Critical Analysis of Security Tools Presentation Assignment Help

Slide 1

Hello everyone, today topic of my PowerPoint presentation is critical analysis of security tools.

Slide 2

In this power point presentation we will be discussing two of the security tools with their features and analysis .

Protecting our it environment is very critical. Every organization needs to take cyber security very seriously.

There are numbers of hacking attacks which affecting businesses of all sizes. Hackers, malware, viruses are some of the real security threats in the virtual world. It is essential that every company is aware of the dangerous security attacks and it is necessary to keep themselves secure. There are many different aspects of the cyber defense may need to be considered.

A pen test attempts the kind of attack a business might face from criminal hackers such as password cracking, code injection, and phishing. It involves a simulated real-world attack on a network or application. This tests can be performed by using manual or automated technologies to systematically evaluate servers, web applications, network devices, endpoints, wireless networks, mobile devices and other potential points of vulnerabilities.

Two of these security tools are burp suite and hydra which we will be discussing in the next slides

Slide 3

Burp suite

The startup wizard opens every time you launch burp. The wizard guides you through the following steps, some of which only need to be performed the first time you launch a new installation of burp.

1-to begin installing bur suite visit and select the get community option (the third one) to get bur suite for free

2-in the next screen click on “download the latest version” orange button to continue.

3-click on the green download button. Save the .sh script and give it execution permissions by running

Slide 4

4-a gui installer will prompt, press on “next” to continue.

5-leave the default installation directory (/opt/burpsuite community) unless you need a different location and press next to continue.

6-seek “create symlink” selected and leave the default directory and press next.

7-once the process ends click on finish.

8-from your x-window manager apps menu select bur suite, in my case it was located on the category “other”.

9-leave temporary project and press next.

10-leave use burp defaults and press start burp to launch the program.

11-you’ll see burpsuite main screen.

To launch burp suite, you can simply click on the installed application shortcut. On linux, the shortcut is located on the path that you selected during installation

Slide 5

To crack passwords a great tool to brute force is a hydra. It is a parallelized login cracker or password cracker. It was faster and flexible where adding modules is easy.

Hydra works by using different approaches of generating possible passwords, such as wordlist attacks, brute-force attacks and others.

Hydra usually comes preinstalled in the kali linux system but if in any case it is not installed or you are using any other distribution you can follow the steps in this article.

Installing from source repository

1-sudo apt-get install hydra-gtk

This command will directly install hydra from repositories, this will install the command-line version of hydra with front end gui on your linux system

2-it will enable all the optional modules and features with the exception of oracle, sap r/3, ncp, and the apple filling protocol. Once it is done now we need to clone the repository from git hub, use the command:

Git clone https://github.com/vanhauser-thc/thc-hydra.git

3-locate to the cloned folder directory in your terminal. Locate to the cloned folder directory in your terminal.

Slide 6

4-now if you see this kind of screen with a message “make”, follow the instructions. Use root privileges for “make install”.

5-go to your home directory and use “hydra -help” ensure hydra is installed properly and working well.

Slide 7

1 burp decoder is a simple but useful tool for encoding and decoding strings in multiple formats. In addition, burp decoder allows to create message digests for common hash functions, including md2, md5, sha, sha256, and sha512.

also, by using the smart decode button, burp will attempt to decode the content of a string by looking for recognizable formats.

Encoding strings in multiple formats is a very common technique to bypass security controls and filters.

2 burp scanner is a dynamic web application scanner, included in the professional edition of the burp suite.

The tool allows you to automatically scan websites and detect common security flaws, including but not limited to sql injection, cross-site scripting, xml injection, missing cookie flags (for example, httponly and secure), and so on.

Active scanning: in this mode, the detection of vulnerabilities is performed by sending http requests

Passive scanning: using this mode, burp scanner uses stored requests and responses to identify flaws.

Slide 8

3 uncovering access control vulnerabilities on large applications is a difficult task. Burp suite’s compare site maps functionality allows to compare two site maps and highlight differences. In a nutshell, this irreplaceable feature provides an easy way to map application resources using accounts with different access privileges and, sub-sequentially compare web responses.

This feature is available in both the professional and the free version of the tool.

4 this is a trial-and-error approach that requires patience and experience.

Burp repeater allows to modify each aspect of an http request and to send it multiple times.

Although burp repeater seems to be a very simple tool, it is actually very useful and incorporates some advanced functionalities

Slide 9

1- suppose you want to crack password for ftp (or any other) whose username is with you, you only wish to make a password brute force attack by using a dictionary to guess the valid password.

At that moment you should go with the following command where -l option enables username parameter and -p options enables dictionary for the password list.

As you can observe it has found 1 valid password: 123 for username: raj for ftp login.

2- suppose you want to crack username for ftp (or any other) whose password is with you, you only wish to make a username brute force attack by using a dictionary to guess the valid username. Hence it is a vice-versa situation compared to the above situation.

At that moment you should go with the following command where -l option enables dictionary for username list and -p options enables password parameter.

As you can observe it has found 1 valid username: raj for the password: 123 ftp login

Slide 10

3- suppose you want to crack username and password for ftp (or any other), wish to make username and password brute force attack by using a dictionary to guess the valid combination

At that moment you should go with the following command where -l option enables dictionary for username list and – p options enables dictionary for a password list.

Hydra -l user.txt -p pass.txt 192.168.1.108 ftp

As you can observe it has found 1 valid username: raj for password: 123 ftp login

4- if you want to use a user-pass dictionary on multiple hosts in a network then you can use -m option that enables the host list parameter and make brute force attack using the same dictionary and will try the same number of login attempt on each host ip mentioned in the host’s list.

Here you can observe i had saved two host ip in a text file and then used the following command to make brute force attack on multiple hosts by using the same dictionary.

Hydra -l user.txt -p pass.txt -m hosts.txt ftp

As you can observe it has found 2 valid ftp logins for each host.