Download - WTF is Penetration Testing
WTF IS PENETRATION TESTING? AN OVERVIEW OF WHO, WHAT, WHERE, WHEN, AND WHY
AKHIL..
Presentation Overview
• WHAT IS A “PEN TEST”?
• WHY DO COMPANIES “PEN TEST”?
• WHO DOES “PEN TESTING”?
• WHAT SKILLS ARE REQUIRED?
‒ NON TECHNICAL SKILLSET
‒ BASIC TECHNICAL SKILLSET
‒ OFFENSIVE AND DEFENSIVE KNOWLEDGE
• WHAT ARE SOME COMMON TOOLS?
• PEN TESTING AS A CAREER• ATTACK DEMO: SQL INJECT WORLD
• QUESTIONS
What is Penetration Testing?
Our Definition:
“The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities from
the perspective of an unprivileged or anonymous user to determine the real-world impact…”
“…legally and under contract”
Why do Companies Pen Test?•
Compliance Requirements
Validate Existing Controls
Identify Unknown Security Gaps
Prioritize Existing Security Initiatives
Prevent Data Breaches
Test IDS / IPS / IRP
What are the Technical Objectives?
Client specific objectives first
Identify and verify all entry points
Identify critical escalation points
Gain unauthorized access to:
‒ Application functionality
‒ Critical systems
‒ Sensitive data
Assessment VS. Penetration• :
Vulnerability Assessment and Penetration Testing Answer:
- What are my system layer vulnerabilities?
‒ Where are my system layer vulnerabilities?
‒ How wide spread are my system layer vulnerabilities?
‒ Can I identify attacks?
‒ How do I fix my vulnerabilities?
Assessment VS. Penetration
Penetration Testing Answers:
‒ What are my high impact network layer issues?
‒ What are my high impact application layer issues?
‒ Can an attacker gain unauthorized access to:
• critical infrastructure that provides privileged access or cause service disruptions
• critical application functionality that the business depends on
• sensitive data that the business would be required to report on if a breach occurs
‒ Can an attacker bypass our IPS / WAF?‒ Can an attacker pivot from environment A to environment B?
Common Penetration Test Approach
• Kickoff: Scope, cost, testing windows, risks etc
• Information Gathering
• Vulnerability Enumeration
• Penetration
• Escalation
• Evidence Gathering (Pilfering)
• Clean up
• Report Creation
• Report Delivery and Review
• Remediation
Rules of Engagement
Have fun, but…Hack Responsibly!
Written permission
Stay in scope
No DoS
Don’t change major state
Restore state
Clear communication
What Skills are Needed?
Non Technical
Basic Technical
Offensive
Defensive
Common Tools
Non Technical SkillsetWritten and Verbal Communications
Emails/phone calls
Report development
Small and large group presentations
Professionalism
Respecting others, setting, and meeting expectations
Troubleshooting Mindset
Never give up, never surrender
Where there is a will, there is a way
Ethics
Don’t do bad things
Pros (career) vs. Cons (jail)
Hack responsibly
Basic Technical Skillset
Windows Desktop Administration
Windows Domain Administration
Linux and Unix Administration
Network Infrastructure Administration
Application Development
Scripting (Ruby, Python, PHP, Bash, PS, Batch)
Managed languages (.Net, Java, Davlik)
Unmanaged languages (C, C++)
Offensive and Defensive Knowledge
System enumeration and service fingerprinting
Linux system exploitation and escalation
Windows system exploitation and escalation
Network system exploitation and escalation
Protocol exploitation
Web application exploitation (OWASP)
Reverse engineering client-server applications + AV Evasion
Social engineering techniques (onsite, phone, email)
Common Tools• Knowledge > Tools
Understand the core technologies
Understand the core offensive techniques
Understand the core defensive techniques
Network Penetration Testing
BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS,NEXPOSE, WCE, MIMIKATZ, AirCrack-ng,METASPLOIT… and NATIVE TOOLS!
Application Penetration Testing
BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQLNinja, and BEEF…. and
commercial tools
Pen Testing as a Career:
Common Paths
Internal Paths
Help Desk
IT Support
IT Admin
Security Analyst
Senior Security Analyst
Internal Consultant
CISO
Security Consulting Paths
Internship
Consultant•
Senior Consultant
Principle Consultant
Team Lead
Director Security
>Consultants often
end up in malware
research or exploit
development, but
some go corporate.
>Internal employees
often stay internal.
BE SAFE and HACK RESPONSIBLY
Questions,comments, curses?