Presented at
DEF CON 13 (2005),
July 29, 2005, noon
(50 minutes).
2.2 Abstract Unicornscan is an open source (GPL) tool designed to assist with information gathering and security auditing. This talk will contrast the real world problems we've experienced using other tools and methods while demonstrating the solutions that Unicornscan can provide.
We will use Unicornscan to collect information from large networks, data mine the collected information, and test systems for susceptibility to specific vulnerabilities.
Some of the more interesting content includes:
An introduction to the Scatter Connect method of TCP Connection State information tracking. How to get more mileage out of the information contained inside the TCP stream for OS and possibly application fingerprinting. How to avoid the kernel fixing packets that we have specifically created to be invalid. How to deliver platform specific exploits using just the information from one Target response packet (SYN/ACK). How to take stable working exploits and use Unicornscan as a delivery agent. During the talk we will release a new DEFCON specific version of Unicornscan that contains many enhancements that we will demonstrate during the talk. The DEFCON version will also contain a couple of special payload configuration files not included in the standard release. To get the most out of this talk attendees should have a strong working knowledge of TCP/IP, C programming, assembly, and OS/Application fingerprinting techniques.
Presenters:
-
Robert E. Lee
- Founder, Dyad Labs
Robert E. Lee serves as Dyad Labs's Chief Executive Officer. Robert's primary roles include technology and software development, security research, and education program initiatives. Robert functions as the primary contact interfacing with clients for Dyad Labs. Robert also serves as the Director of Projects & Resources for the Institute for Security and pen Methodologies. Robert is a key contributor to the Open Source Security Testing Methodology Manual, Unicornscan, and Cruiser (no URL yet) projects. Robert maintains his OSSTMM Professional Security Tester (OPST) & OSSTMM Professional Security Analyst (OPSA) certifications from the Institute for Security and Open Methodologies (ISECOM).
-
Jack C. Louis
- Founder, Dyad Labs
Jack C. Louis is a Senior Security Researcher for Dyad Labs. He has a background in core networking technologies, systems programming, and electronics. Jack is the lead programmer behind Unicornscan, a distributed data information engine for the the OSACE project. Jack is also the lead author of cruiser, a web application testing tool in the OSACE suite. Jack has given lectures on building secure software, offensive programming, and building miscellaneous electronic components to solve a wide variety of problems at hand. Jack is also an ISECOM OPST & OPSA Certified Instructor.
Links:
Similar Presentations: