What harm is there in having private internal records in your external DNS servers? There are many opinions on this with a number of people saying that there's no real risk involved in exposing this data. In this episode we explore how an attacker could poll your external DNS server to expose this information, what the actual harm could be and how Split DNS solutions solve this problem.

The mapping tool described can be found here: http://it-audit.sans.org/community/downloads

DNS reconnaissance is a powerful way to research an organization's network infrastructure without ever tripping an alarm in the IDS/IPS if you know what you're doing. In this episode we take a look at a few items that should be examined when it comes the DNS configuration and demonstrate the kind of information that can be revealed when the DNS zone information hasn't been properly secured.

Of course, now that you can identify the security issues and know what questions to ask during an audit, you may want to know how you can prevent this problem! Tune in next week for an overview of the solution and things to look for to ensure that your network is properly protected from hackers!

The tool demonstrated here for the reverse network lookup recon is called "ReverseMapper" and can be obtained from http://it-audit.sans.org/community/downloads

Using a network sniffer like Wireshark is pretty easy to do, but network and security engineers only use a sniffer when they're troubleshooting or investigating. Are there any proactive tests that should be done on a network using a sniffer? Yes!

In this episode we take a look at a few basics about Wireshark and then jump right into a handy process that I often use when working with businesses of any size. It's not unusual to discover that unusual network protocols have crept in over the months and years, or to find that there are potentially serious layer 2 configuration issues creating security holes.

In Windows 7 and Vista, Microsoft seems to have gone out of its way to force us to drill through layers and layers of control panels. In this episode we take a look at a nifty easter egg that allows you to get all of those features and options into one easy to navigate spot!

This same feature, however, can be used to create an awesome local denial of service on Windows Server 2008! Watch the episode and see what the problem is and how to resolve it.

Information on how to exploit this feature can be found in the related show notes: http://it-audit.sans.org/blog/2011/08/22/windows-7-feature-windows-2008-local-denial-of-service/

Most IT auditors and security people are aware of the need to find and disconnect unauthorized access points connected to the corporate network. An equally troubling problem that is less often addressed is identifying whether or not your employees are using business assets to connect to access points that are outside of your control. We're not talking about Starbucks or McDonald's; we're talking about wireless access points that are in range from within your own building.

It's not unusual, especially in urban business environments or industrial parks to find that a large number of access points are visible to anyone in the periphery of the building. In these settings, businesses are often somewhat conscious of the need to secure access points with encryption, but unauthorized access points in another business or even private open access point can still mean trouble for you.

Visit the Show Notes for more details and the demonstrated script here: http://it-audit.sans.org/blog/2011/06/27/can-you-hear-me-now-show-notes-4

Powershell is fast becoming the way to perform many administrative tasks in Windows environments today. In this episode we build on the idea of extracting Active Directory User and Group information using DSQuery and DSGet, adding to it the ability to automatically process CSV files using Powershell.

The goal of the episode is to give you a quick and easy tool to allow you to compare the users who actually exist in your domain to the employees that Human Resources says that you have.

A copy of the script can be obtained from the show notes here: http://it-audit.sans.org/blog/2011/08/15/active-directory-user-auditing-automation-powershell/

Identifying stale user accounts is an age old problem that all administrators deal with. Accessing Active Directory through DSQuery provides some strong and easy to use mechanisms to quickly identify inactive User accounts and to find Computer accounts for systems that should have been removed from the domain. In this episode we'll demonstrate how to access this information and explain some of the caveats with the DSQuery and DSGet options.

The show notes for this episode have been posted here http://it-audit.sans.org/blog/2011/08/08/episode-10-shownotes-more-dsquery-magic

Active Directory under Windows 2003 and Windows 2008 can be a very powerful resource for both auditors and security researchers. In this episode we examine some uses of the DSQuery and DSGet tools.

How can you find out who the users are in your domain? Is there a way to easily extract all of the logon ids for all of the users? Is there an easy way to find out who the members of certain groups are? How about finding accounts that are set with a non-expiring password?

All of these things and more can be found with DSQuery and are demonstrated in this episode. For more information, the show notes are available at http://it-audit.sans.org/blog/2011/08/02/episode-9-easy-but-useful-windows-domain-queries/ as usual.

Please feel free to send in any questions or post comments over on the show notes!

Using a fuzzer isn't hard, but how can you narrow the thousands or millions of results down to what really matters? This episode explores the use of the WebScarab Search feature in conjunction with the fuzzer (discussed in Episode 7) to demonstrate exactly how to do this!

http://it-audit.sans.org/blog/2011/07/25/scaling-input-fuzzing-with-webscarab has the related show notes for this episode. As always, feel free to contact me with comments or questions. Either post them on the blog or contact me by email: dhoelzer at enclave forensics dot com.

WebScarab is a powerful tool for testing out many different aspects of a web application. One of the more tedious aspects of web application security validation is trying out all of the different possibilities for input on every form. What can we do to make our lives simpler? WebScarab to the rescue!

WebScarab ( http://owasp.org ) can be taught to automatically send pre-populated input to a form in a programmatic way. This means that once we create a file containing the tests that we'd like to run we can just point and click and away it goes!

In the episode you'll see that we're able to configure WebScarab to run millions of test cases against a form. Looking at the results summary page we can quickly see if any of those requests caused the application to crash (500 Internal Server Error). We'll look at some details of how to mine these thousands of results for useful data in a future episode.