Objectives:
- Students will examine information leakage through the process of reverse engineering.
- Students will examine the inadequacies and issues of configuration guides.
- Students will evaluate the process of reverse engineering.
- Students will determine threat categories and taxonomy of mitigations.
Directions:
This lab will take a bit of a leap of faith. It is possible reverse engineer exploit strategies based on the methods used to protect operating systems or computing systems. Since the original Rainbow Series was published those wishing to exploit systems have used the measures to protect systems against them.
Consider the various documents produced by NIST or the vendors and you have a good idea of the concepts of patch, and configuration used to protect systems. What this task basically is about is reverse engineering the documentation to create the threat matrix required for attack. Few if any system administrators actually use the documentation to the fullest extent. To make matters worse there is always a difference between the known vulnerabilities against systems and the documentation produced to protect them.
Each team will pick one document and declare that prior to starting. Upon instructor sign off they may begin the process of reverse engineering the exploit matrix.
1) Take the chosen document and for each configuration or change to the system identify what the change is accomplishing.
2) Identify where on the OSI 7 Layer model the change is meant to protect (or choose the most likely).
3) Define on the Mccumber Cube model what security service etc. is being acted upon.
4) Use a table to accomplish this.
5) Prepare a list for each identified exploit/threat.
6) What about roll up, or large scale security patches? Examine the documentation for the likely exploits or security issues patched.
7) Using your previous work take the list of issues, and find tools that will be associated with each issue. Create a table or matrix.
8) Test your hypothesis of exploits that should work.
Special Directions:
Instructor sign off required before starting.
Follow the syllabus.
Make sure your write up follows the agreed upon format.
