network forensics - hackfest · “network forensics is the idea of being able to ... 173.194.9.152...

Network Forensics

Upload: dinhdan

Post on 02-Aug-2018

218 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Network Forensics

LOIAvant d’analyser ou effectué des captures

réseau assurez-vous d’avoir les droits.

Page 3: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Plan De Prez

Page 4: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

QUI

???? Network Forensics ????

“Network forensics is the idea of being able to resolve network problems through captured network traffic”-L’internet

Sniffertapport spanwirelesshost base

Format pcap ? netflow

Page 7: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

ATTENTION !!!!

Page 8: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

FLOW != PCAP

Page 9: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Outils-Wireshark

-Tcpdump

-scapy

-Netwitness Investigator

-NetworkMiner

-Xplico

-Microsoft Message Analyzer

Page 10: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Wireshark

Page 11: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

TCPDump

Page 12: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Scapy

Page 13: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

NetWitness Inverstigator

Page 14: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

NetworkMiner

Page 15: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Xplico

Page 16: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Microsoft Message Analyser

Page 17: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Microsoft Message Analyser

Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl

netsh trace stop

Page 18: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Cas d’usage

DNS● Requête louche dans netflow (1 go dns ???)● Requête à des dns externe

Page 19: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Cas d’usage

WIFI Decrypt wpa/wpa2● wpa-pwd SSID:PASS● wpa-psk RAW hashDecrypt SSL

Page 20: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Cas d’usage

Écrire règle IDS● snortalert tcp any any -> any 80 (content:"or 1=1"; content:"exploit"; http_cookie;)

Page 21: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Cas d’usage

Reconstruire conversation téléphonique

Page 22: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)

Cas d’usage

Trouver fuite de donnée● Ping● DNS● HTTP(s)● tcp/udp● Autre forme obscure

CTK Hackfest Testing framework November 2011 Inria – Sofia Antipolis

Windows 8 Forensics & Anti Forensics

OSM#10 Hackfest

Hackfest presentation.pptx

iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

OSM Hackfest Session 1osm-download.etsi.org/ftp/osm-5.0-five/6th-hackfest...• Tenant: osm_hackfest_X • Tenant user: osm_hackfest_X • Tenant password: osm_hackfest_X Where X goes

OSM#9 Hackfestosm-download.etsi.org/ftp/osm-7.0-seven/OSM9-hackfest/presentati… · © ETSI 2020 OSM#9 Hackfest Hybrid Network Service Deployment Demonstration Mark Beierl (Canonical)

Green Hackfest 2014

OSM 7th Hackfest

CTK Hackfest Slicer and CTK

WebRTC(s) in WebKit(s)! (Web Engines Hackfest 2017)

OSM Hackfest Session 6 Introduction to Proxy Charms · © ETSI 2019 OSM Hackfest –Session 6 Introduction to Proxy Charms Dominik Fleischmann, David Garcia (Canonical)

Introduction to Proxy Charms OSM Hackfest – Session 7.1 ...osm-download.etsi.org/ftp/osm-6.0-six/8th-hackfest... · © ETSI 2019 OSM Hackfest – Session 7.1 Introduction to Proxy

The Steacie Library Dungeon Hackfest: Hackers in the

Healthcare's Grand Hackfest Keynote - HOWTO: Project Scoping

Blue team reboot - HackFest

OSM Hackfest - Session 5 · © ETSI 2017 OSM Hackfest –Session 7b Adding Charms to your VNF Descriptor Adam Israel (Canonical)

Django Girls' aftermath - Hackfest · Gender, technology & commons Django Girls' aftermath HackFest, 3 June 2017 @ hackerspace.gr Natalia-Rozalia Avlona, Aristotle University of Thessaloniki

OSM Hackfest - Introduction to NFV and OSM

Adding day-0 configuration to VNFs OSM Hackfest – Session 5osm-download.etsi.org/ftp/osm-6.0-six/8th-hackfest/presentations/8t… · © ETSI 2019 OSM Hackfest – Session 5 Adding

OSM 5th Hackfest – Welcome...Welcome to 5th OSM Hackfest Security • Each morning, arrive in the lobby • You do not need an escort to enter and leave this building. • Hackfest

NS: hackfest multivdu nsd VNF: hackfest multivdu vnfd CP

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

OSM-MR#9 Hackfest OSM in Production

OSM MR8 Hackfest – Hack 4 Running …osm-download.etsi.org/ftp/osm-7.0-seven/MR8-hackfest...•Storage: persistent volumes, persistent volume claims •… •TWO ways to deploy

A Short Introduction to Servo (Web Engines Hackfest 2014)

VNF Onboarding Walkthrough OSM Hackfest – Session 9.1 …osm-download.etsi.org/ftp/osm-6.0-six/8th-hackfest... · 2019. 11. 21. · © ETSI 2019 OSM Hackfest – Session 9.1 VNF

HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)

Hackfest at Nokia

CTK Hackfest Slicer and CTK November 2011 Inria – Sofia Antipolis

Techniques d’enquête et - Hackfest

OpenDNIe Hackfest

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

Streams API (Web Engines Hackfest 2015)

OSM Hackfest – Guidelines for VNF builders · © ETSI 2019 OSM Hackfest – Guidelines for VNF builders Adrián Candel (Altran) Guillermo Calviño (Altran)