Mapping The Penetration Tester’s Mind 0 to Root in 60 Min #MappingThePenTestersMind 1.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Educating System Testers in Vulnerability Analysis: Laboratory Development and Deployment Leonardo A. Martucci, Hans Hedbom, Stefan Lindskog, and Simone.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
System Security Scanning and Discovery Chapter 14.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
APPLICATION SECURITY… WHAT’S THAT? AN INTRODUCTION TO APPLICATION SECURITY LEVEL 101.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
The Business of Penetration Testing
Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Website Hardening HUIT IT Security | Sep
0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.
Information Systems Security Computer System Life Cycle Security.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Honeypot and Intrusion Detection System
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
End-to-End Methodology. Testing Phases  Reconnaissance  Mapping  Discovery  Exploitation  Repeat…  Report.
VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.
IS Network and Telecommunications Risks Chapter Six.
Engineering Essential Characteristics Security Engineering Process Overview.
CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Risk (Vulnerability) Assessment & Penetration Test Approach 1VA PT Approach Confidential.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Computer Security By Duncan Hall.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
IT Audit and Penetration Testing What’s the difference and why should I care?
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
You can easily passed the GPEN Penetration tester exam by the help of exams4sure.com exams4sure.com Get Complete File From
CSCE 548 Secure Software Development Penetration Testing.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Defining your requirements for a successful security (and compliance
Information Systems Security
Topic 5 Penetration Testing 滲透測試
A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.
Security Testing Methods
Security Standard: “reasonable security”
Foot Printing / Scanning Tools Lect 4 – NETW 4006
Secure Software Confidentiality Integrity Data Security Authentication
Vulnerability Scanning with Credentials
Forensics Week 11.
Security Essentials for Small Businesses
Presentation transcript:

Mapping The Penetration Tester’s Mind 0 to Root in 60 Min #MappingThePenTestersMind 1

Methodology Introduction Technical Walkthrough of Testing Tools Further Learning Questions 2

Who is this guy in front of me?? 3 GOOD Question Background: Penetration Tester for 12 years Network Engineer for 13 years In IT for 15 years Regulatory Technology Tester 5 years Specializes in mobile technologies and communications Social Engineering Physical Security

4 Who is this guy in front of me?? Talks: NotACon Secure360 SecurityBSides Chicago Rochester Dallas-Fort Worth Los Angeles Las Vegas DeepSec SecTor ISSA / ISSACA Meetings Hacker Space Invitationals

5 Who is this guy in front of me?? Publications: “Mapping The Penetration Tester’s Mind: An Auditors Introduction to PenTesting” (Book) – Late 2012 “Mapping The Penetration Tester’s Mind: An Auditors Introduction To PenTesting” (Presentation) – 2012 “Mapping The Penetration Tester’s Mind: 0 to Root in 60 Min” “Weaponizing The Smartphone – Protecting Against The Perfect WMD” – 2011 “Weaponizing The Smartphone – Deploying The Perfect WMD” – 2011 “Don’t Bit The ARM That Feeds You – Integrating Mobile Technologies Securely Into Mature Security Programs” – 2011 “Bond Tech – I Want More Than Movie Props”

What is a penetration test? –A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. wikipedia INTRODUCTION 6

Penetration tests are valuable for several reasons: –Determining the feasibility of a particular set of attack vectors –Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence –Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software –Assessing the magnitude of potential business and operational impacts of successful attacks –Testing the ability of network defenders to successfully detect and respond to the attacks –Providing evidence to support increased investments in security personnel and technology Wikipedia INTRODUCTION 7

Testing Types –White Box Testing In penetration testing, white-box testing refers to a methodology where an ethical hacker has full knowledge of the system being attacked. The goal of a white-box penetration test is to simulate a malicious insider who has some knowledge and possibly basic credentials to the target system. –Black Box Testing In penetration testing, black-box testing refers to a methodology where an ethical hacker has no knowledge of the system being attacked. The goal of a black-box penetration test is to simulate an external hacking or cyber warfare attack. wikipedia INTRODUCTION 8

Methodology Introduction Mapping The PenTester’s Mind Tools Further Learning Questions 99

METHODOLOGY 10

Reconnaissance –Using non-intrusive methods to enumerate information about the network under test. DNS, Whois and Web searching are used. –Objective: To enumerate the target organization's “Internet Footprint”, which represents the sum of all active IP addresses and listening services and to identity potential vulnerabilities METHODOLOGY 11

Network Surveying & Vulnerability Scanning –This is the process of refining the target list produced during the passive reconnaissance phase by using more intrusive methods such as port scanning, service and OS fingerprinting, and vulnerability scanning. Nmap, Nexpose and other scanning tools are used. –Objective: To obtain visibility in the network; Determining which devices are targets and enumerating possible threats to the network. METHODOLOGY 12

Vulnerability Research & Verification –In this phase, a vulnerability scanner is run against the devices gathered in previous phases. –Objective: To take knowledge gathered in previous phases, check for known vulnerabilities and configuration error. –Objective: To obtain access to services and devices that are not available through configuration error and vulnerability exploitation. METHODOLOGY 13

