Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Test Debrief

Published byCurtis Lane Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Test Debrief"— Presentation transcript:

1 Penetration Test Debrief
Ted Vera & Mark Trynor November 30, 2010 Confidential and Proprietary Gamers First Information

2 Confidential and Proprietary Gamers First Information
Agenda Pen Test Review Recommendations NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

3 Confidential and Proprietary Gamers First Information
Overview During the test we enumerated 302 hosts running 1174 services on the target netblocks as discovered by nmap. Nessus identified 346 vulnerabilities broken out as follows: 3 High, 6 Medium, and the remainder Low severity. Of these, 0 were successfully compromised and 1 password was obtained (anonymous ftp server). NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

4 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 1 Kick-off Meeting Reviewed customer ROE Installed pen test tools on attack VMs Performed automated port and vulnerability scans against target systems NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

5 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 2 Started comprehensive Nessus scan against the target IP addresses. Nessus is a vulnerability-scanning program that targets remote access vulnerabilities, misconfigurations, default passwords, and utilizes mangled packets for possible Denial of Service (DoS) attacks. Identified one high-risk vulnerability and relayed information to Phil: Microsoft IIS WebDav ntdll.dll Remote Overflow (MS03-007) NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

6 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 3 Performed automated attacks against enumerated hosts/services using Metasploit with over 900 exploit modules. Completed brute-force attacks against open authentication services. Identified one anonymous ftp user account. Completed automated cross-site-scripting attacks against all http servers. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

7 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 3 Brute-force attacks against web login pages are currently underway. Rescanning ports based on Chris's findings.  Scanning is still underway. Performed manual custom XSS attacks against four HTTP servers. Performed automated cross-site scripting attacks using XSSer (Table 6. XSSer Output). Cross Site Scripting (XSS) allows code injection by bypassing web browser client-side security measures. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

8 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 4 Manually verified numerous Nessus false positives. Ran Nikto web application scanner. Nikto is a web application scanner that checks for over 9000 potentially dangerous files/CGIs, version specific problems, and server configuration issues. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

9 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 5 Day 5 of the test focused on manually validating false positives reported by automated tools, running automated attack tools, and performing custom exploit development and attacks. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

10 Confidential and Proprietary Gamers First Information
Pen Test Review: Day 6-10 Day 6-10 consisted of running intensive nmap port scan of target netblocks. Identified numerous additional ports/services and updated excel spreadsheet with results. Compiled final reports and presentation. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

11 Vulnerabilities: High Priority
Severity IP Description High Microsoft IIS WebDAV ntdll.dll Remote Overflow (MS03-007) Web Server Incomplete Basic Authentication DoS Unsupported Unix Operating System Confidential and Proprietary Gamers First Information

12 Vulnerabilities: Med Priority
Severity IP Description Medium Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS SWS Web Server Unfinished Line Remote DoS NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS Confidential and Proprietary Gamers First Information

13 Vulnerabilities: Med Priority
Severity IP Description Medium HTTP TRACE / TRACK Methods Allowed Web Server Uses Plain Text Authentication PHP Potential Information Disclosure Confidential and Proprietary Gamers First Information

14 Confidential and Proprietary Gamers First Information
Recommendations: Manually Verify Medium & High Severity Vulnerabilities Disable Unnecessary Services Enforce strong user passwords Ensure passwords at least 8 characters in length, use a combination of uppercase and lowercase letters (Aa–Zz), numbers (0–9), and symbols # $ % ^ & * ( ) _ + | ~ - = { } [ ] : ; < > ? , . /). To prevent injection attacks, do not allow passwords to use symbols \ (back slash) or ' ” (quotes). Patch Management  Install operating system and application patches in a timely manner. NOTE: All trademarks referenced in this presentation are property of their respective owners. Confidential and Proprietary Gamers First Information

Download ppt "Penetration Test Debrief"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report 2014 https://info.cenzic.com/2013-Application-Security-Trends-Report.html.

Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
1 Nessus - NASL Marmagna Desai [592- Project]. 2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing.

1 Nessus - NASL Marmagna Desai [592- Project]. 2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:

Similar presentations

Ads by Google