Académique Documents
Professionnel Documents
Culture Documents
wget http://yum.centreon.com/standard/3.0/stable/ces-
standard.repo -O /etc/yum.repos.d/ces-standard.repo
ADVANCED VMWARE
SECURITY
Improved Security!
Rockville, MD 4/29/2013
Ottawa, ON 5/27/2013
ONLINE 6/03/2013
Cloud Security,
Ultimate Bootcamp
VMware vSphere
5.0 Advanced
Administration &
VCAP5-DCA Prep
Dear Readers,
ewelina.nazarczuk@hakin9.org
team
Dhawal Desai
Samborski
ewa.dudzic@hakin9.org
krzysztof.samborski@hakin9.org
Wi-Fi. It is the guidebook for those who would like to know the
there. For some of you it will be a great repetition, and for the
give you a big set of information in one piece, which you can
Regards,
Ewelina Nazarczuk
andrzej.kuca@hakin9.org
ewelina.nazarczuk@hakin9.org
ireneusz.pogroszewski@software.com.pl
www.hakin9.org/en
Danny Wong, CISSP, CISA, CEH, PMP, ITIL, MCT, MCSE, MCITP,
MCTS
Access Point
16
DISCLAIMER!
WIRESHARK BASICS
Administration Tool 36
TBO 01/2013CONTENTS
Hacker or Analyzer 50
Wireshark Overview 54
Anand Singh
Consultant
to Network Scanning
58
62
Computer Security
70
76
96
102
poration
State of Security in the App Economy:
106
114
www.hakin9.org/en
122
Wireshark/LUA 126
Cooja simulator
130
136
Center Professional
Open Networks
Social Engineering
Cannot Aford It
170
WIRESHARK ADVANCED
CYBERSECURITY
Using Wireshark
118
WIRELESS SECURITY
on a Raspberry Pi
with Wireshark
Extra
Ewelina Nazarczuk
172
Hacking Wireless in
2013
network which you do not own, unless you have the explicit
written
approved networks.
• A computer.
AWUS036H.
(Backtrack, 2012):
webhandler
phone-pentest-framework fern-wifi-cracker
powersploit webhandler
• http://downloads.skullsecurity.org/passwords/
• ftp://ftp.openwall.com/pub/wordlists/
• http://ftp.sunet.se/pub/security/tools/net/Op-
enwall/wordlists/
• http://gdataonline.com/downloads/GDict/
• http://www.theargon.com/achilles/wordlists/
• http://www.vulnerabilityassessment.co.uk/
passwords.htm
• http://www.word-list.com/
\Applications\Accessories\Terminal ),
and
suite
rodump-ng, aireplay-ng.
Cracking WEP
word is toor.
• At the command prompt type “startx” to bring up
www.hakin9.org/en
Figure 2. Wlan0
5).
ure 7).
scanning.
1 -a 00:24:01:00:00:00 -h
00:11:33:55:77:99
start wlan0
crack.
cap and let it run its course until the key is dis-
covered.
Cracking WPA
aireplay-ng -0 1 –a 00:11:33:22:44:66:55 –c
33:68:A3:11:22:FF mon0 .
tion.
command on.
wpacrack001.cap
REAVER
airodump-ng wlan0
8 8 0123456789 abcdefghijklmnopqrstuvwxyz |
www.hakin9.org/en
\Backtrack\
Access
Fern
by
opening
Wireless
Tools\fern-wifi-cracker (Figure 12
(Figure 15).
Conclusion
10
needs.
References
•
BackTrack (2012). Upgrading from BackTrack 5 R2
backtrack-linux.org/backtrack/upgrade-from-back-
track-5-r2-to-backtrack-5-r3/
Terrance Stachowski
www.hakin9.org/en
Hacking Wi-Fi
Networks
In an Enterprise Infrastructure where your Wi-Fi network is
breached,
incident.
Reconnaissance
12
Scanning
(802.11a, b, g, n)
802.1x (RADIUS/EAP)
Integrity Protocol)
(A network detector)
LANs.)
sis tool)
WARNING
Gaining Access
Internet
Slate Device
Databases Portals
Internal Firewall
Access Point
Laptop Device
Mobile Device
Web Farm
Demilitarized Zone
Internal Network
Chronological Order
www.hakin9.org/en
highly appropriate.
the attack.
14
nor deterrence.
Maintaining Access
Covering Tracks
www.hakin9.org/en
Conclusion
Danny Wong
CEH, PMP, ITIL, MCT, MCSE, MCITP and MCTS. When not at
work, Danny spends all his time with his wife and children.
Security Through
Obscurity:
intended for any malicious use and hacking into any WAP without
the
Laptop
Virtual Machine
BackTrack
Introduction
Advantages
•
•
No wires
Disadvantages
16
• Frequency interference
emanated.
Laptop
X86-based PC.
Virtual Machine
tual machine.
BackTrack
who want to get their hands dirty with all the best
www.hakin9.org/en
Encryption details
plaintext
size (WEP-104).
possible keys.
of that is for the IV, leaving 232 bits for actual pro-
Flaws
attack.
tial targets.
Before we begin looking for networks, we must
Authentication
Key authentication.
correct keys.
response handshake:
clear-text challenge.
The client encrypts the challenge-text using the
authentication request.
18
wash -i mon0
Figure 6.
Collecting Data
ents will show up. The upper data block shows the
WAPs found and the lower data block shows the Cli-
xx:xx:xx:xx:38
hackin9file mon0”
-h 00:xx:xx:xx:xx:C2 mon0
www.hakin9.org/en
Packet Injection
00:xx:xx:xx:xx:C2 mon0 .
Where -3 is for the ARP request replay attack, -b
ure 11).
De-Authentication
aireplay-ng -0 2 -a 68:xx:xx:xx:xx:3D -c
C4:xx:xx:xx:xx:38 mon0
hackin9file-01.cap
hackin9file2-01.cap
WEP key:
aircrack-ng hackin9file2-01.cap
Summary
20
Security
Weak password
www.hakin9.org/en
Chipset Confirmation
The initial step to any successful attack on Wire-
airmon-ng
Snifng
C4:xx:xx:xx:xx:38 respectively.
Collecting Data
is a handshake.
hackin9wpa mon0
ing broadcast
lowing command
xx:xx:xx:xx:38 mon0
De-Authentication
(ARP) requests
22
cracking speed.
Since we have gotten the handshake we’ll stop
Desktop/darkc0de.lst’ ‘/root/hackin9wpa-01.cap’.
Summary
With WPA you can only decrypt once you get the
possible to crack.
Detection System)
Architecture
Bamidele Ajayi
www.hakin9.org/en
Bamidele Ajayi (OCP, MCTS, MCITP EA,
Wireshark – Hacking
Wi-Fi Tool
incidents.
sources is granted.
Capture Options
24
networks.
Packets Capture
Interface Chipset
Driver
Inspecting Packets
packets.
Display filters
new filter.
only:
wlan.fc.protected
Figure 1. Capture-interface
www.hakin9.org/en
wlan.fc.protected ne 1
wlan.bssid eq 00:11:22:33:44:55
fc.type_subtype eq 0
== 192.168.2.102
text “admin”:
Figure 2. Wireshark-deauth-attack
26
wlan.fc.type == 0
wlan.fc.type == 1
wlan.fc.type == 2
wlan.fc.type_subtype
wlan.fc.type_subtype
wlan.fc.type_subtype
wlan.fc.type_subtype
wlan.fc.type_subtype
wlan.fc.type_subtype
wlan.fc.type_subtype
==
==
==
==
==
==
==
Management frames
Control frames
Data frames
Association request
Association response
Reassociation request
Reassociation response
Probe request
Probe response
Beacon
Figure 3. Wireshark-http-pass-snif
www.hakin9.org/en
conclusion.
