in trot open testing
Embed Size (px)
TRANSCRIPT
-
8/6/2019 In Trot Open Testing
1/18
Introduction To
Penetration Testing
Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC
http://pauldotcom.com
http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/ -
8/6/2019 In Trot Open Testing
2/18
Outline
Why should we perform assessments? Security Assessment classifications Future of security assessments
-
8/6/2019 In Trot Open Testing
3/18
Why Hack Yourself?
Security assessments helporganizations to:
Understand threats for better defense Determine risk to make informed IT
decisions
Test incident handling procedures,intrusion detection systems, and othersecurity
TSA is a good example
-
8/6/2019 In Trot Open Testing
4/18
Risk = Threat x Vulnerability
Risk is a function of the likelihood of a given threat-source's
exercising a particular potential vulnerability, and the resulting
impact of that adverse event on the organization.
-
8/6/2019 In Trot Open Testing
5/18
Assessment Classifications
Target Identification Portscanning Vulnerability Scanning Penetration Testing
Web Application Testing Client-Side Exploits Source Code Auditing
Ethical Hacking Components
-
8/6/2019 In Trot Open Testing
6/18
Target Identification
Local scans, use ARP Remote test, use common ports, be sneaky
RDP (!), SSH known_hosts, netstat, DNS Tools
Nmap - ARP scanning
nbtscan - NetBIOS scanner, fast! Cain & Abel - ARP Scanner
Superscan - Foundstone tool
-
8/6/2019 In Trot Open Testing
7/18
Portscanning
Find open ports on a host
Often includes service and OSfingerprinting Tools include Nmap & Nessus
PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X
Nmap In The Movies!
-
8/6/2019 In Trot Open Testing
8/18
-
8/6/2019 In Trot Open Testing
9/18
Vulnerability Scanning
Looks at the open port Determines the service running Performs more actions to determine if a
service contains known vulnerabilities
Tools include Nessus and other specialized
applications
IT Staff can perform this testing on
their own with inProtect
-
8/6/2019 In Trot Open Testing
10/18
Penetration Testing
Takes and identified port, associatedservice which contains vulnerabilities
Uses an exploit to gain unauthorizedaccess to the target system
Tools include Metasploit, CANVAS, &Core IMPACT
Used to find and compile random exploits
-
8/6/2019 In Trot Open Testing
11/18
Web Application Testing
Looks for vulnerabilities in webapplications on the web server
SQL Injection Remote File Include Cross-Site Scripting
Manipulate the applications to gainunauthorized access Commercial tools include AppScan
and WebInspect
-
8/6/2019 In Trot Open Testing
12/18
Client-Side Penetration
Testin Attempts to exploit applications on a users
desktop system
Sending email to the user with hopes theywill click a link or open an attachment Requires the users email address and a
server reachable from the clients Core IMPACT is able to automate this
testing
-
8/6/2019 In Trot Open Testing
13/18Fun to put images on users desktops!
-
8/6/2019 In Trot Open Testing
14/18
-
8/6/2019 In Trot Open Testing
15/18
Source Code Auditing
Analyze the source code of applications,looking for vulnerabilities Tools include DevInspect and Ounce
-
8/6/2019 In Trot Open Testing
16/18
Ethical Hacking
Information Gathering Social Engineering
Password Cracking (remote & local) War Dialing
Wireless (WifI, Bluetooth)
VoIP, Blackberry, Smartphones, etc...
-
8/6/2019 In Trot Open Testing
17/18
Future Tactics
Attacking mobile devices,printers, cameras, access points,
wireless routers
Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)
Assessments must always continue to help analyze risk!
-
8/6/2019 In Trot Open Testing
18/18
/* End */
Email: [email protected]
Web: http://pauldotcom.com -Podcast, Blog, Mailing List, IRCChannel, Wiki
http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/mailto:[email protected]:[email protected]