7/31/2019 eF Free 01.12. Teaser

1/181www.eForensicsMag.com

Issue 1/2012 (1) July

ORACLE FORENSICSDetection of Attacks Through

Default Accounts and Passwordsin Oracle

FREEVOL. 1 NO. 1

ADVANCED STEGANOGRAPHY:

ADD SILENCE TO SOUND

LIVE CAPTURE PROCEDURES

MOBILE PHONE FORENSICS:

HUGE CHALLENGE OF THE FUTURE

ISSUES IN MOBILE DEVICE FORENSICS

INVESTIGATING FRAUD IN WINDOWS-BASED DRIVING

EXAMINATION THEORY SYSTEMS AND SOFTWARE

DRIVE AND PARTITION CARVING PROCEDURES

7/31/2019 eF Free 01.12. Teaser

2/18

http://www.titania.com/http://www.titania.com/http://www.titania.com/

7/31/2019 eF Free 01.12. Teaser

3/183www.eForensicsMag.com

Although various tools exist that can examinesome elements of a configuration, the assessmentwould typically end up being a largely manualprocess. Nipper Studio is a tool that en-ables penetration testers, and non-securityprofessionals, to quickly perform a detailed

analysis of network infrastructure devices.Nipper Studio does this by examining theactual configuration of the device, enablinga much more comprehensive and preciseaudit than a scanner could ever achieve.

With Nipper Studio penetration testerscan be experts in every device that thesoftware supports, giving them the abil-ity to identify device, version and con-figuration specific issues without havingto manually reference multiple sourcesof information. With support for around100 firewalls, routers, switches and other

infrastructure devices, you can speedup the audit process without compro-

mising the detail.You can customize the audit policy foryour customers specific requirements(e.g. password policy), audit the de-vice to that policy and then create thereport detailing the issues identified.The reports can include device spe-cific mitigation actions and be custom-ized with your own companies styling.Each report can then be saved in a

variety of formats for management ofthe issues.

Ian has been working with leading global organizations and government agencies to help improvecomputer security for more than a decade. He has been accredited by CESG for his security and

team leading expertise for over 5 years. In 2009 Ian Whiting founded Titania with the aim of produc-ing security auditing software products that can be used by non-security specialists and provide

the detailed analysis that traditionally only an experienced penetration tester could achieve. TodayTitanias products are used in over 40 countries by government and military agencies, financial institu-

tions, telecommunications companies, national infrastructure organizations and auditing companies,to help them secure critical systems.

www.titania.com

http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/http://www.titania.com/

7/31/2019 eF Free 01.12. Teaser

4/184

Dear Readers!

Digital forensics is a very young eld of science but

nowadays its becoming more and more popular.

Although it was originally designed for invesga-ng crimes, soon it has become a big part of com-

puter systems engineering and contributed to the

development of mobile devices. To meet your pro-

fessional interests we have created a new publica-

on devoted to digital forensic issues. I present to

you our rst eForensics ospring - eForensics Free

Magazine. Its a monthly compilaon of the best

arcles from four tles: eForensics Mobile, eForen-

sics Computer, eForensics Database and eForensicsNetwork.

Within the issue of eForensics Free you will nd

two posions concerning mobile forensics, an ar-

cle about network forensics, three pieces focused

on computer forensics and an arcle about databa-

se forensics.

The arcle created by M-Tahar Kechadi and La-

mine Aoud will discuss an increasingly important

role of mobile forensics in criminal invesgaons,law disputes and in informaon security. Eamon

Doherty will describe tools used to recover data

from mobile devices.

Craig S. Wright will introduce you to free tools

which can be used to create a powerful network

forensics and incident response toolkit. Arup Nan-

da will show you how to idenfy potenal aacks

by adversaries through default accounts. George

Chlapoutakis guides you step by step through digi-

tal forensic invesgaon.

Last but not least, I would like to announce the

beginning of two arcle series. One of them, by

Craig S. Wright, will take you through the process

of carving les from a hard drive . The other, by

Praveen Parihar, will take you on a journey through

advanced Steganography.

Thank you all for your great support and invaluable

help.

Enjoy reading!

