1 / 19

Penetration Testing: Defense Through Ethical Weaponization

Presented by: Tyler Leet RISC Services Manager ATTUS Technologies, Inc. Penetration Testing: Defense Through Ethical Weaponization. What is Penetration Testing?. Security audit Ethical hacking Intent is not malicious Have written permission Follow an attacker’s methodology

marva
Download Presentation

Penetration Testing: Defense Through Ethical Weaponization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by: Tyler Leet RISC Services Manager ATTUS Technologies, Inc. Penetration Testing: Defense Through Ethical Weaponization

  2. What is Penetration Testing? • Security audit • Ethical hacking • Intent is not malicious • Have written permission • Follow an attacker’s methodology • “Point-in-time” tests • Testing should be performed regularly • Configs are modified • New vulnerabilities are discovered • Systems get replaced/updated

  3. Types of Tests • Network • Internal • External • Web Application • Application • Wireless • Physical • White Box • Black Box

  4. Phases of Penetration Testing • Phase 1 – Pre Test Activities • Getting approval • Setting parameters • Scope • Rules of Engagement • Establishing a goal • Phase 2 – Perform the Test • Phase 3 – Post Test Activities • Test report • Exit meeting

  5. Pen Testing Skill Sets • Scripting • Python • Perl • Ruby • Cross-platform Knowledge • Linux • Windows • Packet Analysis/Crafting • Command Line Fu • Database Queries • Debugging • Strong Documentation Skills • Strong Research Skills • Craftiness • Desire to Learn

  6. Five Steps of an Attack • Reconnaissance • Scanning • Gaining Access • Maintaining Access* • Covering Your Tracks* * - Highly Intrusive

  7. I. Reconnaissance • The process of learning about the target • Little to no interaction with target systems • Can provide extremely valuable information Analogy A burglar watches a neighborhood to find the patterns of its residents, what they have in their homes, etc.

  8. Elements of Reconnaissance Internet Searches WHOIS Information Website Reviews Reconnaissance IP Block Information DNS Interrogation Reverse DNS Information

  9. Reconnaissance – Tester’s Toolkit • Maltego • theHarvester • Metagoofil • Foca • Sam Spade • Fierce • Basic operating system components • Dig • WHOIS • Nslookup • Your web browser

  10. II. Scanning • The process of looking for openings on target systems • Identify systems, services and vulnerabilities • First major contact with the target’s systems Analogy A burglar rattles doorknobs and checks windows for any that are open. Also, inspects the doors and windows to see what is available behind them and if they are secure.

  11. Elements of Scanning Network Mapping Vulnerability Scanning Port Scanning Scanning Service Fingerprinting OS Fingerprinting

  12. Scanning – Tester’s Toolkit • NMAP • Netcat • Nessus • Nexpose • OpenVAS • SAINT • Arachni • w3af • Nikto • Wikto • skipfish • Grendel-Scan • DirBuster • Wireshark • Dsniff • Cain and Abel • Ettercap • tcpdump • Kismet

  13. III. Gaining Access • The process commonly associated with “hacking” • Attempt to compromise a device/system • Utilizes information gathered from previous steps Analogy The burglar breaks into the home using the door or window he thinks is the best.

  14. Avenues of Gaining Access Social Engineering Exploiting Vulnerable Software Web Application Attacks Gaining Access Configuration Weaknesses & Flaws Password Attacks

  15. Gaining Access – Tester’s Toolkit • Metasploit • Armitage • Core Impact • Canvas • Rainbow Tables • John the Ripper • Hydra • CoWPAtty • Aircrack • sqlmap • sqlninja • BeEF • Burp • Fiddler • WebScarab • Paros • SET • Hping • Scapy • Taof • Sulley • IDA Pro • OllyDbg • Immunity • Custom exploits • Downloaded exploits*** *** - Use at your own peril

  16. First Hand Pen Test Results • Types of high risk vulnerabilities/weaknesses we commonly encounter: • Default credentials • Outdated software containing vulnerabilities • Web application vulnerabilities • Non-encrypted services that transmit sensitive information • End users!!! • Successful device/service access ~10% • External pen tests only • Most targets did not have large/complex perimeter systems • This % would be higher if disruption concerns didn’t exist and/or SE would have been allowed

  17. Pen Testing Resources • www.owasp.org • www.oissg.org/issaf.html • www.isecom.org/research/osstmm.html • www.pentest-standard.org • www.vulnerabilityassessment.co.uk/Penetration%20Test.html • www.sans.org/reading_room/ • www.backtrack-linux.org • sectools.org • www.offensive-security.com/metasploit-unleashed/ • www.tcpipguide.com/free/t_toc.htm • www.ietf.org/rfc.html

  18. Root Responsibly!!! Final Thought

  19. Any Questions?

More Related