Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 480: Securing Computer Systems

Published byErnest Green Modified over 5 years ago

Similar presentations

Presentation on theme: "CIT 480: Securing Computer Systems"— Presentation transcript:

1 CIT 480: Securing Computer Systems
Vulnerability Scanning and Exploitation Frameworks CIT 480: Securing Computer Systems

2 Vulnerability Scanners
Vulnerability scanners are automated tools that scan hosts and networks for potential vulnerabilities, including Configuration errors Known unpatched vulnerabilities CIT 480: Securing Computer Systems

3 Vulnerability Databases

4 CIT 480: Securing Computer Systems
Advantages Vulnerability scanners can identify thousands of potential security issues. Automatically and quickly. On a regular basis, to ensure no systems have become vulnerable. Can identify problems missed by or misconfigured by administrators. Lets security know where problems exist. Essential part of defense in depth. CIT 480: Securing Computer Systems

5 CIT 480: Securing Computer Systems
Drawbacks Results only as good as vulnerability database. Must keep vulnerability db up to date. Some reported vulnerabilities are false positives. Must check for existence of actual vulnerability. Configure scanner to ignore false +s in future scans. Human threats are better than scanner Can use zero day vulnerabilities not found in db. Can find misconfigurations or combinations of security problems that lead to vulnerabilities that scanner cannot find. CIT 480: Securing Computer Systems

6 Vulnerability Scanners
CIT 480: Securing Computer Systems

7 CIT 480: Securing Computer Systems
OpenVAS Architecture CIT 480: Securing Computer Systems

8 OpenVAS In-progress Scans
CIT 480: Securing Computer Systems

9 OpenVAS Vulnerability Report
CIT 480: Securing Computer Systems

10 Exploitation Frameworks
Exploitation frameworks allow users to Choose and configure an exploit from a database of exploits. Launch exploits on specified targets to verify whether a vulnerability is present or not. Useful for Verifying vulnerability scanner results. Performing penetration tests. Convincing management that a problem exists. CIT 480: Securing Computer Systems

11 Exploitation Frameworks
CIT 480: Securing Computer Systems

12 Metasploit Architecture

13 Metasploit Interfaces
msfconsole Interactive command line interface. msfcli Non-interactive command line interface. msfcli windows/smb/ms08_067_netapi RHOST= PAYLOAD=windows/shell/bind_tcp Armitage Interactive graphical interface. CIT 480: Securing Computer Systems

14 Exploit Configuration
OS and Application Version Variants of exploit may need to be chosen. Target selection IP address and port Payload selection Select shellcode type, e.g. shell or desktop. Encoding Encoding of exploit avoids IPS or AV detection. CIT 480: Securing Computer Systems

15 CIT 480: Securing Computer Systems
Payloads Bind Shell Open a port on the exploited host offering a shell with no password required. Reverse Shell Target makes connection back to listening port on one of your servers, offering a shell. Remote Desktop Remote desktop using RDP, VNC, NX, or X. Meterpreter Advanced payload with post-exploitation modules, including key logging, sniffing, hash dumping, etc. CIT 480: Securing Computer Systems

16 CIT 480: Securing Computer Systems
Key Points Vulnerability scanners Automatically scan network to find vulnerabilities based on vulnerability database. Results only as good as vulnerability database. Human attackers are better than scanners, so a clean scan doesn’t indicate perfect security. Exploitation frameworks Verify vulnerability scanner results. Assist in penetration testing. CIT 480: Securing Computer Systems

17 CIT 480: Securing Computer Systems
References David Kennedy et. Al., Metasploit: The Penetration Tester’s Guide, No Starch Press, 2011. CIT 480: Securing Computer Systems

Download ppt "CIT 480: Securing Computer Systems"

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Port Scanning.

Port Scanning.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System

Similar presentations

Ads by Google