Aleksandra Bielska

& eForensics Team

Logo eForensics Magazine napis Free

TEAM

Editor: Aleksandra Bielska

aleksandra.bielska@sotware.com.pl

Associate Editors: Sudhanshu Chauhan (sudhan-

shu.chauhan@sotware.com.pl), Praveen Parihar

(praveen.parihar@sotware.com.pl), Hussein Rajabali

(hussein.rajabali@sotware.com.pl)

Betatesters/Proofreaders: Nicolas Villatte, Je We-

aver, Danilo Massa, Cor Massar, Jason Lange, Himan-

shu anand, Dan Hill, Raymond Morsman, Alessandro

Fiorenzi, Nima Majidi, Dave Mikesch, Brett Shavers,

Cristian Bertoldi, Jacopo Lazzari, Juan Bidini, Olivier

Cale, Johan Snyman

Senior Consultant/Publisher: Pawe Marciniak

CEO: Ewa Dudzic

ewa.dudzic@sotware.com.pl

Art Director: Mateusz Jagielski

mateuszjagielski@gmail.com

DTP: Mateusz Jagielski

Production Director:Andrzej Kuca

andrzej.kuca@software.com.pl

Marketing Director: Ewa Dudzic

Publisher: Sotware Media Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.eorensicsmag.com

DISCLAIMER!

The techniques described in our articles may only be

used in private, local networks. The editors hold no

responsibility for misuse of the presented techniques or

consequent data loss.

7/31/2019 eF Free 01.12. Teaser

5/185www.eForensicsMag.com

6 . ISSUES IN MOBILE DEVICE FORENSICS

by Eamon DohertyThis article discusses some of the mobile devices and accessories that one may encounter on a suspect during

an investigation, examples of usage of these mobile devices and accessories and the tools that one can use to

examine them. The article also starts off with some certications that make one more marketable in this emerging

eld. In this article author discusses using tools such as Access Datas FTK, Guidance Softwares Encase, and

RecoverMyFiles to recover evidence from a digital camera with a FAT le system.

12. MOBILE PHONE FORENICS: HUGE CHALLENGE OF THE FUTURE

by M-Tahar Kechadi, Lamine AouadWhile the processes and procedures are well established in traditional hard drive based computer forensics, their

counterparts for the rapidly emerging mobile ecosystem have proven to be much more challenging. In this article

author shares some thoughts about the reasons leading to this, as well as the current state of mobile digital foren-

sics, what is needed, and what to expect in the future.

8. LIVE CAPTURE PROCEDURES

by Craig S. WrightAs we move to a world of cloud based systems, we are increasingly nding that we are required to capture and

analyse data over networks. Once, analysing a disk drive was a source of incident analysis and forensic material.Now we nd that we cannot access the disk in an increasingly cloud based and remote world requiring the use of

network captures. This is not a problem however. The tools that are freely available in both Windows and Linux offer

a means to capture trafc and carve out the evidence we require. In this article author introduces a few tools that,

although free, can be used together to create a powerful network forensics and incident response toolkit.

24. ADVANCED STEGANOGRAPHY: ADD SILENCE TO SOUND

by Praveen PariharSteganography is a very comprehensive topic for all techno-geeks because it involves such an interesting and

comprehensive analysis to extract the truth, as we have heard this term many times in the context of terrorist acti-

vities and their communications. In this article author discusses methods of Steganography.

28. INVESTIGATING FRAUD IN WINDOWS-BASED

DRIVING EXAMINATION THEORY SYSTEMS AND SOFTWARE

by George ChlapoutakisFraud can take many forms, can take place practically anywhere, any when and any how. Theoretical driving exa-

minations are now computerized in most parts of the world and the overwhelming majority of such systems tend to

have some to no security at all, relying instead on the invigilators of the exam to catch those suspected of fraud.

But, what happens when the invigilators fail and you, the digital forensic investigator, is asked to look into the ca -

se?In this article author shares his experience from the point of view of the digital forensics investigator.

32. DRIVE AND PARTITION CARVING PROCEDURES

by Craig S. WrightThis article is the start of a series of papers that will take the reader through the process of carving les from a hard

drive. We explore the various partition types and how to determine these (even on formatted disks), learn what the

starting sector of each partition is and also work through identifying the length the sector for each partition. In this,

we cover the last two bytes of the MBR and why they are important to the forensic analyst. We start by learning

about hard disk drive geometry. In this article author takes the reader through the process of carving les from a

hard drive.