FTP is one of the most commonly used means
00:11:22:33:44:55
Figure 6. Wireshark-decrypted-tkip-snifng-ftp-pass
28
Figure 7. Wireshark-snifng-facebook-chat
about SSL.
tion cookies.
Conclusion
MI1
guage.
Introduction to
Wireless Hacking
Methods
30
configurations.
navigation.
Disclaimer
wireless attacks.
tification documents.
forcement.
wireless router?
aircrack-ng
www.hakin9.org/en
This tool looks for WEP IVS flags and WPA hand-
aireplay-ng
aircrack-ng
airmon-ng
away.
Kismet
within minutes.
Step 1 – Anonymization
Syntax:
Result
Figure 1.
Syntax
airodump-ng
Syntax
network_test.ivs
32
20:4E:7F:46:36:F2 -h 00:12:34:56:78:90
at the router.
20:43:7F:46:36:F2 -h 00:12:34:56:78:90
(Figure 6).
After approximately 20,000 packets are collect-
aircrack-ng .
options.
Syntax
routers?
word.
Client Device
www.hakin9.org/en
airodump-ng
Cracking
Enterprise
rate environments.
Cracking Trafc
34
with a Wordlist
another article.
process.
Resources
•
•
Aircrack-NG – http://www.aircrack-ng.org
Kismet – http://www.kismetwireless.com
rity/gerix-wifi-cracker
org/jasager/
WifiteV2 – https://code.google.com/p/wifite/
derlab.net/projects/WPA-tables/
reaver-wps – https://code.google.com/p/reaver-wps/
OSINT References
www.securityfocus.com/news/8835
mes.com/2010/11/14/magazine/14Hacker-t.html?pa-
gewanted=all
Wi-Fite v2
Conclusion
terprise assessments.
Attackers and pen-testers are no longer required
www.hakin9.org/en
Alexander Heid
hackmiami on Twitter.
35WIRESHARK BASICs
Wireshark
format.
Features of Wireshark
shark understands.
• Supports tcpdump capture filters.
“editcap” program.
tocols.
gzip files
36
Figure 3. Packet Capture
interface (Figure 1). Or you can go to the menu bar and click on
Cap-
generated.
files.
with Wireshark
www.hakin9.org/en
37WIRESHARK BASICs
terest.
into the filter box at the top of the window and click-
38
Operators
Equal: eq, = =
Example
= = “GET” into the Display Filter box and get all the
Security?
allow it.
(Figure 13).
www.hakin9.org/en
39WIRESHARK BASICs
and PSH flags set and gets RST ACK reply back.
will simply drop the packet and not respond. So someone has
already clicked, despite all the
that no matter what you do, the user will always fall
machine.
X-Mas Scan
40
(Figure 15).
www.hakin9.org/en
Arun Chauchan
t
41WIRESHARK BASICs
Wireshark – Sharks on
the Wire
History
42
analysis.
TCP/IP Basics
tocol today.
dresses.
that the first 24 bits from the address are the net-
work and the remaining bits are the node. With this
not so important.
SIP
Wireless, DSL
Presentation (6)
Session (5)
Physical (1)
1. eth0
2. eth1
4. lo
Capturing on eth0
6 packets captured
[~]#
www.hakin9.org/en
all interfaces)
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
98
98
98
98
98
98
Echo
Echo
Echo
Echo
Echo
Echo
(ping)
(ping)
(ping)
(ping)
(ping)
(ping)
43WIRESHARK BASICs
Getting started with captures
line options.
loopback)
-b <capture
ring bufer
NUM seconds
or stdin!)
-R <read
filter> packet filter in Wireshark display filter
syntax
Capturing on eth1
108
44
rity analysis, like this one for the blaster worm dst
line with the capinfos tool (Listing 4). The most im-
Capturing on eth0
TSval=70646111 TSecr=641801134
<output omitted>
42 packets dropped
36 packets captured
[~]$
Capturing on eth1
1 packet captured
[~]$
[~]$capinfos /tmp/out.pcap
File name:
/tmp/out.pcap
File type:
Wireshark - pcapng
File size:
29260904 bytes
Data size:
28300663 bytes
Start time:
End time:
www.hakin9.org/en
604322.15 bytes/sec
4834577.20 bits/sec
SHA1:
5284fc1b1d17836b0670ec07f751ad38369f49fb
RIPEMD160:
4fd2e5e6ad5d0577aad6391e77aca5a4d1d2357
MD5:
f1fd14e630f7bffcd8f292545113dd1
[~]
45WIRESHARK BASICs
ture built in. However, you can export the data into
Where to capture
quote=d -E occurrence=f
frame.number,frame.time_relative,ip.src,ip.dst,ip.proto,frame.len
,tcp.analysis.ack_rtt
“1”,”0.000000000”,”10.0.12.10”,”174.137.42.75”,”6”,”74”,
“2”,”0.183815000”,”174.137.42.75”,”10.0.12.10”,”6”,”74”,”0.18
3815000”
“3”,”0.183845000”,”10.0.12.10”,”174.137.42.75”,”6”,”66”,”0.00
0030000”
“4”,”0.184419000”,”10.0.12.10”,”174.137.42.75”,”6”,”241”,
“5”,”0.371743000”,”174.137.42.75”,”10.0.12.10”,”6”,”66”,”0.18
7324000”
46
#configure terminal
#configure terminal
(config-ext-nacl)#
Configuration:
#! export capture
www.hakin9.org/en
47WIRESHARK BASICs
ting up the wrong mirror port, you might see not the
On the Web
libpcap
https://www.cisco.com/en/US/customer/products/hw/
switches/ps708/products_tech_note09186a008015c612.
https://www.cisco.com/en/US/docs/ios-xml/ios/epc/
Capture
https://supportforums.cisco.com/docs/DOC-1222 – Cisco
http://www.aircrack-ng.org/doku.php?id=airmon-ng
– airmon-ng script
Glossary
•
•
IP – Internet Protocol
IPv6 – IP Version 4
Summary
Patrick Preuss
48
Wireshark:
environment knowledge.
ernet cable.
Overview
• Zero Window
• Window is Full
• Keep-Alive
• Window Update
snifer tool
50
IP Internet Protocol
Communications)
• Retransmissions/Fast Retransmissions
• Duplicate ACKs
sage debugging.
www.hakin9.org/en
51WIRESHARK BASICs
Wireshark:
• Start Wireshark.
ure 2).
diagram)
52
Conclusion
Anand Singh
Professional
e-Security
policy!
security!
SABSA Foundation
SABSA Advanced
(SCP).
http://www.imfacademy.com/partner/hakin9
IMF Academy
info@imfacademy.com
Wireshark Overview
protocols. It has many other features as well but if you are new
the
libpcap library.
Pcap. http://wiki.wireshark.org/CaptureSetup
using WireShark.
packet analyzer,
tion sorting and filtering options. Make sure that you have the
permission to capture
Features
protocols.
shark.org/download.html
54
General Setup
abled.
(root).
to be correct
Capturing data
• Specific Interface
• Analyzing
• Time to capture
• Source IP address
• Destination IP address
• Protocol used
• Information (Figure 3)
• Filters (Figure 5)
• Capture Filters
• Display Filters
our interest.
