in trot open testing

8/6/2019 In Trot Open Testing

http://slidepdf.com/reader/full/in-trot-open-testing 1/18

Introduction To

Penetration Testing

Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC

http://pauldotcom.com

http://pauldotcom.com/






Outline

• Why should we perform assessments?

• Security Assessment classifications

• Future of security assessments



Why Hack Yourself?

• Security assessments helporganizations to:

• Understand threats for better defense

• Determine risk to make informed ITdecisions

• Test incident handling procedures,intrusion detection systems, and othersecurity

•TSA is a good example



Risk = Threat x Vulnerability

“Risk is a function of the likelihood of a given threat-source's

exercising a particular potential vulnerability, and the resulting

impact of that adverse event on the organization.”



Assessment Classifications

• Target Identification

• Portscanning

• Vulnerability Scanning

• Penetration Testing

• Web Application Testing• Client-Side Exploits

• Source Code Auditing

• “Ethical Hacking” Components



Target Identification

• Local scans, use ARP

• Remote test, use common ports, be sneaky

• RDP (!), SSH known_hosts, netstat, DNS

• Tools

• Nmap - ARP scanning

• nbtscan - NetBIOS scanner, fast!

• Cain & Abel - ARP Scanner

•Superscan - Foundstone tool



Portscanning

• Find open ports on a host

• Often includes service and OSfingerprinting

• Tools include Nmap & Nessus

PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X

Nmap In The Movies!



Vulnerability Scanning

• Looks at the open port

• Determines the service running

• Performs more actions to determine if aservice contains known vulnerabilities

•Tools include Nessus and other specialized

applications

IT Staff can perform this testing on

their own with inProtect



Penetration Testing

• Takes and identified port, associatedservice which contains vulnerabilities

• Uses an exploit to gain unauthorizedaccess to the target system

•Tools include Metasploit, CANVAS, &Core IMPACT

• Used to find and compile random exploits



Web Application Testing

• Looks for vulnerabilities in webapplications on the web server

• SQL Injection• Remote File Include

• Cross-Site Scripting

• Manipulate the applications to gainunauthorized access

• Commercial tools include AppScanand WebInspect



Client-Side Penetration

Testin• Attempts to exploit applications on a users

desktop system

• Sending email to the user with hopes theywill click a link or open an attachment

• Requires the users email address and a

server reachable from the clients• Core IMPACT is able to automate this

testing


http://slidepdf.com/reader/full/in-trot-open-testing 13/18Fun to put images on user’s desktops!



Source Code Auditing

• Analyze the source code of applications,looking for vulnerabilities

• Tools include DevInspect and Ounce



Ethical Hacking

• Information Gathering

• Social Engineering

• Password Cracking (remote & local)

• War Dialing

•Wireless (WifI, Bluetooth)

• VoIP, Blackberry, Smartphones, etc...



Future Tactics

• Attacking mobile devices,printers, cameras, access points,

wireless routers

• Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)

Assessments must always continue to help analyze risk!



/* End */

•Email: [email protected]

• Web: http://pauldotcom.com -Podcast, Blog, Mailing List, IRCChannel, Wiki




mailto:[email protected]

mailto:[email protected]

in trot open testing

Documents