38. DETECTION OF ATTACKS THROUGH DEFAUL ACCOUNTS

AND PASSWORDS IN ORACLE

by Arup Nanda

An Oracle database comes with many default userids (and, worse, well known default passwords), which ideallyshouldnt have a place in a typical production database but database administrators may have forgotten to remo -

ve the accounts or lock them after setting up production environment. This provides for one of the many ways an

adversary attacks a database system by attempting to guess the presence of a default userid and password,

either by brute force or by a social engineering techniques. In this article author will show you how to identify such

attacks and trace back to the source quickly and effectively. You will also learn how to set up a honey pot to lure

such adversaries into attacking so as to disclose their identity.

MOBILE

NETWORK

COMPUTER

DATABASE

http://www.pannone.com/

7/31/2019 eF Free 01.12. Teaser

6/186

MOBILE

http://www.pannone.com/

7/31/2019 eF Free 01.12. Teaser

7/187www.eForensicsMag.com

CYBER CRIMELAWYERS

Pannone are one o the frst UK frms to recognise theneed or specialist cyber crime advice. We can bothdeend and prosecute matters on behal o privateindividuals and corporate bodies.

We are able to examine material or secure evidencein-situ and will then represent your needs at every stepo the way.

Our team has a wealth o experience in this growingarea and are able to give discrete, specialist advice.

www.pannone.com

Please contact David Cook on

0161 909 3000or a discussion in confdence or email

david.cook@pannone.co.uk

http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/http://www.pannone.com/

7/31/2019 eF Free 01.12. Teaser

8/188

MOBILE

MOBILE PHONE

FORENSICS:HUGE CHALLENGE OF THE

FUTUREWhile the processes and procedures are well established in tra-ditional hard drive based computer orensics, their counterparts orthe rapidly emerging mobile ecosystem have proven to be muchmore challenging. This article shares some thoughts about the re-asons leading to this, as well as the current state o mobile digitalorensics, what is needed, and what to expect in the uture.

The information and data era is rapidly evolving. As a result,

there has been an exponential growth of consumer electro-

nics, and especially mobile devices over the past few years,

with ever-increasing trends and forecasts for the coming

years. Mobile devices have already overtaken PCs, and mobi-

le data trafc is expected to increase 18-fold over the next ve

years to approach 11 Exabyte per month, according to Cisco

systems [1]. Their computing power, storage, and functionality

have tremendously increased. Phones have been transfor-

med from simple handheld devices, essentially emitting and

receiving calls or text messages, into highly effective devicescapable of doing more or less everything a desktop or a laptop

computer can do, and even more. A large range of Android

-based smartphones, iPhones, BlackBerrys, and even tablets

products, are all examples of these mobile devices. Their ty-

pical storage capacity today is higher than a powerful desktop

back in the late 1990s! And the vast majority can also be fed

memory cards.

This tremendous computational and storage capacity have

turned mobile devices into data repositories capable of com-

puting and storing a large amount of personal, organisatio-

nal and also sensorial information. Indeed, although these

devices can be input limited, they have remarkable contextawareness because of all the sensors and various connectivi-

ty options. Unfortunately, criminals use this technology. They

have not missed this proliferation of mobile systems and its

data revolution, and these devices are being used as a sup-

port to criminal activities.

For instance, earlier this year, a US ofcer found out that the

suspect he was about to arrest was using his smartphone to

listen to the police secure channels streaming via the Inter-

net! [2]. All classes of crimes can involve some type of digital

evidence (a photo, a video, a received or emitted call, messa-

ges, web pages, etc.). These devices are also commonly used

is social networking nowadays, and in carrying out sensitive

operations online, including online banking, shopping, electro-

nic reservations, etc. Hacking becomes then a huge problem.

In February 2011, hackers were remotely monitoring the calls

made and received from about 150,000 infected mobile de-

vices in China [3]. Another example is the Zeus man-in-the-mobile Trojan, discovered in September 2010, which was the

rst Trojan in the mobile devices environment to compromise

the online bankings two-factor authentication mechanism [4]

[5]. It is indeed quite easy for cyber criminals to build a Trojan

application nowadays [6], because these mobile systems are

at their early stages.

