in trot open testing

of 18 /18
Introduction To Penetr ation T es ti ng Paul Asadoorian, GCIA, GCIH PaulDotCom Enterprises, LLC

Author: hashmatulla-amiri

Post on 07-Apr-2018




0 download

Embed Size (px)


  • 8/6/2019 In Trot Open Testing


    Introduction To

    Penetration Testing

    Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC
  • 8/6/2019 In Trot Open Testing



    Why should we perform assessments? Security Assessment classifications Future of security assessments

  • 8/6/2019 In Trot Open Testing


    Why Hack Yourself?

    Security assessments helporganizations to:

    Understand threats for better defense Determine risk to make informed IT


    Test incident handling procedures,intrusion detection systems, and othersecurity

    TSA is a good example

  • 8/6/2019 In Trot Open Testing


    Risk = Threat x Vulnerability

    Risk is a function of the likelihood of a given threat-source's

    exercising a particular potential vulnerability, and the resulting

    impact of that adverse event on the organization.

  • 8/6/2019 In Trot Open Testing


    Assessment Classifications

    Target Identification Portscanning Vulnerability Scanning Penetration Testing

    Web Application Testing Client-Side Exploits Source Code Auditing

    Ethical Hacking Components

  • 8/6/2019 In Trot Open Testing


    Target Identification

    Local scans, use ARP Remote test, use common ports, be sneaky

    RDP (!), SSH known_hosts, netstat, DNS Tools

    Nmap - ARP scanning

    nbtscan - NetBIOS scanner, fast! Cain & Abel - ARP Scanner

    Superscan - Foundstone tool

  • 8/6/2019 In Trot Open Testing



    Find open ports on a host

    Often includes service and OSfingerprinting Tools include Nmap & Nessus

    PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X

    Nmap In The Movies!

  • 8/6/2019 In Trot Open Testing


  • 8/6/2019 In Trot Open Testing


    Vulnerability Scanning

    Looks at the open port Determines the service running Performs more actions to determine if a

    service contains known vulnerabilities

    Tools include Nessus and other specialized


    IT Staff can perform this testing on

    their own with inProtect

  • 8/6/2019 In Trot Open Testing


    Penetration Testing

    Takes and identified port, associatedservice which contains vulnerabilities

    Uses an exploit to gain unauthorizedaccess to the target system

    Tools include Metasploit, CANVAS, &Core IMPACT

    Used to find and compile random exploits

  • 8/6/2019 In Trot Open Testing


    Web Application Testing

    Looks for vulnerabilities in webapplications on the web server

    SQL Injection Remote File Include Cross-Site Scripting

    Manipulate the applications to gainunauthorized access Commercial tools include AppScan

    and WebInspect

  • 8/6/2019 In Trot Open Testing


    Client-Side Penetration

    Testin Attempts to exploit applications on a users

    desktop system

    Sending email to the user with hopes theywill click a link or open an attachment Requires the users email address and a

    server reachable from the clients Core IMPACT is able to automate this


  • 8/6/2019 In Trot Open Testing

    13/18Fun to put images on users desktops!

  • 8/6/2019 In Trot Open Testing


  • 8/6/2019 In Trot Open Testing


    Source Code Auditing

    Analyze the source code of applications,looking for vulnerabilities Tools include DevInspect and Ounce

  • 8/6/2019 In Trot Open Testing


    Ethical Hacking

    Information Gathering Social Engineering

    Password Cracking (remote & local) War Dialing

    Wireless (WifI, Bluetooth)

    VoIP, Blackberry, Smartphones, etc...

  • 8/6/2019 In Trot Open Testing


    Future Tactics

    Attacking mobile devices,printers, cameras, access points,

    wireless routers

    Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)

    Assessments must always continue to help analyze risk!

  • 8/6/2019 In Trot Open Testing


    /* End */

    Email: [email protected]

    Web: -Podcast, Blog, Mailing List, IRCChannel, Wiki[email protected]:[email protected]