1 / 25

The Business of Penetration Testing

Jacolon Walker. The Business of Penetration Testing. Agenda. Introduction about me Penetration testing Methodology Pentesting Frameworks Customizing your tool set Engagement Prep Post Engagement Wrapping it all up. The about me stuff. 6 years in InfoSec

urvi
Download Presentation

The Business of Penetration Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jacolon Walker The Business of Penetration Testing

  2. Agenda • Introduction about me • Penetration testing Methodology • Pentesting Frameworks • Customizing your tool set • Engagement Prep • Post Engagement • Wrapping it all up

  3. The about me stuff • 6 years in InfoSec • My talk not sponsored by employers • Write code, exploits, reverse malware for fun and sometimes profit • Have Certs • Placed 2nd in Sans Netwars • Disclaimer on ideology

  4. Ethical Pentesting Methodology? • No such thing if you want to be successful • You need to think like a hacker • Pentesting methodologies cover all grounds and help win assessments • Attention to details and organization skills • Push the envelope but do not cross the line

  5. Penetration Methodology • 5 step process • Reconnaissance • Scanning & Enumeration • Gaining Access • Maintaining Access • Covering Tracks

  6. Reconnaissance

  7. Penetration Methodology Cont. • Reconnaissance • Gathering information passively • Not actively scanning or exploiting anything • Harvesting information • Bing, google, yahoo, yandex • Way back machine (archive) • Social media etc

  8. Penetration Methodology Cont. • Scanning & Enumeration • Target discovery • Enumerating • Vulnerability mapping

  9. DEMO • Maltego • Recon-ng • Theharvester • Nmap

  10. OSINT ALL THE DATA

  11. Penetration Methodology Cont. • Gaining Access • Mapped vulns • Important to penetrate gaining user and escalating privs • Try multiple vectors. This is actually a decently easy part • Web application, wifi, social engineer. • Use your research

  12. Penetration Methodology Cont. • Maintaining Access • Keeping account access • Privilege escalation • Pivoting to own all • ET phone home

  13. DEMO • Metasploit • Post scripts

  14. Broken? No luck?

  15. Penetration Methodology Cont. • Covering Tracks • Removing tools • Backdoors, ET phone homes • Clearing logs • Windows security, application and system logs • Linux /var/log/* • Remove audit logs carefully!!!!!

  16. Penetration Frameworks • vulnerabilityassessment.co.uk • pentest-standard.org • Open Source Security Testing Methodology Manual (OSSTMM) • Information Systems Security Assessment Framework (ISSAF) • Open Web Application Security Project (OWASP) Top Ten • Web Application Security Consortium Threat Classification (WASC-TC)

  17. Customizing your toolset • Kali Linux – The new backtrack • Use your methodology to help build this • Recon, Scanning, Exploitation, Post exploitation • Become familiar with those tools • Change it up to add more to your collection

  18. My toolset • A few things in my tool set • Recon-ng / Theharvester • Burpsuite • Nmap / p0f / ncat • Nessus / CoreImpact / Acunetix / Saint • Arachni / Vega / Metasploit / Websecurify • Python Python Python • Keepnote / Lair / etherpad / (armitage *testing*)

  19. Toolset Demo • Demonstrating some of the tools I use

  20. Finally the assessment is over? No http://nooooooooooooooo.com

  21. Pre-engagement Prep • You are selling a Service so.... • Sell something • Tools customization • Knowing what offers and market rates are • Is this assessment for you? • Fixed pricing or hourly • What does the client want? • Can you provide what they want?

  22. Engagement Sold!!! • Scope of work • Understand what the client wants • Black, gray, white box testing or red teaming • How long assessment will take • What to expect from the assessment • Client contacts from project manager to network admins incase of emergencies • Use methodologies that you have created • Remember to log everything • Secure communication with clients

  23. Post Engagement • Report writing • Any issues occur? Could they have been prevented? Can it be fixed? • Did you get what you wanted from the engagement? Profit? • Any new tools added or methodologies? • Possible new techniques? • Was the customer satisfied?

  24. Report Writing • It is the last thing the customer sees. Make it the best thing they see • Customers are paying for quality • Different reports for various teams • Executive Summary • Detailed Summary • I could write a whole presentation about this but I will not

  25. Wrapping it all up • Pentesting has numerous components • Its not always about hacking its about research and business • Making sure you are NICHE at what you do. Know your target and field • Always improve your methods while helping your client improve their infrastructure • “Dont learn to hack, Hack to learn”

More Related