Valuable information can then be obtained from a mobile de-

vice: text messages, e-mails, communication logs, contacts,

multimedia les, geo-location information (GPS and Wi-Fi hot-

spots), etc. These can only help answering crucial questions

in cybercrime investigations, and solve the related cases. Ho-wever, there are still a huge number of challenges facing a

forensics investigator in obtaining forensically sound evidence

from these devices. In this article, we present the process of

recovering digital evidence and its challenges, and then share

some information about current methods and tools, and few

prospects for the future.

7/31/2019 eF Free 01.12. Teaser

9/189www.eForensicsMag.com

http://www.secureninja.com/http://www.secureninja.com/http://www.secureninja.com/

7/31/2019 eF Free 01.12. Teaser

10/1810

NETWORK

LIVE CAPTURE

PROCEDURESAs we move to a world o cloud based systems, we are increasingly

fnding that we are required to capture and analyse data over ne-

tworks. Once, analysing a disk drive was a source o incident analysis

and orensic material. Now we fnd that we cannot access the disk inan increasingly cloud based and remote world requiring the use o

network captures. This is not a problem however. The tools that are

reely available in both Windows and Linux oer a means to capture

traffi c and carve out the evidence we require.

As we move to a world of cloud based systems, we are in-

creasingly nding that we are required to capture and analyse

data over networks. To do this, we need to become familiar

with the various tools that are available for these purposes.

In this article, we look at a few of the more common free tools

that will enable you to capture trafc for analysis within your

organisation.

Once, analysing a disk drive was a source of incident analy-

sis and forensic material. Now we nd that we cannot access

the disk in an increasingly cloud based and remote world

requiring the use of network captures. This is not a problem

however. The tools that are freely available in both Windows

and Linux offer a means to capture trafc and carve out the

evidence we require.

For this reason alone we would require the ability to capture

and analyse data over networks, but when we start to add allof the other benets, we need to ask, why are you not already

doing this?

LIVE CAPTURE PROCEDURESIn the event that a live network capture is warranted, we can

easily run a network sniffer to capture communication flows

to and from the compromised or otherwise suspect system.

There are many tools that can be used (such as WireShark,

SNORT and others) to capture network trafc, but Tcpdump is

generally the best capture program when set to capture raw

trafc. The primary benet is that this tool will minimize any

performance issues while allowing the data to be captured in a

format that can be loaded into more advanced protocol analy-sers for review.

That stated there are only minor differences between Tc-

pdump and Windump and most of what you can do in one is

the same on the other (some flags do vary).

TcpdumpTcpdump uses the libpcap library. This can capture trafc

from a le or an interface. This means that you can save a

capture and analyse it later. This is a great aid in incident re-

sponse and network forensics.

With a le such as, capture.pcap, we can read and display

the data using the -r flag. For instance: tcpdump -r capture.

pcap will replay the data saved in the le, capture.pcap. By

default, this will display the output to the screen. In reality, the

data is sent to STDOut (Standard Out), but for most purposes

the console and STDOut are one and the same thing.

Using BPF (Berkley Packet Filters), you can also restrict the

output - both collected and saved. In this way, you can collect

all data to and from a host and then strip selected ports (or

services) from this saved le. Some of the options that apply

to tcpdump include (quoted with alterations from the Redhattcpdump MAN le):

-A Print each packet (minus its link level header) in ASCII.

-c Exit after receiving a set number of packets (dened

after c).

-C Before writing a raw packet to a savele, check whether

the le is currently larger than a given le_size. Where

this is the case, close the current savele and open

a new one.

-d Dump the compiled packet-matching code in a human

readable form to standard output and stop.

-dd Dump packet-matching code as a C program fragment.

-ddd Dump packet-matching code as decimal numbers (prce

ded with a count).

-D Print the list of the network interfaces available on the

system and on which tcpdump can capture packets.

