Presentation is loading. Please wait.

Presentation is loading. Please wait.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

Published byBathsheba Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter."— Presentation transcript:

1 BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter

2 Agenda Introductions Schedule Workshop Format The Attacker Methodology Penetration Testing Execution Standard (PTES) Pentester Job Requirements

3 Disclaimer Do not try this at home… without permission!

4 Introductions Name Company Position Previous Experience  Windows & Linux  Penetration Testing  BackTrack

5 Schedule Hours (9:00AM to 4:30PM)  10:20 to 10:30 - Break  11:00 to 12:30 – ISSA Chapter Meeting  2:45 to 3:00 - Break

6 Workshop Format Session Materials Practice Exercises Workshop Survey

7 The Hacker Methodology Information Gathering Vulnerability Assessment Exploitation Privilege Escalation Maintaining Access

8 Penetration Testing Execution Standard (PTES) Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting

9 Pentester Job Requirements System and application scanning using analysis tools Validate automated testing results Conduct manual analysis Evaluate and communicate risk Provide feedback and guidance Certifications (CEH, CISA, CISSP, OCSP)

10 Physical Security Most overlooked area of Information Security If you can touch it, you can p0wn it!

11 www.securitywizardry.com/radar.htm

12 Bookmarks VMware (vmware.com) BackTrack 5 R3 (backtrack-linux.org) Metasploitable (offensive-security.com) Web Security Dojo (mavensecurity.com) Pauldotcom (pauldotcom.com) OCSP (offensive-security.com) Katana (hackfromacave.com)

Download ppt "BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter."

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Presented by Heorot.net. Your instructor Course material Structure of the course Individual Penetration Test Effort (PTE)

Presented by Heorot.net. Your instructor Course material Structure of the course Individual Penetration Test Effort (PTE)
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
ETHICAL HACKING.

ETHICAL HACKING.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Module 2 – PenTest Overview

Module 2 – PenTest Overview
Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone 714.432.5949.

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.

Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Information System Security. Outline  Oracle Vulnerabilities  Oracle Security Assessment 2 Information System Security - Week 10.

Information System Security. Outline  Oracle Vulnerabilities  Oracle Security Assessment 2 Information System Security - Week 10.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
The Business of Penetration Testing

The Business of Penetration Testing

Similar presentations

Ads by Google