Comparison operators
•
•
ge,
ne,
eq,
lt,
gt,
le,
!= Not Equal
== Equal
Logical Expressions
• or, || Logical OR
• not, ! Logical NOT
• REDIRECTION happens.
http.location[0:4]=="http"
http.content_type[0:4] == "text"
Figure 5. Filters
www.hakin9.org/en
• ip.addr == 192.100.10.11
• http.request.
• tcp.dstport == 25
• tcp.flags
55WIRESHARK BASICs
References
• www.wireshark.org
inbound trafc,
Nitish Mehta
56
www.titania.com
SME
pricing from
£650
scaling to
enterprise level
evaluate for free at
www.titania.comWIRELESS SECURITY
58
Syntax:
targets:
# nmap –n –D decoy1-ip,decoy2-ip,decoy3-ip
proves to be efective.
Web Applications
application.
dex.../OWASP_Zed_Attack_Proxy_Project).
www.hakin9.org/en
59WIRELESS SECURITY
exploits
network scan.
Whoisloggedinwhere
Addresses.
Conclusion
60
@echo of
setlocal
for /f "Tokens=1" %%c in ('net view
/domain:"%USERDOMAIN%"^|Findstr /L /C:"\\"') do (
-L %%c^|find /i "%USERDOMAIN%\"') do (
endlocal
goto :EOF
:report
set work=%1
set comp=%work:~2%
set user=%2
set user=%user:"=%
Court Graham
sented to it.
www.hakin9.org/enWIRELESS SECURITY
If you’re one of the regular readers of Hakin9, then you know that
there
works.
62
Wireshark Architectures
ditions.
net trafc.
ating system).
most people.
Broadband Modem
www.hakin9.org/en
nal that enters into the hub through any of its con-
ethernet
connector
ethernet
connector
2
ethernet
connector
ethernet
connector
64
Router.
like Figure 7.
Section 1 of 3
www.hakin9.org/enWIRELESS SECURITY
Section 2 of 3
A Protocol Interpretation Area revealing additional
66
dardized it.
Section 3 of 3
Capture Everything!
see the first line expanded, revealing details about the entire,
stop capturing.
At this point you can use the “Save As” option from
amination.
www.hakin9.org/en
er it uses....
packet
67WIRELESS SECURITY
ented trafc).
Conclusions
exchange.
Bob Bosen
display filter. In this case, the filter will exclude all frames
68
on a Raspberry Pi
Pi and the new Kali Linux. You will also see how some common
wireless
tests.
Note
70
rate of 15MB/s.
dows system.
to expand it.
testing platform!
To do so:
Windows 7 System
www.hakin9.org/en
Number
71WIRELESS SECURITY
Username: root
Password: toor
That’s it!
ish installation.
72
@kali:/# xfce4-session
an antenna.
up (Figure 8).
can see.
SSID=Hidden
of Wireshark.
faces!
Windows system.
www.hakin9.org/en
73WIRELESS SECURITY
this example.
with Fern).
network if necessary.
Conclusion
Scanning
74
pentesting.
password key.
References
loads/)
projects/win32diskimager/)
org.uk/~sgtatham/putty/download.html)
jects/xming/)
tine.
Daniel Dieterle
be reached at cyberarms@live.com.
www.hakin9.org/enWIRELESS SECURITY
Using Wireshark
to Analyze a Wireless Protocol
Control Plane
User Plane
76
MM
CMCE
PD
Layer 2
Physical Layer
Layer 1
(SAPs).
primitive.
MSC
AZ Interface
Signaling/trafc data
BSC
Signaling
Trafc data
Monitoring Computer
with Wireshark
systems.
works
tor Protocol.
UDP Header
TMV-SAP
Command
type
1 byte
Carrier
number
1 byte
Timer Register
4 bytes 4 bytes
PDU Data
FPGA
TMP Header
www.hakin9.org/en
77WIRELESS SECURITY
Command
1 TMV-UNITDATA
2 TMV-UNITDATA
to the BS.
received
127 TMV-UNITDATA
layer.
128
TMV-UNITDATA
request Done
MAC layer.
number
10:6 FN frame number
31:13 Reserved
78
ent carrier.
channel
10 2 logical
channels
Reserved Reserved
0 OK
1 Error
0 OK
1 Error
2 CRC1
3 CRC2
31:12 Reserved
Reserved
1 AACH
2 SCH/F
01 2 logical
channels 6 BNCH
7 TCH/F
10 3 logical
channels 8 TCH/H
9 TCH/2.4
10 TCH/4.8
11 STCH
12 TCH/7.2
15 SCH/HU
Others Reserved
Reserved Reserved
0000 Reserved
31:18 Reserved
Reserved
Reserved
Reserved
TETRA protocol.
primitives.
to C:\Program Files\Wireshark/plugins/<VERSION
packet dissection.
538 {
539
540
541
if (!initialized) {
542
data_handle = find_dissector(“data”);
543
tetra_handle = create_dissector_handle(dissect_tetra,
proto_tetra);
544
545
546
547 }
www.hakin9.org/en
79WIRELESS SECURITY
packet.
or multiple dissections.
ed to dissector development.
a TETRA PDU.
80
......
optional-elements CHOICE
no-type2 NULL,
type2-parameters SEQUENCE {
.....
......
......
called-party-mnc CHOICE {
none NULL,
......
in Wireshark.
2130 D-CONNECT::=
2131
SEQUENCE{
2132
2133
2134
hook-method-selection BOOLEAN,
2135
2136
2137
2138
call-ownership INTEGER (0..1) ,
2139
optional-elements CHOICE{
2140
no-type2 NULL,
2141
type2-parameters SEQUENCE {
2142
2143
Basic-service-information},
2144
address-type},
2145
INTEGER (0..63)},
2146
2147
2148
}
2149 }
www.hakin9.org/en
81WIRELESS SECURITY
Asn2wrs Compiler
codes.
Further improvements
TMV-UNITDATA request
primitive tetra.txreg
TMV-UNITDATA indication
primitive tetra.rvster
tetra.MAC_ACCESS
Expert information
......
else
CHECKSUM, PI_WARN,
port it as a warning.
114 %(DEFAULT_BODY)s
115
col_append_sep_str(actx->pinfo-
“D-CONNECT”);
116 #.END
82
Tap listener
ple code:
going to “tap” */
0,
tetra_stats_tree_packet, /* the
callback */
On the Web
http://www.codeproject.com/Articles/19426/Creating-
TRA project
http://www.itu.int/ITU-T/asn1/introduction/index.htm
– Introduction to ASN.1
LI Hai
www.hakin9.org/en
83WIRELESS SECURITY
Wi-Fi Security
Back to the revolving door that is Wi-Fi security and why broadly
diverse
84
www.hakin9.org/en
85WIRELESS SECURITY
Jonathan Wiggs
86
his experiences with his peers, and giving back to the in-
dustry he has loved for more than twenty years. Contact
Jonathan at jon_wiggs@yahoo.com.
Relationships
TrustSphere
www.TrustSphere.com
3 Phillip Street
with Wireshark
For many years, Wireshark has been used to capture and decode
data
Wireshark on Windows
88
# ls -l /dev/bpf*
crw-rw-rw-
crw-rw-rw-
crw-rw-rw-
crw-rw-rw-
root
root
root
root
admin
admin
admin
admin
23,
23,
23,
23,
Oct
Oct
Oct
Oct
06:31
06:31
06:31
06:31
the your supplied set of WEP keys. That is, the driv-
er will try all of the WEP keys for each frame until
it finds one that decrypts the frame. By configuring
tional or directional.