7/31/2019 eF Free 01.12. Teaser

11/1811www.eForensicsMag.com

COMPUTER

ADVANCED STEGANO-

GRAPHY: ADD SILENCETO SOUNDSteganography is a very comprehensive topic or all techno-geeks

because it involves such an interesting and comprehensive analysisto extract the truth, as we have heard this term many times in the

context o terrorist activities and their communications.

Steganography means covert writing: hiding condential

Information into a cover le. This cover le can be in the form

of pdf, xls, exe, jpeg, mp3 or mp4, etc.

Least Significant Bit (LSB) Method is very famous &

fascinating when Steganography is discussed because when

we discuss the case study of hiding a secret text behind an

image it actually sounds interesting, To understand this con-

cept, rst we need to understand how an image is classied

and what happens when a small bit is altered in an image

which has been described below:

Images are composed of small elements which are called

pixels and we have basically three types of images. A pixel is

the essential component of an image:

1) Black and white each pixel is composed of a single bit and

is either a zero or a one.2) Grayscale each pixel is composed of 8 bits (in rare cases,

16 bits) which denes the shade of grey of the pixel, from zero

(black) to 255 (white).

3) Full color also called 24-bit color as there are 3 primary

colors (red, green, blue), each of these are dened by 8 bits.

Although we can have different types of images, but we assu-

me that a grayscale image has been used and 8-bit grayscale

consists of pixels which have 28 = 256 possible levels of grey,

and each component in an image contributes its different parts

such as:

1. LSB (Least Significant Bit) contributes 1/256th of the

information

2. MSB (Most Significant Bit) contributes of the in-

formation

So, changing that LSB only affects 1/256th of the intensity

and humans simply cannot perceive a difference. In fact, it is

difcult to perceive a difference in 1/16th of an intensity chan-ge, so we can easily alter the 4 LSBs with little or no percep-

tible difference.

Here we have shown these two images which illustrates why

Steganography has become famous and how an image does

not get distorted even if we embed secret or condential in-

formation.

(Original Image)

7/31/2019 eF Free 01.12. Teaser

12/1812

COMPUTER

INVESTIGATING FRAUD

IN WINDOWS-BASED DRI-VING EXAMINATION

THEORY SYSTEMS AND

SOFTWAREFraud can take many orms, can take place practically anywhere, any

when and any how. Theoretical driving examinations are now com-

puterized in most parts o the world and the overwhelming majo-

rity o such systems tend to have some to no security at all, relying

instead on the invigilators o the exam to catch those suspected o

raud. But, what happens when the invigilators ail and you, the di-

gital orensic investigator, is asked to look into the case? Where does

one start, where does one go and where does one end up? What do

we investigate, how do we go about it and what tools with?

In this article, I will attempt to share my experiences investi-

gating such systems from the point of view of the digital foren-

sic investigator who rst arrives in the scene of the crime, from

the moment of arrival to the end report submitted to the client.

Let us, then, start our journey from the moment we (the di-

gital forensic investigators) get the fateful call, where we are

told its a case of fraud in the Driving Test Centre and we have

been called to investigate it and present a report.

To begin with, it should be stated that, as most driving test

centres are part of a countrys internal services, we are goingto always be dealing with a mixture of government ofcials (of

middle-management persuasion) and local law enforcement,

and we are always going to be needing to deal with red-tape

-style bureaucracy, where everything is moving much more

slowly than when dealing with the private sector.

This means we are going to be dealing with the nightmare

scenario where our crime scene is possibly several months

old and very seriously tainted (as non-essential government

bodies tend to respond fairly slowly and after much red-tape to

such cases), and where normal digital forensic processes and

practices dont usually work. The nightmare comes from the

fact that, in such a scenario, you cannot explicitly trust the data

you collect or any information that you are given and cannot

corroborate in a straightforward way.

The data has been tainted, the exams are running 2-3 times

a week and the test centre cannot be closed down for the du-ration of the investigation, so we are told we have to release

the (many, plus servers) computers within a very specic and

nite length of time (1-2 days at most).

So, we arrive in the vicinity of the crime scene (the building).

