Presentation is loading. Please wait.

Presentation is loading. Please wait.

Friendly hacking Penetration testing vs. hacking Kamil Golombek Tel. +420 241 046 279.

Published byReynaldo Vipond Modified over 10 years ago

Similar presentations

Presentation on theme: "Friendly hacking Penetration testing vs. hacking Kamil Golombek Tel. +420 241 046 279."— Presentation transcript:

1 Friendly hacking Penetration testing vs. hacking Kamil Golombek kamil.golombek@bdo-it.com kamil.golombek@bdo-it.com Tel. +420 241 046 279

2

3

4

5

6

7

8 Personal experiences Definitions and dividing Similarities and differences Skills and mentality Methodology and tools Agenda

9 Definitions Penetration testing –tries to replicate a real attack –goes as deep as possible –its not comprehensive (doesnt enumerate all vulnerabilities –its usually but not always done from outside –its not just a combinations of several vulnerabilities scan tools reports –maybe not so strong, but very intelligent Vulnerability scanning –doesnt go as far as pentesting –but enumerate all possible known bugs and holes –not very intelligent but strong

10 Types of security tests NIST Computer Security Division : –network mapping (survey and scanning) –vulnerability scanning (network and host scanners) –penetration testing (blue / red team, manual work) –security tests & evaluation (finding mistakes in design...) –password cracking (e.g. can be used during pentests) –log review (system works as intended) –integrity checkers (implementation at start) –virus detection (old is none) –war dialing (rogue modems etc.)

11 Pros and cons of security tests TypeProsCons Network mappingVery quick and easyDoesnt find vulnerabilities, more often its the first phase of other tests. Vulnerability scanningQuite quick, many good automated tools, wide range Only known bugs, many false positives, doesnt go under cover Penetration testingHacker tools and methods, shows real danger, goes deeply. Very exhausting in time, skills and knowledge. Quite expensive.

12 Comparison Hacker vs. pen-tester Is pentesting a kind of black art? Who is the real hacker / pentester? Wanna be hackers / pentesters? Who is more dangerous? How can you find the real one?

13 Who is the real one? First – tier hackers Best programmers and experts. They have a deep understanding of IP protocols and used OS and programming languages. They are able to find new holes or vulnerabilities and to create their own code. They usually dont seek publicity, but they are known because many others use their hacking utilities. Second - tier hackers Have a technical skill level equivalent to system or network administrators. They usually know several OS, know how to use some exploits and have some knowledge of programming language. They are much more common than first – tier hackers and they often rely on them. Third –tier hacker (also script kiddies or lamers) Most populated but also the least respected group. The main principle they use is download and try. They usually dont understand consequences and because they often use untested scripts against real networks, they can cause big problems. Their knowledge about IT is usually quite low, but what they lack (or lose) in skills they gain in motivation, free time etc. If they are successful, they think they are elite.

14 Usual (or minimal?) level of pentester? Skills, knowledge and experience should be at least similar to the second tier hackers. If he (she?) is better, thats good but its more an exception than a rule. Plus –good reputation and no criminal record –patience and methodology (to find all holes, to document ongoing tests, etc.) –presentation skills (?) and ability to close discovered holes (if required)

15 Skills and mentality Good skills and knowledge are necessary but not sufficient conditions! You have to think like hacker but behave like professional! Go beyond limits and use of your knowledge in different way is an attitude!

16 Methodology and tools Before you begin... Classical phases of tests (hacks?) Obligations in execution of tests Basic categories of tools

17 Classical phases of tests General methodology (from outside) –Reconnaissance (get know as much as possible) –Vulnerability analysis (low hanging fruit, other ways) –Gaining access (trying of concrete attacks and methods, escalation of privileges) Basic phases of attack –Reconnaissance (IP, DNS, mail servers, organization info, etc) –Scanning (ports, services, SW, known vulnerabilities) –Gaining access (exploits, scripts, hacker tools...) –Maintaining access (Trojan horses – application, traditional, kernel) –Covering tracks (hiding in OS, cover channels, wiping audit logs)

18 Obligations in execution of tests Hacker –doesnt have to follow our test order –needs to find and use only one hole –can have some trouble with covering tracks Pen-tester –must have methodology to test as much as possible –except of having it he has to follow it too –tries to find theoretically all holes but can have problems to prove it

19 Basic categories of tools Reconnaissance War dialing OS and Application identification Network services testing Port scanning Vulnerability scanning NULL session tools Session manipulation FW, Router, ACL testing Forensic analysis Password cracking DoS Log review Packet forgery Sniffing IDS testing WWW testing..... some more.

20 Personal experiences Relatively low level of security awareness –95% of blue tests Impossible requirements on pentesters –within one afternoon –if you wont finish as a root, your test were bad Smart handling with test results –final report is just dust collector –its just a potential hole, you cant prove it –its not a complete manual how to do from my messy IS a COSMIC TOP SECRET system Bad inner communication in organization –security officer or manager makes an order of pentests, but sometimes forgets to announce it to the IT stuff of organization (diversion actions and aggressive attitude follow up very quickly)

21 Conclusion Do you need penetration tests? –Penetration testing is for organizations with a strong security program. –Dont waste your money with pentests if you even dont do regular vulnerability testing alone. Do we need pentesters? –Vulnerability scanning IS NOT a penetration testing –To be up-to-date with an underground is a full time job –No vulnerability scanner does hack you system! Is it important to know basics of security testing?

22 Hackem all!

Download ppt "Friendly hacking Penetration testing vs. hacking Kamil Golombek Tel. +420 241 046 279."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
ETHICAL HACKING.

ETHICAL HACKING.
Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP +1-410-544-3435.

Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use.

Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Similar presentations

Ads by Google