when a vulnerability assessment pentest n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
When a vulnerability assessment > pentest PowerPoint Presentation
Download Presentation
When a vulnerability assessment > pentest

Loading in 2 Seconds...

play fullscreen
1 / 46

When a vulnerability assessment > pentest - PowerPoint PPT Presentation


  • 157 Views
  • Uploaded on

When a vulnerability assessment > pentest. The Anomaly. $ whoami. Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu. $ whoami. $ whoami. $ whoami. $ whoami. What is a Pentest ?. Recon Pwnage Pillage Loot

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

When a vulnerability assessment > pentest


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    whoami
    $whoami
    • Network Security for Dept of VA
    • Father/Husband
    • Fan of Futbol (Viva Mexico!)
    • Fan of Martial Arts
    • Brazilian JiuJitsu
    what is a pentest
    What is a Pentest?
    • Recon
    • Pwnage
    • Pillage
    • Loot
    • Report
    what is a pentest1
    What is a Pentest?
    • http://www.pentest-standard.org/
    • http://www.sans.org/reading_room/whitepapers/bestprac/writing-penetration-testing-report_33343
    • http://www.offensive-security.com/offsec/sample-penetration-test-report/
    probando boligrafos
    Probandoboligrafos
    • - How to Not get a good pentest?
    • http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html
    • Marcus Ranum – “The only favorable or useful outcome of a pentest is the worst one.”
    • http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html
    pwning noobs
    Pwningnoobs
    • Cons and breaking stuff tracks/talks
    • Social Media: If you break stuff, talk about how to fix it.
    • Reporting is Seriously lacking
    pentesting mi mujer me pega
    Pentesting – mi mujer me pega
    • “Why don’t you find their weaknesses and then help them fix it?”
    vulnerability assessment2
    Vulnerability Assessment
    • Scan, how? Inside, external, credentials, ips, firewalls
    • Agent based vs passive vs active
    • Results integration
    • Results reporting
    • Team player
    scan how
    Scan how?
    • Scanner Location
      • inside Network, outside network
      • Denial of service
      • Nmap
    scan how1
    Scan how?
    • Exclusions for Scanners
      • White box vs. Black box
      • Firewalls, IPS
    scan how2
    Scan how?
    • Credentials
      • Windows Desktops and Servers
      • Linux/Unix servers with SSH account/keys
      • SNMP strings
      • Cisco/Networking SSH credentials
      • Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more.
      • https://lists.immunityinc.com/pipermail/dailydave/2013-February/000334.html
    credentials
    Credentials?
    • Risks
      • Capture credentials
        • Use ssh keys
        • Never send clear text credentials
        • Secure your scanner applications
        • Passive Vulnerability (span port)
    scan how3
    Scan how?
    • Remember HD Moore’s Law
      • “Casual attacker power grows at the rate of Metaspoit.”
      • - Joshua Corman
    agent vs active scanning
    Agent vs Active scanning
    • Agent Pros
      • Near real time
      • No network traffic
      • No outages caused by scans
    • Agent Cons
      • May not be installed
      • May not be possible to install
      • Some vulns cannot be found
    vuln scanning doing it right
    VulnScanningdoing it right
    • Internal Scans
    • Credentialed Scans – Linux, Windows, Network devices
    • Vendor provided exploit availabilities and frameworks
    • Coordinate HIPS/NIPS, Firewall exclusions
    scan data integration
    Scan Data integration
    • Integrate with Org CMDB
    • SA information
    • Satellite Server
    • SCCM
    • WSUS
    • BigFix
    scan data integration1
    Scan Data integration
    • Integrate with Org CMDB
    scan data integration2
    Scan Data integration
    • Sys Admin information
    • SA POC information (part of cmdb)
    • Sys Admin deemed important information
    • Manual updates from Sys Admins
    scan data integration3
    Scan Data integration
    • Satellite Server
    • SCCM
    • WSUS
    • BigFix/Tivoli Endpoing Manager(TEM)
    • Red Hat patch info integration
    • Compare with Scan info
    scan data integration4
    Scan Data integration
    • Where Does all this data go?

    Access DB

    Custom App with DB backend

    Excel Spreadsheet

    GRC – Governance Risk and Compliance

    Any other solutions?

    scan data
    Scan data
    • Incident Response
    • Import into org SIEM or incident correlation tool
    scan reporting
    Scan Reporting
    • Executive reports on important issues
    • Report on Org specified critical findings
    • Organizational severity scoring
    scan reporting1
    Scan Reporting
    • Organizational severity scoring
    scan reporting2
    Scan Reporting
    • Java JRE vuln – RCE
      • Base Score = 9.3
      • Temporal Score = 7.7
      • Final Score = ?
    scan reporting3
    Scan Reporting
    • Java JRE vuln – RCE
      • Base Score = 9.3
      • Temporal Score = 7.7
      • Final Score = ?
    scan reporting5
    Scan Reporting
    • Default Credentials
    • Exploitable Vulns
    • Malware identification vulns
    • Indicators of Compromise
    • Configuration Auditing
    • More?
    call to action
    Call to Action
    • Do work!
    • Improve scanning
    • Improve Patch Mgt
    • Integrate
    • Consolidate data
    • Customize to org needs
    • Work as a team ( Security, Sys Admin, Devs, Operations, etc)