References
• AirPcap Home Page – http://www.riverbed.
com/us/products/cascade/wireshark_enhance-
ments/airpcap.php
www.cacetech.com/products/catalog/
Wireshark on MAC OS X
www.hakin9.org/en
/dev/bpf0
/dev/bpf1
/dev/bpf2
/dev/bpf3
/dev/bpf*
Listing 1.
Next, create a symbolic link to the airport utility,
this will prevent you from typing the whole path ev-
ery time:
# ln -s sudo /System/Library/PrivateFrameworks/
Apple80211.framework/Versions/Current/Resources
/usr/sbin/airport
# airport -I
agrCtlRSSI:
agrExtRSSI:
agrCtlNoise:
agrExtNoise:
state:
op mode:
lastTxRate:
maxRate:
lastAssocStatus:
802.11 auth:
link auth:
BSSID:
SSID:
MCS:
channel:
-73
-91
running
station
18
54
open
wpa2-psk
10:84:d:e4:b8:7f
xtnet
-1
11
89WIRELESS SECURITY
php?id=compatibility_drivers.
# sudo airport -z -c 11
put: Listing 2.
at: http://www.wireshark.org/download.html.
on interface en1.
Note
another.
airmon-ng
# airport -s
SSID
linksys
bing
NETGEAR
BELL789
lolo
xxtnet5
xxtnet
Belkin
90
BSSID
00:18:f8:ef:93:af
10:c8:d0:1a:e4:f3
00:0f:b5:5d:06:0c
c0:83:0a:53:b7:41
00:22:b0:d2:63:67
10:84:0d:f4:c8:80
20:54:4d:d4:98:4f
00:1c:df:39:81:f6
RSSI
-87
-90
-89
-88
-89
-63
-64
-84
CHANNEL
10
11
11
1,+1
36,+1
11
11
HT
CC
--
CA
--
US
--
CA
CA
--
SECURITY (auth/unicast/group)
NONE
WPA2(PSK/AES/AES)
WPA(PSK/TKIP/TKIP)
WEP
WEP
WPA(PSK/TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
WPA(PSK/TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
WPA(PSK/TKIP/TKIP)
# airmon-ng
# airmon-ng
default value).
command.
Note
www.hakin9.org/en
References
track-linux.org/wiki/index.php/Persistent_USB
ng.org/
# ls kismet*
Kismet-20121004-13-37-22-1.alert
Kismet-20121004-13-37-22-1.gpsxml
Kismet-20121004-13-37-22-1.nettxt
Kismet-20121004-13-37-22-1.netxml
Kismet-20121004-13-37-22-1.pcapdump
hh-mm-ss-sequence# .
91WIRELESS SECURITY
faces:
# airmon-ng
# iwconfig
lo
eth0
eth1
no wireless extensions.
no wireless extensions.
unassociated ESSID:of/any
Tx-Power=20 dBm
Sensitivity=8/0
Retry limit:7
Encryption key:of
Power Management:of
Missed beacon:0
wmaster0
no wireless extensions.
wlan0
Tx-Power=27 dBm
RTS thr:of
Fragment thr=2352 B
Encryption key:of
Power Management:of
Missed beacon:0
RTS thr:of
Fragment thr=2352 B
Encryption key:of
Power Management:of
92
# wireshark Kismet-20121004-13-37-22-1.pcapdump
pcapdumpformat=80211
References
less.net/
metwireless.net/documentation.shtml
working.
www.hakin9.org/en
LAP Configuration
Wireshark Configuration
or PEEKREMOTE
93WIRELESS SECURITY
difcult to read.
capture
(Figure 6)
References
415
www.cisco.com/en/US/products/hw/wireless/
index.html
www.wireshark.org/docs/dfref/a/airopeek.html;
http://www.wireshark.org/docs/dfref/p/peekre-
mote.html
Conclusion
94
STEVE WILLIAMS
info@sudonetworks.com.
An Introduction
of Wi-Fi Networks
work. Diivided into stages, the sum of which has created the
Internet as
we know it today. The first projects of this idea were born in the
1960’s
alarming rate.
S
tarting with approx 1000 computers in 1984 to
train stations.
history of computers?
96
the mother.
of 128, 192 and 256 bit, and it’s pretty fast both in
(henceforth AP).
but that does not mean that those who use Mac or
Windows can not use this guide with a few tweaks.
WPA
org/downloads.html
tar-xzvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1
by WEP or WPA/WPA2
• ESSID – The name of your wireless network
-w handshake mon0
the download):
so known as RFMON.
with an AP, then: If the password is not in our list, the crack will
fail.
cloudcracker.com/.
code.google.com/p/reaver-wps/.
$ airodump-ng wlan0
operates.
www.hakin9.org/en
WPS Crack
97WIRELESS SECURITY
the first part of the pin and only 1,000 for the second
$
$
cd reaver-1.4
cd src
./configure
$ ifconfig t0 up
$ ifconfig t0 10.0.0.1 netmask 255.255.255.0
configuration.
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;
$ wash -i mon0
seconds / attempt)
[+] WPS PIN: ‘XXXXXXXX’
Done!
98
file:
$ /etc/init.d/dhcpd3 restart
$ airmon-ng start wlan0 Now the last step is to enable the packet
forward-
$ ifconfig eth0 up
Wireshark
Figure 2.
troubleshooting: Figure 6.
Figure 1. Wireshark
Figure 5. Filterbox
www.hakin9.org/en
99WIRELESS SECURITY
in future articles.
Alessio Garofalo
100
Decoding
Encryption Basics
#define OUI_BLUETOOTH
0x001958 /*
Bluetooth SIG */
void proto_register_bt_oui(void)
{ &hf_llc_bluetooth_pid,
{ “PID”,
“llc.bluetooth_pid”,
FT_UINT16, BASE_HEX,
VALS(bluetooth_pid_vals), 0x0,
};
}
llc_add_oui(OUI_BLUETOOTH, “llc.bluetooth_
hf);
102
#define
#define
#define
#define
#define
AMP_U_L2CAP 0x0001
AMP_C_ACTIVITY_REPORT 0x0002
AMP_C_SECURITY_FRAME 0x0003
AMP_C_LINK_SUP_REQUEST 0x0004
AMP_C_LINK_SUP_REPLY 0x0005
{ 0, NULL }
};
void proto_reg_handof_bt_oui(void)
dissector_handle_t eapol_handle;
dissector_handle_t btl2cap_handle;
eapol_handle = find_dissector(“eapol”);
btl2cap_handle = find_dissector(“btl2cap”);
dissector_add_uint(“llc.bluetooth_pid”, AMP_C_SECURITY_FRAME,
eapol_handle);
dissector_add_uint(“llc.bluetooth_pid”, AMP_U_L2CAP,
btl2cap_handle);
};
0xAA,
/*
0x03,
/*
0x00, 0x03
/*
SSAP=SNAP */
if (memcmp(data+ofset, dot1x_header, 8) == 0 ||
memcmp(data+ofset, bt_dot1x_header, 8) == 0) {
www.hakin9.org/en
103WIRELESS SECURITY
see [3].
info.
LLC.
it is shown in Listing 1.
crypted frames.
/var/lib/bluetooth/<MAC Address>/linkkeys .
Dedicated_AMP_Link_Key
104
Over Wireless
HMAC-SHA-256(GAMP_LK,
References
Pages/High-Speed.aspx
www.bluetooth.org/docman/handlers/download-
doc.ashx?doc_id=229737
dards.ieee.org/getieee802/download/802.11i-2004.pdf
Figure 3 shows.
Andrei Emeltchenko
and Intel.
www.hakin9.org/enWIRELESS SECURITY
State of Security
their app.
