Offensive Security Part 1 Basics of Penetration Testing

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

Armitage and Metasploit Penetration Testing Lab
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Computer Security and Penetration Testing
Browser Exploitation Framework (BeEF) Lab
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
1 Computer Security: Protect your PC and Protect Yourself.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
The Microsoft Baseline Security Analyzer A practical look….
CIS 450 – Network Security Chapter 3 – Information Gathering.
MIS Week 1 Site:
MIS Week 4 Site:
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Penetration Testing 101 (Boot-camp)
P aul Asadoorian Founder & CEO, PaulDotCom Enterprises POST Exploitation Going Beyond The Happy Dance Carlos.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Retina Network Security Scanner
NetTech Solutions Protecting the Computer Lesson 10.
MIS Week 1 Site:
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
You can easily passed the GPEN Penetration tester exam by the help of exams4sure.com exams4sure.com Get Complete File From
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Tim Wostradowski, Ian Brophy, John Ang.  Project Conception  Developing the Idea  Refining the Method  Gathering the Data  From Data to Information.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Penetration Testing: Concepts,Attacks and Defence Stratagies
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT
The Linux Operating System
Backdoor Attacks.
Secure Software Confidentiality Integrity Data Security Authentication
Network Exploitation Tool
Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
Metasploit a one-stop hack shop
CIT 480: Securing Computer Systems
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Metasploit assignment
Everything You Need To Know About Penetration Testing.
Internet Security Submitted to Professor Mort Anvari
RECONNAISSANCE & ENUMERATION
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Penetration Testing & Network Defense
Presentation transcript:

Offensive Security Part 1 Basics of Penetration Testing Dennis (Linuz) Maldonado

About me Dennis Maldonado, AKA Linuz My Blog: http://kernelmeltdown.org/blog/ Tutorials/Walkthroughs News and Events Recordings/Powerpoints Twitter https://twitter.com/dennismald IRC irc.freenode.net -- #CougarCS Email dennis@kernelmeltdown.org

Definitions A vulnerability is a weakness in a computer system that an attacker can take advantage of. Vulnerability assessment is the act of identifying vulnerabilities for a specific computer or network. An exploit is the code that allows the attacker to take advantage of the vulnerability.

Definitions A payload is code or a program that runs after an exploit is successfully executed. A backdoor a method of bypassing normal authentication. A shell allows us to interface with a system, typically through a command line.

Vulnerability Assessment Scan the IP Address or Hostname of the victim to get the ports and services that are running. Identify whether these services are vulnerable Launch an exploit against the vulnerable services and send a payload.

Steps in a Penetration Test Information Gathering Information on the server Any web server? Nmap Vulnerability Identification Nmap version scans/OS scans Other scanning tools Exploitation Bruteforcing Remote Exploits Post Exploitation Reverse shells Persistence Anti-Forensics Etc…

Tools BackTrack Linux 5 R2/R3 – Our attacker machine Nmap Network Scanner – Used for identifying ports and services our victim is running Metasploit Framework – Used for exploiting, generating the payload, and establishing a session with our victim.

The Metasploit Project Metasploit is an open-source framework used for Security development and testing Information gathering and fingerprinting Exploitation/Penetration testing Payload generation and encoding Fuzzing And much more…

Steps in compromising Port Scan/Version scans Fingerprint / Open Ports Exploit + Payload Reverse Shell alpapacas

Demo/Workshop ...

How to secure yourself Set up a firewall Windows Firewall Comodo Personal Firewall Install and update your Anti-Virus Microsoft Security Essentials Nod32 Keep your system up to date Actually apply that flash update Be cautious Watch where you internet Don’t just download anything!

Want to learn more? Kernel Meltdown Blog Learn how to use Linux Download BackTrack Linux Learn networking and the tools Use the command line interface Online Resources Metasploit Unleashed (Metasploit Guide) Also check out some forums Security Tube Security Podcasts Security Now by Steve Gibson PaulDotCom Security Weekly Others… Come talk to me

Sources BackTrack-Linux The Metasploit Project Nmap http://www.backtrack-linux.org/ The Metasploit Project http://www.metasploit.com/ Nmap http://nmap.org/ Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/Main_Page Security Tube http://www.securitytube.net/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.