7/31/2019 eF Free 01.12. Teaser

13/1813www.eForensicsMag.com

COMPUTER

DRIVE AND PARTITION

CARVING PROCEDURESThis article is the start o a series o papers that will take the reader

through the process o carving fles rom a hard drive. We explore

the various partition types and how to determine these (even on

ormatted disks), learn what the starting sector o each partition isand also work through identiying the length the sector or each

partition. In this, we cover the last two bytes o the MBR and why

they are important to the orensic analyst. This process is one that

will help the budding analyst or tester in gaining an understanding

o drive partitions and hence how they can recover and carve these

rom a damaged or ormatted drive. We start by learning about hard

disk drive geometry.

This article is the start of a series of papers that will the re-

ader through the process of carving les from a hard drive.

We explore the various partition types and how to determine

these (even on formatted disks), learn what the starting sector

of each partition is and also work through identifying the length

the sector for each partition. In this, we cover the last two by-

tes of the MBR and why they are important to the forensic

analyst. This process is one that will help the budding analyst

or tester in gaining an understanding of drive partitions and

hence how they can recover and carve these from a damaged

or formatted drive. We start by learning about hard disk drivegeometry.

The format of this article is a step by step process that is de-

signed to take the reader through the analysis of a hard drive.

Although the process may vary somewhat for each drive, the

fundamentals remain the same and following these steps will

allow the analyst to recover drive partitions that have been

damaged or formatted even when the automated tools fail.

THE BEGINNINGThere are a number of commands we shall be using in this

article that are fairly standard on most Linux distros. In this

article, it is assumed that the analyst has already creates abitwise raw image of the hard disk drive to be examined using

dd or a similar tool.

The commands we will start with to copy our MBR (master

boot record):

dd if=Image.dd of=MBR.img bs=512 count=1

ls -al *img

khexedit MBR.img &

Here, we rst extract the MBR from our image le (in this case

IMG.dd) and extract the data to a le called MBR.img. Note

that we have extracted only the rst 512 bytes and we can vali-

date the size of this image le using the command ls -al *img.

MASTER BOOT RECORD (MBR)In most drive formats (there are exceptions with some RISC

systems etc.) that we will analyse, each Partition entry is al-

ways 16 bytes in length. More, the end of any MBR marker is

0x55AA (ALWAYS)! Many modern Linux, Macintosh and the

most recent of Intel PCs have started using GPT instead of

MBR. MBR limits the size of partitions to 2.19TB, this is why

it starts to be replaced. We will look at other partition formats

in later papers.

Partition Oset Byte Place

1st 0x01BE 446

2nd 0x01CE 462

3rd 0x01DE 478

4th 0x01EE 492

Table 1 The HDD table

7/31/2019 eF Free 01.12. Teaser

14/1814

A Network breach...Could cost your Job!

GENERAL SECURITY TRAININGCISSPTM CISSP & Exam PrepC)ISSO Certied Information Systems Security OcerC)SLO Certied Security Leadership OcerISCAP Info. Sys. Certication & Accred. Professional

PENETRATION TESTING (AKA ETHICAL HACKING)C)PTETM Certied Penetration Testing EngineerC)PTCTM Certied Penetration Testing Consultant

SECURE CODING TRAININGC)SCETM Certied Secure Coding Engineer

WIRELESS SECURITY TRAINING

C)WSETM Certied Wireless Security EngineerC)WNA/PTM Certied Wireless Network Associate / Professional

DR&BCP TRAININGDR/BCP Disaster Recovery & Business Continuity Planning

VIRTUALIZATION BEST PRACTICESC)SVMETM Certied Secure Virtual Machine Engineer

DIGITAL FORENSICSC)DFETM Certied Digital Forensics Examiner

ISYOURNETWORKSECU

RE?

W

orldwideLocations

Global I.T. Security Training & Consulting

In February 2002, Mile2 was established in response to thecritical need for an international team of IT security training

experts to mitigate threats to national and corporate secu-

rity far beyond USA borders in the aftermath of 9/11.

Other Mile2 services available Globally:

1. Penetration Testing

2. Vulnerability Assessments

3. Forensics Analysis & Expert Witnesses

4. PCI Compliance

5. Disaster Recovery & Business Continuity

We practice what

we teach.....