Apple App Store and the Top 100 Android Paid App
sites.
106
Key Findings
Minority
Mobile Apps
Hacked versions were found across all key indus-
applications).
Ducks”
Our research demonstrated that apps are sub-
Apps
cumvented.
downloads.
Approaches
www.hakin9.org/en
107WIRELESS SECURITY
requirements.
vacy 2012).
the app.
distribute it.
Apple iOS
party sites.
Android
www.hakin9.org/en
size problems.
109WIRELESS SECURITY
110
www.hakin9.org/enWIRELESS SECURITY
compromise it.
Protection
lowing:
112
Summary
Jukka Alanen
poration.
Arxan Technologies Inc. is the industry leader of appli-
Network Analysis
ber Cables.
DIUS).
Protocol).
114
www.hakin9.org/en
115WIRESHARK ADVANCED
MDS3(config)# exit
PassiveClient = 172.xxx.xxx.xxx
MDS2#
the FC analyzer.
• Transmit Trace
• Response Trace.
target Host.
Conclusions
116
Appendix 1
•
http://www.cisco.com/en/US/docs/switches/datacenter/
mds9000/sw/4_1/configuration/guides/cli_4_1/tsf.html
http://en.wikipedia.org/wiki/Fibre_Channel
http://en.wikipedia.org/wiki/Fibre_Channel_Logins
http://en.wikipedia.org/wiki/Fibre_Channel_zoning
http://www.jdsu.com/en-us/Test-and-Measurement/
Products/a-z-product-list/Pages/xgig-protocol-analy-
zer-family-overview.aspx
http://teledynelecroy.com/protocolanalyzer/protocol-
standard.aspx?standardid=5
http://www.brocade.com/products/all/switches/index.
page
ht t p: // w w w. c is co . co m /e n / US /p r o d u c t s / h w/
ps4159/ps4358/products_configuration_example-
09186a008026eb55.shtml
SEMBIANTE MASSIMILIANO
biante@rifec.com
e
n
OWASP Foundation
¥ Citations: NSA, DHS, PCI, NIST, FFIEC, CSA, CIS, DISA, ENISA and
more..
Deep Packet
to trademark issues.
shark on.
$ tshark –z help
tshark
tshark, type:
$ tshark –h
118
‘print $3’} looks for the third field in the text re-
sulting from the grep and prints it; sort –n will sort
22, 23, 25, 53, 80, 110 and 113) along with the
sort –n | uniq –c
command.
value
www.hakin9.org/en
Account
119WIRESHARK ADVANCED
wireshark alert1.log.gz> .
dns.resp.type == CNAME
Dns.resp.name == “download.microsoft2.akadns.net”
Conclusion
tivity.
163.162.170.173
163.162.170.173
120
David J. Dodd
dave@pbnetworks.net.
Listening to a
Wireshark is a very powerful tool but did you know you can
extract
an RTP stream trafc from your VoIP packets, listen to, and even
(Wireshark).
122
shown Figure 3.
www.hakin9.org/en
123WIRESHARK ADVANCED
124
(Figure 6).
conversation.
your preference.
diferent locations.
Summary
Luciano Ferrari
www.hakin9.org/en
Blog: www.lufsec.com
twitter: @lucianoferrari
125WIRESHARK ADVANCED
Wireshark/LUA
languages are out of scope for this article. packets (also known
as frames), dissects the dif-
Wireshark Benefits
wireshark.org/docs/wsug_html_chunked/Chapter-
126
http://hakin9.org/: Figure 1.
TBO 01/2013Wireshark/LUA
(Figure 2).
Limitations
into the relevant RFCs and soon find out that all
the first syn request and the ack request from the
Lua
The language
www.hakin9.org/en
127WIRESHARK ADVANCED
eases deployment.
Wireshark.
quest.
but a few:
128
further hassle.
TBO 01/2013Wireshark/LUA
in Lua.
Warning
shooters.com/codecorn/lua/lua_c_calls_lua.htm
www.hakin9.org/en
by C code.
Jörg Kalsbach
129WIRESHARK ADVANCED
Tracing ContikiOs
Based IoT
130
researching community.
CONTIKI OS
strained devices.
www.hakin9.org/en
Cooja
How to start
$ ant run
The environment
speed,
port,
the simulation,
captures,
constrained devices.
132
Client – server
but they will not reach it. This will happen because
etimer _ restart() .
www.hakin9.org/en
uip_ip6addr(ipaddr,0xfe80,0,0,0,0x301,0x1f,
ent and the server. For this purpose, the first step
133WIRESHARK ADVANCED
to a Wireshark format.
two motes.
134
IP stack
#include <iostream>
#include <string>
#include <cstring>
#include <stdio.h>
string str;
while (getline(cin,str)){
if (i%2)
cout << “ “;
parser-from-cooja.cpp ,
On the Web
•
•
http://wiki.contiki-os.org/doku.php?id=an_introduc-
see how the string Hello from the client can be cor-
Conclusions
constrained applications.
Pedro Moreno-Sanchez
Rogelio Martinez-Perez
Figure 6. Wireshark Trace Showing UDP/IP Based Messages
www.hakin9.org/en
135CYBERSECURITY
Integration
CONOPS Plan, which is the national strategic war plan for the
United
States.
berwarfare.
136
already happened.
States?
designed.
www.hakin9.org/en
137CYBERSECURITY
correct provocation.
138
Operations
Threats
(Gerwitz, 2011).
so important to protect.
www.hakin9.org/en
What is the efectiveness of current policy
cyberspace.
Engleman, 2012).
Current Policy
139CYBERSECURITY
cyberweapons.
that makes the U.S. the envy of and the model for
Specific Policy?
Part 2 Conclusion
140
(Technolytics, 2012)
that the U.K. with its stature and status does not
the Threat
Omni-directionality
Synchrony
Limited objectives
Unlimited measures
Asymmetry
Minimal consumption
Multi-dimensional coordination
(Hagestad, 2012).
(Fayutkin, 2012).
www.hakin9.org/en
(Saini, 2012)
141CYBERSECURITY
Capabilities
pability.
Problem
quet, 2009).
142
Planning
www.hakin9.org/en
conflict, along with air, sea, land, and space for con-
strength.
143CYBERSECURITY
Therefore, the JCS also created a Course of Ac-
oped (U.S. DoD, JCS, 2006) (Figure 6). threats can be found in
President Obama’s De-
Part 4 Conclusion
terrence issues.
Threats
CONOPS Plan
144
Disadvantage
of cyberweapons
money
Unintended
consequences of
unilateral use or
unplanned use of
cyberweapons
els of conflict.
Idea Explanation
Define State and Local Roles A workable Federal policy must have
the involvement of state and local
authorities to be efective
infrastructure.
Establish and Implement Clear Priorities This will ensure the best
allocation of financial and management resources.
www.hakin9.org/en
145CYBERSECURITY
References
146
gov/cybersecurity/comprehensive-national-cybersecuri-
http://www.au.af.mil/au/ssq/2011/spring/crosston.pdf
2012.
http://www.zdnet.com/blog/government/the-obama-
cyberdoctrine-tweet-softly-but-carry-a-big-stick/10400
org/2011/09/26/140789306/security-expert-u-s-leading-
templates/story/story.php?storyId=130260413 on De-
org/2011/09/26/140789306/security-expert-u-s-le-
org/2011/11/02/141908180/stuxnet-raises-blowback-risk-
Wesley.
