Main Page
Welcome to
IOS Crash Analysis and Rootkit Wiki
!
Edit
Cisco IOS Forensics
Edit
Setup Essentials
Guide to
evidence preserving IOS Configurations
Traps and Pitfalls
that destroy evidence
Edit
Crash Analysis
Hackers guide to
reading crashinfo
How to
disable generating crashinfo file
?
Detection of successful exploitation
using IOS on-board tools
Edit
Crash Analysis using CIR
Initial crash analysis
using CIR Professional
Initial crash analysis
using CIR Online
Technical details about
interpreting CIR reports
Detections that should be supported in
future CIR Releases
Edit
Cisco IOS Attacks
Edit
IOS Exploitation
Introduction to IOS exploitation
Collection of public IOS exploits
Edit
IOS Rootkits
Introduction to IOS rootkits
History of IOS rootkits
(what happened and history, credits to past discoveries, etc.)
Threat analysis
(who do these threaten, how afraid or not should we be, what can organizations do?)
Edit
Network and Protocol Based Attacks
ARP spoofing
- very old but still powerful and in wide use
ICMP based attacks
you need to be aware of
Edit
General Information
Edit
Network Management Tools and Security
IOS on-board and networking tools
to detect mischief
Undocumented IOS command list
for reference
The command on IOS same as "netstat -na"
Edit
Opinions
Statements and writeups on the topic of IOS 0wnage
, feedback and suggestions.
Edit
Additional Resources