Welcome to Chris Sanders' Section

Chris Sanders is a technology consultant, author, and researcher originally from around Mayfield, Kentucky. That’s ten miles west of the town Possum Trot, thirty miles east of the community of Monkey’s Eyebrow, and ten miles north of New York City (population 214). He currently resides in Charleston, South Carolina.

Chris serves as senior network security analyst for the US Department of Defense (SPAWAR) through Honeywell HTSI. His book Practical Packet Analysis is widely respected as one of the best practical use books on its topic and has sold several thousand copies internationally. Along with this, Chris has written and co-written hundreds of articles on the topics of network security, packet analysis, and general network administration.

In 2008, Chris founded the Rural Technology Fund. The RTF is a 501(c)(3) non-profit organization designed to provide scholarship opportunities to students from rural areas pursuing careers in computer technology. The organization also promotes technology advocacy in rural areas through various support programs. All of the proceeds from Chris’s technical writing are donated directly to this effort.

You can read more about Chris on his personal blog located at http://www.chrissanders.org where he posts information regarding his latest projects as well as various technical articles and product reviews.

Chris Sanders' Latest Contributions

Operating System Fingerprinting with Packets (Part 1): Date - Aug 31, 2011; Section - Articles / Intrusion Detection; In this article series I will describe active and passive OS fingerprinting, the concepts that make them plausible, and go through some examples of how to do this in a manual and automated fashion.
Building a Malware Analysis Lab: Date - Jul 06, 2011; Section - Articles / Viruses, trojans and other malware; In this article I am going to discuss some of the things that need to be taken into consideration when building a malware analysis lab.
Enumerating Metadata: Date - Apr 27, 2011; Section - Articles / Misc Network Security; In this article I’m going to discuss the importance of metadata as it relates to reconnaissance. I’ll cover what it is, how it’s stored, and how attackers can extract it to find out more about you or your network.
Extracting USB Artifacts from Windows 7: Date - Mar 23, 2011; Section - Articles / Authentication, Access Control & Encryption; This article will discuss some of the artifacts that a USB storage device leaves on a system when it has been plugged in, how to gather and interpret those artifacts, and how to ultimately determine if a USB device may have been involved in malicious activity on a Windows computer.
Determining If You are Actively Being Compromised: Date - Feb 09, 2011; Section - Articles / Windows OS Security; This article will demonstrate a few of the things you can do to find out if someone else is hanging around your system.
Collecting Threat Intelligence (Part 2): Date - Jan 19, 2011; Section - Articles / Intrusion Detection; This article deals with the available resources that help us take informed decisions about unknown systems that are communicating with our network.
Collecting Threat Intelligence (Part 1): Date - Dec 01, 2010; Section - Articles / Intrusion Detection; This two-part article discusses techniques for collecting publicly available information on obscure IP addresses and domain names that pop up anomalously on your network.
Product Review: VIPRE Enterprise: Date - Oct 27, 2010; Section - Articles / Product Reviews; Chris Sanders reviews VIPRE Enterprise.
Analyzing DLL Hijacking Attacks: Date - Oct 13, 2010; Section - Articles / Windows OS Security; Taking a look at the architectural flaws that make DLL hijacking a possibility, how to determine if applications you use are vulnerable, and steps you can take to ensure you aren’t target of this attack.
PsExec and the Nasty Things It Can Do: Date - Sep 15, 2010; Section - Articles / Misc Network Security; An overview of what PsExec is and what its capabilities are from an administrative standpoint.
Product Review: ObserveIT Remote Access Auditor: Date - Aug 19, 2010; Section - Articles / Product Reviews; Chris Sanders reviews ObserveIT’s software package, designed to record and audit remote desktop and Citrix sessions.
Analyzing Wireless Network Security at the Packet Level: Date - Aug 11, 2010; Section - Articles / Misc Network Security; Useful techniques for troubleshooting wireless security issues at the packet level.
Dissecting the Pass the Hash Attack: Date - Jul 21, 2010; Section - Articles / Misc Network Security; How the Pass the Hash attack technique works and a demonstration of the process that can be used to take stolen password hashes and use them successfully without having to crack their hidden contents.
Understanding Man-In-The-Middle Attacks - Part 4: SSL Hijacking: Date - Jun 09, 2010; Section - Articles / Authentication, Access Control & Encryption; Taking a look at SSL spoofing, discussing some theory behind SSL connections and what makes them in/secure.
Understanding Man-In-The-Middle Attacks - Part 3: Session Hijacking: Date - May 05, 2010; Section - Articles / Authentication, Access Control & Encryption; Taking a look at session hijacking; the theory behind it and a demonstration of it in practice, discussing its detection and prevention tips.
Understanding Man-In-The-Middle Attacks – Part2: DNS Spoofing: Date - Apr 07, 2010; Section - Articles / Authentication, Access Control & Encryption; Continuing our look at man-in-the-middle attacks, focusing this time on another type of MITM attack called DNS spoofing.
Understanding Man-in-the-Middle Attacks – ARP Cache Poisoning (Part 1): Date - Mar 17, 2010; Section - Articles / Authentication, Access Control & Encryption; The first part of an article series on some of the most widely used forms of MITM attacks, including ARP Cache Poisoning, DNS Spoofing, HTTP session hijacking, passing the hash and more.
How I Cracked your Windows Password (Part 2): Date - Feb 10, 2010; Section - Articles / Authentication, Access Control & Encryption; Going through the process of cracking passwords with different free tolls whilst providing tips for defending your password from being cracked.
How I Cracked your Windows Password (Part 1): Date - Jan 20, 2010; Section - Articles / Authentication, Access Control & Encryption; How Windows creates and stores password hashes and how those hashes are cracked.
The Anatomy of a Null Attack: Date - Dec 16, 2009; Section - Articles / Authentication, Access Control & Encryption; Taking a look at the anatomy of a null session attack, how it works and how to prevent it from happening to you.
Buffer Overflows, Data Execution Prevention, and You: Date - Oct 28, 2009; Section - Articles / Authentication, Access Control & Encryption; What a buffer overflow is, how it can allow a potential attacker to execute a code on your system and how data execution can be employed in order to safeguard against this threat.
Maintaining, Mandating, and Mitigating Privacy in Internet Explorer 8: Date - Sep 23, 2009; Section - Articles / Authentication, Access Control & Encryption; Showcasing some of the enhancements in Internet Explorer 8 and how you can use them to make sure you maintain the privacy level you desire.
Securing Application Execution with Microsoft AppLocker: Date - Sep 02, 2009; Section - Articles / Authentication, Access Control & Encryption; A deep dive into AppLocker, Microsoft’s new feature for Windows 7 and Windows Server 2008 R2.
Locking Down Windows Server 2008 Terminal Services: Date - May 20, 2009; Section - Articles / Authentication, Access Control & Encryption; Things you can do to make your Terminal Server environment more secure.