Welcome to
IOS Crash Analysis and Rootkit Wiki!
EditCisco IOS Forensics
EditSetup Essentials
Guide to
evidence preserving IOS ConfigurationsTraps and Pitfalls that destroy evidence
EditCrash Analysis
Hackers guide to
reading crashinfoHow to
disable generating crashinfo file?
Detection of successful exploitation using IOS on-board tools
EditCrash Analysis using CIR
Initial crash analysis
using CIR ProfessionalInitial crash analysis
using CIR OnlineTechnical details about
interpreting CIR reportsDetections that should be supported in
future CIR ReleasesEditCisco IOS Attacks
EditIOS Exploitation
Introduction to IOS exploitationCollection of public IOS exploitsEditIOS Rootkits
Introduction to IOS rootkitsHistory of IOS rootkits (what happened and history, credits to past discoveries, etc.)
Threat analysis (who do these threaten, how afraid or not should we be, what can organizations do?)
Introduction to the creation of IOS rootkits (topo?)
Discovering IOS rootkitsEditNetwork and Protocol Based Attacks
ARP spoofing - very old but still powerful and in wide use
ICMP based attacks you need to be aware of
Route injection attacks using interior and exterior routing protocols
Fail-over protocol hijacking (e.g. HSRP, VRRP)
EditGeneral Information
EditNetwork Management Tools and Security
IOS on-board and networking tools to detect mischief
Undocumented IOS command list for reference
The command on IOS same as "netstat -na"EditOpinions
Statements and writeups on the topic of IOS 0wnageEditAdditional Resources
Arizona Web Design