1-800-81-MILE2+1-813-920-6799

INFORMATION ASSURANCE

SERVICES

mile2 Boot Camps

www.mile2.com

TM

1. F2F Classroom Based Training

2. CBT Self Paced CBT

3. LOT Live Online Training

4. KIT Study Kits & Exams

5. LHE Live Hacking Labs (War-Room)

Available Training Formats

Other New Courses!!ITIL Foundations v.3 & v.4CompTIA Security+, Network+ISC CISSP & CAP

SANS GSLC GIAC Sec. Leadership CourseSANS 440 Top 20 Security ControlsSANS GCIH GIAC Cert Incident Handler

(ISC)2 & CISSP are service marks of the IISSCC. Inc. Security+ is a trade mark of

CompTIA. ITIL is a trade mark of OGC.GSLC & GCIH are trademarks of GIAC.11928 Sheldon Rd Tampa, FL 33626

http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/http://www.mile2.com/

7/31/2019 eF Free 01.12. Teaser

15/1815www.eForensicsMag.com

DATABASE

DETECTION OF

ATTACKSTHROUGH DEFAULT ACCO-

UNTS AND PASSWORDS IN

ORACLEAn Oracle database comes with many deault userids (and, worse,

well known deault passwords), which ideally shouldnt have a place

in a typical production database but database administrators may

have orgotten to remove the accounts or lock them ater setting up

production environment. This provides or one o the many ways an

adversary attacks a database system by attempting to guess the

presence o a deault userid and password, either by brute orce or

by a social engineering techniques. In this article you will learn how

to identiy such attacks and trace back to the source quickly and e-

ectively. You will also learn how to set up a honeypot to lure such

adversaries into attacking so as to disclose their identity. Besides,you will also be able to determine why a legitimate user account

gets locked out that needs unlocking or a password reset.

BACKGROUND

An Oracle database typically comes with several default ac-

counts. Some of them are necessary for database operations.

Examples of such userids are SYS and SYSTEM which have

the DBA privileges. Other default accounts such as SCOTT,SH, BI, etc. are for demonstration only and are never needed

by an application using that database. These accounts should

not have been created in the rst place. The database creation

assistant (DBCA) has a checkbox to install samples schema

(the SCOTT user), which should have been unchecked for a

production database. Many DBAs, while creating the databa-

se, likely ignore it resulting in the schema being present. In

other cases, the production database may be an upgrade from

its earlier incarnation as a development or QA database where

these sample schemas were indeed necessary and created.With the upgrade, these schemas have lost signicance; but in

the spirit of changing as little as possible during the database

upgrade, they are usually left untouched and continue to lin-

ger. Whatever the reason was, these default accounts leave a

backdoor entry to the database.

Another problem is the presence of default passwords.

7/31/2019 eF Free 01.12. Teaser

16/1816

In the Upcoming Issue of

Smartphone Forensics& More...

Available to download

on August 13th

I you would like to contact eForensics team, just send an email to en@eorensicsmag.com. We will

reply a.s.a.p.

eForensics Magazine has a rights to change the content o the next Magazine Edition.

FREE

http://www.senseofsecurity.com.au/

7/31/2019 eF Free 01.12. Teaser

17/1817www.eForensicsMag.com

Quality

ntegrity

Sense of SecurityCompliance, Protection

and

info@senseofsecurity.com.au

www.senseofsecurity.com.au

Now Hiring

Sense of Security is an Australian based information security and risk management consulting

practice. From our offices in Sydney and Melbourne we deliver industry leading services and

research to our clients locally, nationally and internationally.

Since our inception in 2002, our company has performed tremendously well. We thrive on teamwork, service excellence and leadership through research and innovation. We are seeking

talented people to join our team. If you are an experienced security consultant with a thorough

understanding of Networking, Operation Systems and Application Security, please apply with a

resume to careers@senseofsecurity.com.au and quote reference PTM-TS-12.

Teamwork

Innovation

Passion

http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/http://www.senseofsecurity.com.au/

7/31/2019 eF Free 01.12. Teaser

18/18

The Only Magazine about Pentesting

200 Pages of the BestTechnical Content Every

Month

8500 Readers

4 Specialized Issues

PenTest gives an excellent opportunity to observe security trends on the market for thereaders, and for companies to share their invaluable knowledge.

From theory to practice, from methodologies and standards totools and real-life solutions!

http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/http://pentestmag.com/