Presentation is loading. Please wait.

Presentation is loading. Please wait.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Published byElijah Long Modified over 8 years ago

Similar presentations

Presentation on theme: "Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment."— Presentation transcript:

1 Performing a Penetration Test

2  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment  Scan IP networks / hosts for weaknesses  Do not try to gain access  Penetration (Pen) test  Try to gain access

3  Two types  External  Uses publicly available information  Conduct network scanning and enumeration  Run exploits from outside the perimeter network  Internal  Performed from within the organization  Categories of knowledge  Black-box / zero-knowledge  Gray-box / partial-knowledge  White-box / complete-knowledge

4  Phase 1: Preattack Phase  Reconnaissance / data gathering  Phase 2: Attack Phase  Penetrating the Perimeter  Acquiring the Target  Escalating Privileges  Executing, Implanting, and Retracing  Phase 3: Postattack Phase  Restore the system / clear logs / leave no trace

5  Phase 3: Postattack Phase  Remove all files uploaded onto the system  Cleaning all registry entries  Remove vulnerabilities created  Reversing all file and setting manipulations  Reversing all changes in privileges and user settings  Removing all tools & exploits from the tested systems  Restoring the network to the pretest stage  Documenting & capturing all logs  Analyzing results and making presentations

6  Signed documents include  Scope of work  Nondisclosure agreement  Liability release

7  Nessus  LFI LANguard  SARA  MBSA  Metasploit Framework

Download ppt "Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment."

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Friendly hacking Penetration testing vs. hacking Kamil Golombek Tel. +420 241 046 279.

Friendly hacking Penetration testing vs. hacking Kamil Golombek Tel
ETHICAL HACKING.

ETHICAL HACKING.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
13Computer Intrusions Dr. John P. Abraham Professor UTPA.

13Computer Intrusions Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google