GCIH GIAC Certified Incident Handler All-in-One Exam Guide

CHAPTER 11 Covering Tracks and Tunneling

In this chapter you will learn about

• Tampering with Windows and Linux/Unix logs

• Modifying shell history

• Hiding files using alternate data streams and steganography

• Tunneling techniques using various protocols like ICMP and TCP/IP

• Tools like Steghide, Streams, ImageMagick, icmpsh, and Covert_TCP

After an attacker has successfully infiltrated a network, accessed target machines, and established persistence, he will try to remove any tracks that can lead back to him. That way, he can access the target network every time he pleases, without any suspicious activities being flagged. In addition, alternate data streams (ADS) and steganography can be used to hide information, while a variety ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

GCIH GIAC Certified Incident Handler All-in-One Exam Guide by Nick Mitropoulos

CHAPTER 11

Covering Tracks and Tunneling

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly