Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pen testing to ensure your security

Published byEdmund Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Pen testing to ensure your security"— Presentation transcript:

1 Pen testing to ensure your security
Kali Linux Pen testing to ensure your security

2 Penetration Testing Execution Standard (PTES)
There are 7 stages of pen testing using the PTES. I Pre-engagement Intelligence gathering Threat Modeling Vulnerability analysis Exploitation Post-Exploitation Reporting Penetration Testing: The art of ethical hacking to find and fix vulnerabilities.

3 The pre-engagement phase is a very important part of the Penetration test.
Neglecting to properly complete pre-engagement activities could potentially open the penetration tester to a number of issues including legal issues. The objective of pre-engagement phase is to hash out the details of the testing, such as scope, priorities, how, what and when will the agreed upon systems be tested. Pre-engagment phase

4 Information gathering
Intelligence gathering is performing reconnaissance against a target. There are different levels of information gathering Level 1: compliance driven. Level 2: Best practice – using automated tools to find physical location Level 3: Think state sponsored ;) More advanced pen testing. Information gathering

5 Threat modeling is when you gather relevant documentation
Identify primary and secondary assets. Identify threats and categorize threats and threat communities. Map the threats Threat Modeling

6 Vulnerability Analysis
Vulnerability testing is the process of discovering flaws in systems and applications which can be leveraged by an attacker. Flaws can range from host and service misconfiguration to insecure design. Vulnerability Analysis

7 The exploitation phase of penetration focuses solely on establishing access to a system or resource by bypassing security restrictions. This should be completed successfully if the vulnerability analysis was properly completed. Exploitation

8 The purpose of post exploitation is to determine the value of the asset compromised and maintain control for later use. Post Exploitation

9 Reporting is typically broken down into two major sections in order to communicate the objectives, methods, and results of the testing conducted to various audiences. Various reporting templates can be used. One of the most important parts of the report is risk and ranking of vulnerabilities. Reporting

10 Kali Linux is a Debian-dervived Linux distribution specifically designed for penetration testing and digital forensics, it is a complete rebuild of backtrack. Kali Linux comprises of more than 300 penetration tools that can be used advanced professionals for corporate security needs, it can also be used by new users individuals for personal network/computer security. What is Kali

11 Who made Kali? Can it be trusted?
It is maintained and financed by Offensive Security. Offensive security offers certifications in Kali Linux which are held in high regard within the security community. Kali Linux is developed in a secure environment, who use secure protocols. Pen testers often need to do wireless assessments, Kali has the latest injection patches installed. ALL Kali Linux packages are GPG signed by each individual developer who built and committed packages to the repositories. Who made Kali? Can it be trusted?

12 Why use Kali Linux Kali Linux is FREE it will always be free!!
Kali Linux has more than 300 penetration testing tools; it is not a one trick pony. Kali Linux is customizable! Right down to the kernel Kali Linux has a robust ARM support, this makes it flexible in being able to install and run on devices such as raspberry pi, Galaxy note, and odroid u2/x2 Last and most certainly not least! It’s pretty awesome! Why use Kali Linux

13 In today’s ever connected world security breaches cost companies millions, and consumers their privacy through Identity theft. It is everyone’s responsibility to be vigilant about security not just security professionals. Kali Linux is a suite of security tools that can be utilized by professionals in corporate environments, as well as personal use for those proactive in cyber security. So What?

14 I’ve used Kali to exploit a faux corporations
I’ve used Kali to exploit a faux corporations. I use a fully exploitable image containing SQL-Injection vulnerabilities, Web Application Vulnerabilities CGI-BIN File traversal and UNIX Buffer overflow vulnerability. I apply the 7 stages of penetration testing to find, exploit, fix and report using Kali Linux. The image was provided in a Deterlab environment. Denise’s research

15 What I focused on in my Paper, and why Pen testing is so important
When using Kali make sure to demonstrate and document. My tool for finding, exploiting and documenting as if I were in a real corporate environment is Kali Linux. The main vulnerabilities I will focus on are Buffer overflow – Kali offers reverse engineering suite which I will use for this vulnerability. File traversal – I use different tools withhin Kali Linux for the file traversal; finding, exploiting, documenting. SQL Injection – finding the sql injection, I will also demonstrate transferring money to a moc account. What I focused on in my Paper, and why Pen testing is so important

16 Ali, S. Kali Linux: Assuring Security by Penetration Testing. S. l
Ali, S. Kali Linux: Assuring Security by Penetration Testing. S.l.: Packt Limited, Print. Beggs, R. Mastering Kali Linux for Advanced Penetration Testing. S.I: Packt Limited, 2014. "Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. Web. 11 Dec "Kali Linux." BlackMORE Ops. N.p., n.d. Web. 12 Dec "Behind the App: The Story of Kali Linux." Lifehacker. N.p., n.d. Web. 12 Dec References

Download ppt "Pen testing to ensure your security"

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
ETHICAL HACKING.

ETHICAL HACKING.
Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP +1-410-544-3435.

Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
The Business of Penetration Testing

The Business of Penetration Testing
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

Similar presentations

Ads by Google