•
•
Press.
http://news.cnet.com/8301-1009_3-57519484-83/
senator-urges-obama-to-issue-cybersecurity-executive-
University.
litix.topix.com/homepage/2214-iran-attacks-us-banks-
sites/default/files/rss_viewer/international_strategy_
ber-cold-war-espionage-and-warfare/article/254627/ on
September 7, 2012.
from http://www.vifindia.org/article/2012/july/26/pre-
paring-for-cyberwar-a-national-perspective on Octo-
war games
References
•
from http://www.nytimes.com/2011/10/18/world/africa/
cyber-warfare-against-libya-was-debated-by-us.html
news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-
Retrieved
from
http://www.fpri.org/multime-
dia/2012/20121024.webinar.cyberwar.html on Octo-
ments/173_PCCIPDeterrenceCyberDimension_97.pdf
on November 3, 2012.
www.dtic.mil/doctrine/new_pubs/jp5_0.pdf
on
www.hakin9.org/en
Conclusion
147CYBERSECURITY
Open Networks
Most of you are quite aware of the fact, that using open Wi-Fi
networks
tablet etc.). But did you know, that if you associate your device
with an
open network, the threat even goes beyond being actively online
on the
networks
• Eavesdropping
• Malware
access point.
Eavesdropping
are present.
Fi connections.
sight into which sites you visit on the web with your
148
links. That may fool more than a few, when the visit
Figure 2. SSLStrip
Showing an example
(Figure 3).
tel network.
www.hakin9.org/en
149CYBERSECURITY
online
is established.
But, but you say! You are not even near MYHO-
150
request.
www.hakin9.org/en
151CYBERSECURITY
plicated.
Jasager
here.
wireless network.
can be attacked.
• Redirect your sites via DNS spoofing. This
stored.
mation is stored.
152
Links
com/collections/gadgets/products/wifi-pineapple
G-MoN: https://play.google.com/store/apps/details?i-
d=de.carknue.gmon2&hl=da
twork-Scanning-Ofcial-Discovery/dp/0979958717
Sources used
0-07-178028-5
box.blogspot.dk/2012/06/you-just-cant-trust-wireless-
-covertly.html
com/products/wifi-pineapple
www.dailymotion.com/video/xavig9_man-in-the-mid-
dle-fun-with-ssl-stri_school#.UXEjZfPU-Wg
to.
Lessons learnt
network.
www.hakin9.org/en
http://blog.oneiroi.co.uk/hacking/saying-no-to-the-
-yesman-defense-against-jasager/
Aftermatch
Though there is not that much you can do. You can
prompted.
Michael Christensen
http://dk.linkedin.com/in/michaelchristensen/
153CYBERSECURITY
Social Engineering
information systems.
Introduction
human element.
154
collection on a target.
actions will not alert the target that they are being
collected on.
What's in a Name?
lection phase.
www.hakin9.org/en
Myspace
tional information.
155CYBERSECURITY
TwinDevil
tember, 1983
friends
• Owner of www.broken-reality.com
travel
Blogs
blog posts are for school. Also note the name asso-
deviantART
blizzardwolf@broken-reality.com.
Broken-reality.com, Whois.net, and Archive.org
istered (see Figure 3), but we're not done with the
156
photographs.
(02May2005).
ingfulfunerals.com (www.meaningfulfunerals.
members.
www.hakin9.org/en
Mining
extraordinary!
Myheritage.com
157CYBERSECURITY
Summary
three goals:
Name
Name
Spokeo
158
Name
collection on a target.
References
•
•
new/0-AIRPAPER-792685.php
from: (http://www.ypstate.com)
chive.org/web/web.php
www.blogspot.org
http://www.buddymedia.com
www.deviantart.com
google.com
http://www.howtovanish.com/2011/02/remove-per-
sonal-information-from-the-internet/
www.legacy.com
www.linkedin.com
paterva.com/web5/client/download.php
Publishing, Inc.
life.com
myspace.com
spokeo.com
isc.sans.edu/diary.html?storyid=5728&rss
us harm.
networking profiles.
Additional Resources
www.hakin9.org/en
159CYBERSECURITY
Using Wireshark
Cybercrime
berwarfare.
What is Cyberwarfare?
160
already happened.
States?
2009).
www.hakin9.org/en
Is it problematic for these countries in the
161CYBERSECURITY
162
carefully considered.
Figure 1.
www.hakin9.org/en
163CYBERSECURITY
Manually Resolve
Address
Apply as Filter
SCTP - Allows ycii to analyze and prepare a filter for this SCTP
associafion.
Follow TCP Stream Analyze Allows you to view all the data on a
TCP streambetw een a pair of noles.
Follow UDP Stream Analyze Allows you to view all the data on a
UDP datazrain stnain b etw een a
pair of nodes.
Follow SSL Stream Analyze Same as "Follow TCP Sbeanz" but for
SSL. XXX - add a new ection
separated text.
separated text.
Copy/ Byter (Ofset Hex) - Copy the packet bytes to the clipboard
in hexdump-like format,
pzintab le characters.
Copy/ Wier (Hex Stream) - Copy the packet bytes to the clipboard
as an unpuirtuated list of hex digits.
item.
----
----
164
in greater detail.
Wireshark
www.hakin9.org/en
165CYBERSECURITY
TCPView
analysis.
Trafc to Watch
166
Network Attacks
authorities.
The Future
dangers.
Conclusion
•
•
References
tice-Hall.
gov/cybersecurity/comprehensive-national-cybersecu-
www.hakin9.org/en
•
•
IOS Press.
NJ: Prentice-Hall.
2012.
com/blog/government/the-obama-cyberdoctrine-
tweet-softly-but-carry-a-big-stick/10400 on Septem-
npr.org/2011/09/26/140789306/security-expert-u-s-le-
org/templates/story/story.php?storyId=130260413 on
org/templates/story/story.php?storyId=130260413 on
npr.org/2011/09/26/140789306/security-expert-u-s-le-
168
Gjelten, T. (2011). Stuxnet Raises ‘Blowback’ Risk In Cy-
org/2011/11/02/141908180/stuxnet-raises-blowback-
org/2011/11/02/141908180/stuxnet-raises-blowback-
America, Inc.
McGraw Hill.
Hintzbergen, J., el al. (2010). Foundations of Informa-
news.cnet.com/8301-1009_3-57519484-83/senator-
urges-obama-to-issue-cybersecurity-executive-order/
sity.
2011.
•
•
shows/show.aspx?c=92732&placement=bodycopy in
May 5, 2011.
http://www.nytimes.com/2009/06/28/world/28cyber.
topix.com/homepage/2214-iran-attacks-us-banks-in-
cations.
http://www.defense.gov/news/Defense_Strategic_Gu-
default/files/rss_viewer/international_strategy_for_cy-
Kentucky Press.
ber-cold-war-espionage-and-warfare/article/254627/
on September 7, 2012.
•
•
Schuster.
from http://www.nytimes.com/2011/10/18/world/afri-
ca/cyber-warfare-against-libya-was-debated-by-us.
http://serpentsembrace.wordpress.com/2011/05/17/
NJ: Prentice-Hall.
shing, Inc.
Prentice Hall.
Government Institutes.
Retrieved
from
http://www.businessweek.com/
news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-
16, 2011.
sembrace.wordpress.com/tag/honker-union-of-china/
www.hakin9.org/en
•
•
Media.
ness.com/resources/reports/rp_data-breach-investiga-
ness.com/resources/reports/rp_data-breach-investiga-
2011.
blishing, Inc.
vel/2011/07/how-digital-detectives-deciphered-stu-
youtube.com/watch?v=CfxY8nmU&feature=related on
169CYBERSECURITY
Spyware
in security – spyware?
