Presentation is loading. Please wait.

Presentation is loading. Please wait.

P aul Asadoorian Founder & CEO, PaulDotCom Enterprises POST Exploitation Going Beyond The Happy Dance Carlos.

Similar presentations


Presentation on theme: "P aul Asadoorian Founder & CEO, PaulDotCom Enterprises POST Exploitation Going Beyond The Happy Dance Carlos."— Presentation transcript:

1 P aul Asadoorian Founder & CEO, PaulDotCom Enterprises http://pauldotcom.com paul@pauldotcom.com POST Exploitation Going Beyond The Happy Dance Carlos Perez HP / PaulDotCom

2 http://pauldotcom.comJune 2010 Who am I? I had this really boring slide about who I am Then I realized that’s not really who I am What follows is the “Powerpoint” version of “a little about me”...

3 http://pauldotcom.comJune 2010 Podcast 2005 - Present ~ 200 episodes Awards, blah Thursdays 7PM EST

4 http://pauldotcom.comJune 2010 Hack Naked Why Hack Naked?

5 http://pauldotcom.comJune 2010 Beer

6 http://pauldotcom.comJune 2010 Computer Destruction

7 http://pauldotcom.comJune 2010 PaulDotCom John “Father John” Strand Paul “Salad Shooter” Asadoorian Larry “Dirty Uncle” Pesce Mick “Jr. Salad Shooter” Douglas Carlos “Dark0perator” Perez Mike “The Original Intern” Perez Darren “Girly Mustache” Wigley ? “Byte_Bucket” Mark Baggett

8 http://pauldotcom.comJune 2010 “Hail Nessus!” My day job: I work for Tenable Network Security as a “Product Evangelist” I use Tenable products and write blogs, publish podcasts, teach courses, and produce videos http://blog.tenablesecurity.com Hail Nessus !

9 http://pauldotcom.comJune 2010 I Hacked The Gibson Do the happy dance!

10 http://pauldotcom.comJune 2010 Hacking the Gibson is quite the accomplishment Congratulations, your penetration test has begun Like sex, the importance is on what happens after you get in

11 http://pauldotcom.comJune 2010 “POST-Exploitation” This is actually a really bad term as it doesn’t accurately describe the process The process begins with a penetration tester, or attacker, getting shell or remote command execution on the system From there, there are several things that must be done in order to make it worth your while and your clients money!

12 http://pauldotcom.comJune 2010 STOP! Some say they don’t need to exploit anything They also say they don’t need you to go further In general, these are the exceptions and likley have an advanced and well-defined security program In every test, you should tell you client something they didn’t know about their network

13 http://pauldotcom.comJune 2010 Categories Local Enumeration Network Enumeration Privilege Escelation Pivoting MiTM Attacks Hiding & Covering Your Tracks

14 http://pauldotcom.comJune 2010 Focus We will focus on the local and network enumeration Automation in this space needs some work This is where Carlos comes in :)

15 http://pauldotcom.comJune 2010 Local Enumeration Accounts & Passwords List defenses - Firewall, A/V, etc.. General System Information - Screen capture, video screen capture - Open ports, file shares, running processes - Registry / configuration data - Device data - Mic, webcam, USB, Wireless

16 http://pauldotcom.comJune 2010 The Trick Being able to do this across multiple platforms Windows - Has great coverage, especially in Metasploit thanks to Carlos Linux - Not too much exists to automate OS X - Seems to want to behave differently thank Linux/UNIX - Each release changes the commands!

17 http://pauldotcom.comJune 2010 Local Enum - Manual Without advanced Cylon technology, the following is still done manually: - Go through file system and shares look for good stuff - Backup files, configuration files, clear-text password files

18 http://pauldotcom.comJune 2010 Re-Configure The System Change settings - DNS, hosts file Disable defenses - Drop shields, disable anti- virus Add file shares Add access methods (RDP, VNC, Telnet)

19 http://pauldotcom.comJune 2010 Network Enumeration Packet sniffing Port scanning

20 http://pauldotcom.comJune 2010 Windows Enumeration Examples

21 http://pauldotcom.comJune 2010 Linux Enumeration Examples

22 http://pauldotcom.comJune 2010 OS X Enumeration Examples

23 http://pauldotcom.comJune 2010 Don’t Forget: http://www.securityfail.com http://www.securityfail.com Presentations: http://pauldotcom.com/presentations.html http://pauldotcom.com/presentations.html Radio: http://pauldotcom.com/radiohttp://pauldotcom.com/radio Live Stream: http://pauldotcom.com/livehttp://pauldotcom.com/live Forum: http://forum.pauldotcom.com/http://forum.pauldotcom.com/ Mailing List: http://mail.pauldotcom.comhttp://mail.pauldotcom.com Webcasts: http://pauldotcom.com/webcastshttp://pauldotcom.com/webcasts Insider: http://pauldotcom.com/insiderhttp://pauldotcom.com/insider Email: psw@pauldotcom.compsw@pauldotcom.com


Download ppt "P aul Asadoorian Founder & CEO, PaulDotCom Enterprises POST Exploitation Going Beyond The Happy Dance Carlos."

Similar presentations


Ads by Google