hacking for Penetration Testers. Rockland, MA. Syngress Publishing.

Long, Johhny. (2007). Google Hacking Database. Retrieved June 10, 2007 http://johnny.ihackstuff.com/ghdb.php

4 – Perimeter
Metasploit. The Metasploit Project. Downloaded from http://www.metasploit.com

Nmap. Insecure.org. Downloaded from http://insecure.org/nmap

Nessus. Tenable Network Security. Downloaded from http://www.nessus.org

5 – Wireless Network

Kershaw, Mike. Kismet. Downloaded from www.kismetwireless.org

Backtrack2. RemoteExploits. Downloaded from www.remoteexploits.org

Aircrack. Downloaded from http://www.aircrack-ng.org

Vladimirov, Gavrilenko, & Mikhailovsky. (2004). WI-FOO, The Secrets of Wireless Hacking. Addison Wesley.

Peikari, Cyrus and Fogie, Seth. (2003). Wireless, Maximum Security. SAMS.

Hurley, Thornton, Puchol, & Rogers. (2004). Wardriving, Drive, Detect, Defend. Syngress.

Gast, Matthew. (2005). 802.11 Wireless Networks: The Definitive Guide, Second Edition. O’Reilly.

6 – Bypass
Rutkowska, Joanna. (2006, March). Rootkits vs. Stealth by Design Malware. Powerpoint presentation from BlackHat Europe 2006, Amsterdam.

Heyman, Karen. (2007, April 23). New Attack Tricks Antivirus Software. Computer Magazine – IEEE Computer Society. Retrieved from http://www.computer.org/portal/cms_docs_computer/computer/homepage/May07/COM_018-020.pdf

Evers, Joris. (2006, October 13). The future of malware: Trojan horses. CNET Networks.

Skoudis, Ed. (2006, December 13). What Are Polymorphic Viruses? TechTarget. Retrieved from http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1247142,00.html

Jackson, Don. (2007, March 21). Gozi Trojan. SecureWorks. Retrieved from http://www.secureworks.com/research/threats/gozi

Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov and Wenke Lee. (2006, August). Polymorphic Blending Attacks. 15th Usenix Security Symposium. Vancouver, BC, Canada.

Secureworks. (2004, August). Hackers make the evolutionary leap – Download.Ject signals new wave of attack methods. Retrieved from http://www.secureworks.com/research/newsletter/2004/08/

Giani, Berk and Cybenko. (2006) Data Exfiltration and Covert Channels. Giani_SPIE2006.pdf. Thayer School of Engineering, Dartmouth College, Hanover, NH 03755 USA

Koot, Matthijs and Smeets, Mark. (2006, February 5). Research Report: Covert Channels. University of Amsterdam

8 – Entrench
Ed skoudis on SANS – “Windows Command-Line Kung Fu with WMIC”
http://isc.sans.org/diary.html?storyid=1229

Microsoft. (2007). Using the Windows Management Instrumentation Command-line (WMIC) tool. Retrieved from http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic.mspx

Microsoft. (2007). Wmic. Retrieved from http://msdn2.microsoft.com/en-us/library/aa394531.aspx

Johansson, Jesper & Riley, Steve (2005) Protect Your Windows Network – from perimeter to data. New Jersey: Addison-Wesley

Pwdumpx. Retrieved from http://reedarvin.thearvins.com/tools.html

Oechslin, Phillippe (2005) Password Cracking: Rainbow Tables Explained Retrieved from https://www.isc2.org/cgi-bin/content.cgi?page=738

9 – Zero Day

Microsoft. (2007). Microsoft Security Bulletin MS07-017. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

Sotirov, Alexander. (2007). Windows Animated Cursor Stack Overflow Vulnerability. Determina Security Research. Retrieved from http://www.determina.com/security.research/vulnerabilities/ani-header.html

Naraine, Ryan. (2007, March 30). Microsoft knew of Windows .ANI flaw since December 2006. retrieved from
http://blogs.zdnet.com/security/?p=143

Sotirov, Alexander. (2007). Exploiting Vista with ANI. Determina Security Research. retrieved from http://determina.blogspot.com/2007/04/exploiting-vista-with-ani-html

Microsoft. (2007). Microsoft Security Bulletin MS07-029. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx

Microsoft. (2007). Microsoft Security Bulletin MS07-004. Retrieved from http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

Naraine, Ryan. (2007, January 11). Exploit Released for Critical PC Hijack Flaw. eWeek.com

Ollman, Gunther. (2007). The 0-day Blues. Retrieved from http://www.technicalinfo.net/opinions/opinion030.html

10 – Distributed Denial of Service

Nariane, Ryan. (2006, October 6). Is the Botnet Battle Already Lost? eWeek.com.

Higgins, Kelly Jackson. (2007, January 7). Botnets Don Invisibility Cloaks. Dark Reading.

Lemos, Robert. (2006, May 02). Bot Software looks to improve peerage. Retrieved from www.securityfocus.com/news/11390

Dittrich, Dave. (2007, June 12). Distributed Denial of Service (DDoS) Attacks/tools. Retrieved from http://staff.washington.edu/dittrich/misc/ddos/

Vaas, Lisa. (2007, April 16). Researchers: Botnets Getting Beefier. eWeek.com. Retrieved from http://www.eweek.com/article2/0,1759,2114741,00.asp

Nazario, Jose. (2007). Botnet Tracking: Nazario, Jose “Botnet Tracking. Black Hat DC 2007.

11 – Aftermath and Lessons Learned

Skoudis, Ed and others. (2005). SANS courseware, SEC 504 Hacker Techniques, Exploits & Incident Handling. SANS Institute.

Messmer, Ellen. (2007, February 9). RSA – US cyber counterattack: Bomb one way or another. Retrieved from http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html

Bejtlich, Richard. (2005). Extrusion Detection. Addison Wesley.

Rogin, Josh. (2007, Feb 13). Cyber officials: Chinese hackers attack ‘anything and everything’. Federal Computer Week.

Tzu. (6th century BC). The Art of War. Retrieved from http://en.wikiquote.org/wiki/The_Art_of_War

Leave a Reply

You must be logged in to post a comment.