Password Attacks –Services with authenticated logins are tested against a username and password list created in previous phases. –Objective: To verify password policies, best practices, and complexity requirements are in use and properly enforced. METHODOLOGY 14

Reporting and Analysis –In this phase, an analysis of the results found during the automated and manual aspects of the assessment. –Objective: To build a deliverable containing the greatest risks to the organization being testing. METHODOLOGY 15

Methodology Introduction Mapping The PenTester’s Mind Tools Further Learning Questions 16

TOOLS 17

Methodology Introduction Mapping The PenTester’s Mind Tools Further Learning Questions 18

Who should do the test? Mapping The PenTester’s Mind 19

20 Mapping The PenTester’s Mind Interview the vendor AND the Tester Experience Levels of the Tester –Free range –Enterprise class Know the data retention policy Create a relationship with your tester –they are your guide not only an employee or consultant

SOWs & SCOPE Mapping The PenTester’s Mind 21

The single most important thing to have when performing a penetration test is permission The second is a clear scope for your testing Then… –Identify any testing restrictions such as black outs or DoS attacks –Discuss real-time disclosures of immediate risks –Establish an emergency escalation process in the event the testing goes awry Before you begin… 22

Don’t assume that everyone is aware of your testing. Many times the proper staff is not notified of on- going testing until it is too late Be careful when impersonating real third party companies Verify IP typos during testing Get permission if you are going to poke a vulnerable box that is out of scope Watch out! 23

DISCOVER TARGETS Mapping The PenTester’s Mind 24

NMAP 25

Metasploit Scanning 26

Metasploit Scanning 27

VULNERABILITY ASSESSMENT Mapping The PenTester’s Mind 28

Nexpose Scanning 29

Nexpose Scanning 30

MAN IN THE MIDDLE Mapping The PenTester’s Mind 31

32 EXECUTE ARP POISON

EXPLOITATION 33 Mapping The PenTester’s Mind

Low Hanging Fruit Think outside the box Exploitation does not always require there to be a technical vulnerability Leverage the Human Factor Administrators want things to be easy to support 34 Mapping The PenTester’s Mind

MS

MS

37 Mapping The PenTester’s Mind

38 Mapping The PenTester’s Mind

CREDENTIAL AND HASH COLLECTION 39 Mapping The PenTester’s Mind

40 COLLECTING CREDENTIALS – HTTP/HTTPS

41 COLLECTING CREDENTIALS - SMB

42 Mapping The PenTester’s Mind

43 Mapping The PenTester’s Mind

44 Mapping The PenTester’s Mind

PASS-THE-HASH (NOT THAT KIND) 45 Mapping The PenTester’s Mind

46 Mapping The PenTester’s Mind

47 Mapping The PenTester’s Mind

48 Mapping The PenTester’s Mind

49 Mapping The PenTester’s Mind

50 PSEXEC WITH A LOCAL ACCOUNT HASH

51 PSEXEC WITH A LOCAL ACCOUNT HASH

52 CREATE LOCAL ADMINISTRATOR ACCOUNT

53 REMOTE DESKTOP VIA RAPID7 LOCAL ADMIN

LOCAL ADMIN… MEH, THAT’S NOT MY DOMAIN 54 Mapping The PenTester’s Mind

INCOGNITO 55 Mapping The PenTester’s Mind

56 Mapping The PenTester’s Mind

57 Mapping The PenTester’s Mind

58 Mapping The PenTester’s Mind

59 Mapping The PenTester’s Mind

60 Mapping The PenTester’s Mind

61 Mapping The PenTester’s Mind

62 Mapping The PenTester’s Mind

63 Mapping The PenTester’s Mind

64 Mapping The PenTester’s Mind

65 Mapping The PenTester’s Mind

66 Mapping The PenTester’s Mind

67 Mapping The PenTester’s Mind

PSEXEC 68 Mapping The PenTester’s Mind

69 PSEXEC WITH DOMAIN ADMIN ACCOUNT

70 SESSIONS CREATED WITH CREATED DOMAIN ADMIN

71 COMPLETE DOMAIN CONTROL

MY HARDWARE IS SAFE RIGHT?? 72 Mapping The PenTester’s Mind

73 NETWORK HARDWARE ACCESS – SSH SESSIONS

I trust ALL of my contractors… 74 LOCAL ACCESS

75 BOOT FROM USB

76 BOOT TO UNAUTHORIZED OS

77 MOUNT AND ACCESS LOCAL HARDDRIVE

78 REPLACE Sethc.exe

79 SYSTEM LEVEL CMD PROMPT ON LOGIN SCREEN

Methodology Introduction Tools Mapping The PenTester’s Mind Further Learning Questions

81 Further Learning security.com/metasploit-unleashed community.Rapid7.com SecurityBSides.com < WOOT WOOT!! Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni Local DC (DefCon) Groups & Meetings Local Hackerspaces

82 Mapping The PenTester’s Mind Taking a step by step approach makes the expansiveness of a network becomes very narrow and a single vulnerability can lead to a larger problem.

Methodology Introduction Tools Mapping The PenTester’s Mind Further Learning Questions 83

84 Questions? Kizz MyAnthia – Nick D. Senior Penetration Tester Website:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.