Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Published byJunior Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by."— Presentation transcript:

1 Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by

2 Presentation to insert name here 2 Hacking Systems Financial gain Commercial secrets Credit card information Political motivations To discredit individuals Cause personal harm Lulz….

3 Presentation to insert name here 3 Hacking Systems Weapons – Stuxnet – Flame 0 day vulnerabilities Expensive cryptographic attacks Weaponised modules

4 Presentation to insert name here 4 Methodology Network/Host Mapping Service Identification Vulnerability Identification Vulnerability exploitation Privilege Escalation Maintaining Access Clearing Logs Recording actions!

5 Presentation to insert name here 5 Host Mapping - Port Scanning

6 Presentation to insert name here 6 Port Scanning Demo Basic syn scan – of a default Windows XP build nmap –sSU –A –oA winxp 192.168.0.99 -sSU Use TCP SYN scan and UDP scan -APerform all tests -oA winxpOutput multiple files

7 Presentation to insert name here 7 Vulnerability Scanners - Nessus Venerable Nessus! Bad Nessus! Still a damn good tool Free

8 Presentation to insert name here 8 Exploitation! Excitement! Risk! …. Danger! Who owns this box? Do you have permission (shouldn’t have been scanning it) Will they be really upset if you break it?

9 Service Exploitation Services available on Internet Or internally Research service Poke it Can you log onto in? Love default passwords :) What will it give you? – VOIP phone with default password and access to memory

10 Example Services SMB – Server Message Block – Protocol for application communication – Authentication mechanisms – Windows – Win2K – 'null' user allows access to entire username directory

11 Example Services Veritas Netbackup – TCP port 10000, NDMP – File backup and backup agent management – Vulnerability allows download of any file from Windows system – Another overflows buffers and allows code execution

12 Buffer Overflows

13 Shell Code

14 Reverse Shell Shell code executes TCP connection back Starts local shell process Redirects input and output streams over TCP Attacker gains command prompt Under the account of the vulnerable process Meterpreter Shell Powerful tool Launch further attacks Pivot to other systems

15 Privilege Escalation Determine current priviledge level Add user? Exploit further? Professional hackers only need go so far…

16 Reporting Reporting carried out whilst testing Both technical details and executive summary

17 Vulnerability Ratings Impact – What is the possible damage that could be done? Exploitability – How easy is it to attack and realise the impact? – How much knowledge is required? – Are there public exploits? Risk Rating – Combination of Impact and Exploitability – High impact but low exploitability = low(er) risk – Many algorithms

18 Metasploit Express

Download ppt "Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Computer Security Fundamentals

Computer Security Fundamentals
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google