1 / 14

OWASP Mantra-OS

OWASP Mantra-OS. Because the world is cruel. About Me. Attended United Stated Air Force Institute of Technology Defense Acquisition University Platform Security Engineer at. What is Mantra-OS?.

ikia
Download Presentation

OWASP Mantra-OS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Mantra-OS • Because the world is cruel

  2. About Me • Attended United Stated Air Force Institute of Technology • Defense Acquisition University • Platform Security Engineer at

  3. What is Mantra-OS? • Mantra-OS is a virtualized attack platform designed around Mantra Security toolkit and OWASP WTE repository.

  4. What was Mantra-OS developed for? • SCAP testing and professional pen-testing environment optimized for virtual environments. Such as vSphere, XenDesketop, OpenStack, oVirt. • Installation media iso and deployable ovf/ova.

  5. Mantra-OS & HyTrust • Mantra-OS was implemented into HyTrust QA cycle • It is used for SCAP testing and Vulnerability verification testing. • Is deployed through vCenter.

  6. Mantra-OS Virtualization and Security Kernel • GrSecurity Kernel patch and OpenVZ Kernel patch. • Ganeti for Virtual Cluster • KVM implementation as secondary layer of virtualization.

  7. Mantra-OSContainers and Sandboxing • OpenVZ is used as container controller and lxc with arkose d-bus hook to sandbox desktop. • Libvirtd is used as a job handler for virtualization with glib hook.

  8. Mantra-OSVirtual Core

  9. Mantra-OSEnhanced Security • IDS protection with suricata • Artillery and honeyd for IPS protection • Container based sandboxing • AppArmor, SElinux

  10. Mantra-OSSecurity Audit Tools • OWASP Zap • Burp • Maltego • Metasploit & Armitage • Zenmap

  11. Mantra-OSPacket Capture • Ettercap • Wireshark

  12. Mantra-OSWeb Application Scanners • Skipfish • Nikto • Gruyere

  13. Mantra-OSSQL Injection • Sqlbrute • Sqlmap • Sqlmap intergration with Zap

  14. Mantra-OSIntel Collection • Maltego

More Related