During his regular day at work, John, your assis-
170
no longer supported.
ly recommended.
The most important step you can take is educa-
harm.
Louis Corra
textra
An Interview with
Cristian Critelli
goes on!
diferent environments.
172
www.hakin9.org/en
bands.
173extra
Wi-Fi Technology
Network security
Securing methods
174
Attacks
ing two packets that use the same IV, the attacker
www.hakin9.org/en
175extra
Table-based Attack
WPA/TKIP
WPA2/TKIP/AES
or TACACS+).
176
WEP Attacks
minutes.
Attacks
Cipher Attacks
WPA/TKIP
802.1X / EAP
Eavesdropping
Open Network
WPA/WPA2-PSK
www.hakin9.org/en
Captive Portal
or WEP-encrypted Wi-Fi;
thentication protocol;
802.11w.
177extra
el fire walls;
ing packets;
companies?
the creator of, and has been at the forefront of, the
178
tigious award.
“cyber-audacity”.
By Ewelina Nazarczuk
TBO 01/2013KISS
needed most. This “what if” can become reality with one
introduction. Meet Riverbed.
riverbed.com/kissTake control
Xpandion’s complete
suite of products
Control GRC
Request Demo
info@xpandion.com
Tel +1-800-707-5144
Live Training
* Digital Forensic Recovery
* Wireless Hacking
* And more!
Speaking Engagenments
Info@HackMiami.org
HackMiami.org
Business Services
* Network/Application Vulnerability
Assessments
Du 05/06 au 25/06/2017
Semaine du
N°
Semaine
Vacances
DUT
LEF
LP
Master
Ingénieur
Doctorat en Médecine et
Pharmacie
Du 18/05 au 24/05/2017
mai-‐17
25 & 26/06/2017
Pré-‐inscription en ligne
Du 01/06 au 30/06/2017
Pré-‐inscription en ligne
Etudes médicales
(Bac Marocain)
Du 01/06 au 30/06/2017
(Bac français)
Du 01/06 au 11/07/2017
Pré-‐inscription en ligne
du 19/06 au 16/07/2017
Pré-‐inscription en ligne
Du 26/06 au 28/07/2017
juin-‐17
Pré-‐inscription en ligne
Etudes Dentaires
(Bac Marocain)
Du 01/06 au 30/06/2017
(Bac français)
Du 01/06 au 11/07/2017
Etudes pharmaceutiques
Bac
Du 01/06 au 30/06/2017
Passerelle DEUG
Du 19/06 au 21/07/2017
Inscription administrative
Du 17 au 29 juillet 2017
et d'attente
27 /07/2017
juillet-‐17
Réinscription des anciens
Du 10 au 29/07/2017
présélectionnés
Du
1 0/07
au 15/07/2017
orales
d’ingénieurs
A partir du 24/07/2017
retenus :
Passerelle DEUG
Du 17/07 au 09/09/2017
ENSIAS : 13/07/2017
29/07/2017
EMI : 14/07/2017
Du 22 au 30/08/2017
Aout 2017
01/09/17
des
épreuves écrites et orales et afchage des
du 05/09 au 07/09/2017
résultats
d es candidats retenus :
04/09/17 AS0
11/09/17 AS1
18/09/17 AS2
25/09/17 AS3
02/10/17 AS4
09/10/17 AS5
16/10/17 AS6
23/10/17 AS7
30/10/17 AS8
06/11/17 AS9
13/11/17 AS10
20/11/17 AS11
27/11/17 AS12
04/12/17 AS13
11/12/17 AS14
jusqu'au 09/09/2017
05/09/2017
11/09/ 2017
année pharmacie
06 /09/2017
11 /09/2017
Début des cours de la session d'Automne :
11/09/2017
Jeudi 21/09/2017
Contrôles Continus
lundi 06/11/2017
Independance(1j)
samedi 18/11
Contrôles continus
Novembre)Semaine du
N°
Semaine
Vacances
DUT
LEF
LP
Master
Ingénieur
Doctorat en Médecine et
Semaine Préparation
18/12/17
25/12/17
AS15
01/01/18
lundi 01 /01/2018
08/01/18
AS16
15/01/18
Manifeste de l'independance
(1j)
Examens de la session
d'automne
Correction et déliberations
Vacances de fin de session d'Automne (8 jours):
21/01 au 28/01/2018
22/01/18
29/01/18 PS1
05/02/18 PS2
12/02/18 PS3
19/02/18 PS4
26/02/18 PS5
05/03/18 PS6
12/03/18 PS7
Démarrage de cours de la
Démarrage de cours de
de cours de la session
session de Printemps
la
s ession
de
Printemps Démarrage
de Printemps
d'Automne
PS8
26/03/18 PS9
02/04/18 PS10
09/04/18
16/04/18 PS11
23/04/18 PS12
30/04/18 PS13
07/05/18 PS14
Contrôles continus
Mardi 01/05/2018
semaine de préparation
14/05/18
21/05/18
28/05/18
session d'automne
semaine de préparation
PS15
Délibérations
04/06/18
Délibérations
15/06 au 18/06/2018
11/06/18
Examens de la session de
printemps
Printemps
Rattrapages finaux
PS16
18/06/18
Soutenance PFE
Délibérations session
Printemps et Annuelle
25/06/18
02/07/18
09/07/18
Délibérations définitives
16/07/18
23/07/18
féte du Trône
30/07/18
samedi 30/07/2018
Légende:
i: 1 à 16CALENDRIER
UNIVERSITAIRE
ANNUEL
2017-‐2018
adopté
par
le
Conseil
d'Université
du
15
Juin
2017
Plan
de
communication
sur
la
plate-‐forme
de
préinscription
et
organisation
de
la
rentrée
et
formation
des
doctorants
pour
l'accompagnement
des
nouveaux
bacheliers:
Du
05/06
au
25/06/2017
Semaine
du
N°
Semaine
Vacances
DUT
LEF
LP
Master
Ingénieur
Doctorat
en
Médecine
et
Doctorat
en
Médecine
dentaire
Pharmacie
Concours
National
Commun
CNC'17
Epreuves
d’admissibilité
Ecrit
Du
18/05
au
24/05/2017
mai-‐17
Aid
Al
Fitr
(2j)
25
&
26/06/2017
Pré-‐inscription
en
ligne
Du
01/06
au
30/06/2017
Pré-‐inscription
en
ligne
Etudes
médicales
(Bac
Marocain)
Du
01/06
au
30/06/2017
(Bac
français)
Du
01/06
au
11/07/2017
Pré-‐inscription
en
ligne
du
19/06
au
16/07/2017
Pré-‐inscription
en
ligne
Du
26/06
au
28/07/2017
juin-‐17
Pré-‐inscription
en
ligne
Etudes
Dentaires
(Bac
Marocain)
Du
01/06
au
30/06/2017
(Bac
français)
Du
01/06
au
11/07/2017
Etudes
pharmaceutiques
Bac
Du
01/06
au
30/06/2017
Passerelle
DEUG
Du
19/06
au
21/07/2017
Inscription
administrative
Du
17
au
29
juillet
2017
Résultat
des
listes
principales
et
d'attente
27
/07/2017
juillet-‐17
Réinscription
des
anciens
Du
10
au
29/07/2017
Concours
National
Commun
CNC'17
Epreuves
d’admissibilité
:
Oral
Afchage
des
listes
des
candidats
présélectionnés
Du
1
0/07
au
15/07/2017
Organisation
des
épreuves
écrites
et/ou
Afectation
des
candidats
dans
les
écoles
orales
d’ingénieurs
partir
du
24/07/2017
Afchage
des
résultats
des
candidats
retenus
Passerelle
DEUG
Du
17/07
au
09/09/2017
ENSIAS
13/07/2017
Concours
d'accès
aux
études
médicales
27/07/2017
Concours
d'accès
aux
études
dentaire
28/07/2017
Concours
d'accès
aux
études
pharmaceutiques
1ère
année
29/07/2017
EMI
14/07/2017
Suite
Réinscription
des
anciens
Du
22
au
30/08/2017
Aout
2017
Aid
El
Adha
(4
jours)
Vendredi
01/09
au
04/09/2017
01/09/17
SESSION
D'AUTOMNE
Du
11
Septembre
2017
au
20
Janvier
2018
Suite
des
inscriptions
des
nouveaux
bacheliers
Suite
