in trot open testing

of 18 /18
Introduction To Penetr ation T es ti ng Paul Asadoorian, GCIA, GCIH PaulDotCom Enterprises, LLC http://pauldotcom.com

Author: hashmatulla-amiri

Post on 07-Apr-2018

221 views

Category:

Documents


0 download

Embed Size (px)

TRANSCRIPT

  • 8/6/2019 In Trot Open Testing

    1/18

    Introduction To

    Penetration Testing

    Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC

    http://pauldotcom.com

    http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/
  • 8/6/2019 In Trot Open Testing

    2/18

    Outline

    Why should we perform assessments? Security Assessment classifications Future of security assessments

  • 8/6/2019 In Trot Open Testing

    3/18

    Why Hack Yourself?

    Security assessments helporganizations to:

    Understand threats for better defense Determine risk to make informed IT

    decisions

    Test incident handling procedures,intrusion detection systems, and othersecurity

    TSA is a good example

  • 8/6/2019 In Trot Open Testing

    4/18

    Risk = Threat x Vulnerability

    Risk is a function of the likelihood of a given threat-source's

    exercising a particular potential vulnerability, and the resulting

    impact of that adverse event on the organization.

  • 8/6/2019 In Trot Open Testing

    5/18

    Assessment Classifications

    Target Identification Portscanning Vulnerability Scanning Penetration Testing

    Web Application Testing Client-Side Exploits Source Code Auditing

    Ethical Hacking Components

  • 8/6/2019 In Trot Open Testing

    6/18

    Target Identification

    Local scans, use ARP Remote test, use common ports, be sneaky

    RDP (!), SSH known_hosts, netstat, DNS Tools

    Nmap - ARP scanning

    nbtscan - NetBIOS scanner, fast! Cain & Abel - ARP Scanner

    Superscan - Foundstone tool

  • 8/6/2019 In Trot Open Testing

    7/18

    Portscanning

    Find open ports on a host

    Often includes service and OSfingerprinting Tools include Nmap & Nessus

    PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X

    Nmap In The Movies!

  • 8/6/2019 In Trot Open Testing

    8/18

  • 8/6/2019 In Trot Open Testing

    9/18

    Vulnerability Scanning

    Looks at the open port Determines the service running Performs more actions to determine if a

    service contains known vulnerabilities

    Tools include Nessus and other specialized

    applications

    IT Staff can perform this testing on

    their own with inProtect

  • 8/6/2019 In Trot Open Testing

    10/18

    Penetration Testing

    Takes and identified port, associatedservice which contains vulnerabilities

    Uses an exploit to gain unauthorizedaccess to the target system

    Tools include Metasploit, CANVAS, &Core IMPACT

    Used to find and compile random exploits

  • 8/6/2019 In Trot Open Testing

    11/18

    Web Application Testing

    Looks for vulnerabilities in webapplications on the web server

    SQL Injection Remote File Include Cross-Site Scripting

    Manipulate the applications to gainunauthorized access Commercial tools include AppScan

    and WebInspect

  • 8/6/2019 In Trot Open Testing

    12/18

    Client-Side Penetration

    Testin Attempts to exploit applications on a users

    desktop system

    Sending email to the user with hopes theywill click a link or open an attachment Requires the users email address and a

    server reachable from the clients Core IMPACT is able to automate this

    testing

  • 8/6/2019 In Trot Open Testing

    13/18Fun to put images on users desktops!

  • 8/6/2019 In Trot Open Testing

    14/18

  • 8/6/2019 In Trot Open Testing

    15/18

    Source Code Auditing

    Analyze the source code of applications,looking for vulnerabilities Tools include DevInspect and Ounce

  • 8/6/2019 In Trot Open Testing

    16/18

    Ethical Hacking

    Information Gathering Social Engineering

    Password Cracking (remote & local) War Dialing

    Wireless (WifI, Bluetooth)

    VoIP, Blackberry, Smartphones, etc...

  • 8/6/2019 In Trot Open Testing

    17/18

    Future Tactics

    Attacking mobile devices,printers, cameras, access points,

    wireless routers

    Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)

    Assessments must always continue to help analyze risk!

  • 8/6/2019 In Trot Open Testing

    18/18

    /* End */

    Email: [email protected]

    Web: http://pauldotcom.com -Podcast, Blog, Mailing List, IRCChannel, Wiki

    http://pauldotcom.com/http://pauldotcom.com/http://pauldotcom.com/mailto:[email protected]:[email protected]