des
épreuves
écrites
et
orales
et
afchage
des
du
05/09
au
07/09/2017
résultats
d
es
candidats
retenus
04/09/17 AS0
11/09/17 AS1
18/09/17 AS2
25/09/17 AS3
02/10/17 AS4
09/10/17 AS5
16/10/17 AS6
23/10/17 AS7
30/10/17 AS8
06/11/17 AS9
13/11/17 AS10
20/11/17 AS11
27/11/17 AS12
04/12/17 AS13
11/12/17 AS14
jusqu'au
09/09/2017
Accueil
des
nouveaux
inscrits
Jeudi
Septembre
2017
Démarrage
formation
EMI:
05/09/2017
Démarrage
des
cours
ENSIAS
et
ENSET
11/09/
2017
Concours
d'accès
en
3
ème
Liste
d'attente
le
08
septembre
2017
année
pharmacie
Accueil
des
nouveaux
inscrits
06
/09/2017
11
/09/2017
Début
des
cours
de
la
session
d'Automne
11/09/2017
1er
Moharem
(1j)
Jeudi
21/09/2017
Contrôles
Continus
Marche
verte
(1j)
lundi
06/11/2017
Independance(1j)
samedi
18/11
Aid
Al
Mawlid
(2j)
Jeudi
30/11
&
01/12/2017
Contrôles
continus
Examens
cliniques
(session
Novembre)Semaine
du
N°
Semaine
Vacances
DUT
LEF
LP
Master
Ingénieur
Doctorat
en
Médecine
et
Doctorat
en
Médecine
dentaire
Pharmacie
Semaine
Préparation
18/12/17
25/12/17
AS15
01/01/18
Jour
de
l'An
(1j)
Evaluation:
Contrôles
Finaux
Début
corrections
lundi
01
/01/2018
Contrôles
de
fin
de
semestre
d'automne
Délibérations
;
début
rattarapage
et
lancement
des
réinscriptions
08/01/18
AS16
15/01/18
Manifeste
de
l'independance
(1j)
Jeudi
11/01
/2018
Examens
de
la
session
d'automne
Rattrapages
suite
et
finalisation
réinscription
des
semestres
Examens
de
la
session
d'automne
Correction
et
déliberations
Vacances
de
fin
de
session
d'Automne
(8
jours):
21/01
au
28/01/2018
22/01/18
SESSION
DE
PRINTEMPS
Du
29
Janvier
au
28
Juin
2018
29/01/18 PS1
05/02/18 PS2
12/02/18 PS3
19/02/18 PS4
26/02/18 PS5
05/03/18 PS6
12/03/18 PS7
Démarrage
de
cours
de
la
Démarrage
de
cours
de
de
cours
de
la
session
session
de
Printemps
la
s
ession
de
Printemps
Démarrage
de
Printemps
Délibérations
de
troisème
année
et
Suite
des
examens
de
la
Démarrage
de
cours
de
la
session
de
Printemps
démarrage
des
PFE
19/03/18
Rattrapages
et
délibérations
du
semestre
d'Automne
PS8
26/03/18 PS9
02/04/18 PS10
Vacances
de
Printemps
(8
jours):
08/04/2018
au
15/04/2018
09/04/18
16/04/18 PS11
23/04/18 PS12
30/04/18 PS13
07/05/18 PS14
Contrôles
continus
Fête
du
travail
(1j)
Mardi
01/05/2018
semaine
de
préparation
14/05/18
21/05/18
28/05/18
session
d'automne
semaine
de
préparation
Evaluation:
Contrôles
Finaux
Début
corrections
PS15
Délibérations
04/06/18
Délibérations
Aid
Al
Fitr
(4j)
15/06
au
18/06/2018
11/06/18
Examens
de
la
session
de
printemps
Examens
de
la
session
de
printemps
Contrôles
finaux
de
la
session
de
Printemps
Démarrage
des
soutenances
des
PFE
Rattrapages
finaux
PS16
18/06/18
Soutenance
PFE
Rattrapages
et
finalisation
des
soutenances
des
PFE
Rattrapages
finaux Rattrapages
finaux
Délibérations
définitives Délibérations
définitives
Délibérations
session
Printemps
et
Annuelle
25/06/18
02/07/18
09/07/18
Délibérations
définitives
16/07/18
Cérémonie
de
fin
d'année
23/07/18
féte
du
Trône
30/07/18
samedi
30/07/2018
Légende:
ASi
Semaine
de
la
Session
Automne
PSi
Semaine
de
la
Session
de
Printemps
i:
16
National Curriculum:
Pupils should be taught to develop their techniques, including their control and their
use of materials, with creativity, experimentation and an increasing awareness of
different kinds of art, craft and design.
Sketchbooks are:
For teachers too! When you embark on using sketchbooks with your
class, why not get one for yourself too? Use it whenever you ask the
children to use theirs. Don’t be afraid to model mark-making and
experimentation – this will help the children. If you say “I can’t draw”
children will learn that this is acceptable. It’s not: if you can hold a pencil
and make a mark you can draw! Arranging those marks in ways that are
pleasing to you is something you can get better at – but only through
practice…Don’t judge yourself too harshly and enjoy playing with marks
and ideas.
Something to share Once your class has got up and running with their
sketchbooks, they are great for sharing and discussion. Children could
elect to share something new they have tried, an experiment they are
proud of, something they found hard or a task they enjoyed in their
sketchbooks. Small groups or talking pairs can peer review or children
can talk about their sketchbook journeys in assemblies.
Observational drawings
Observational drawing & cut-out observational drawing with mixed media collage
Observational drawing & recording a moment
Sketches for an illustration commission
Observational drawings
Sketchbook challenges
Observation
Imagination
Find scraps of paper like old envelopes and stick these in your sketchbook
to create a more interesting background to draw on.
Cut out a random image from a magazine and stick it on a page. Draw to
make the image into something totally diferent.
Use crayons to do rubbings of diferent textures you fnd on your way
home from school eg. tree bark, pavement, manhole covers etc.
With collage the possibilities are endless. Collect interesting papers and
pages from magazines. Select a theme or topic and create new pictures
using a variety of collaged images. When using photos, it is worth cutting
these out carefully to make really interesting new images.
Using a variety of pencils, pens, crayons etc. make as many diferent
types of line as you can on one page.
Collect as many diferent types of font as you can from newspapers,
magazines and packaging. Copy ones that you like and try inventing your
own going through each letter of the alphabet and trying diferent things
out. Draw your name out in your favourite.
Draw something you've drawn before (observational or imagination! but
with a completely diferent material
The best place to get inexpensive high quality sketchbooks for school use is
Seawhite: http://www.seawhite.co.uk/online/
Access Art – membership organisation for schools with resources and access to
artists http://www.accessart.org.uk/
Instagram: #tatesketchbook