Zentyal community summit 2012

Zentyal summit Zaragoza Oct. 4&5, 2012

PENTRATION TESTING ZENTYAL NETWORKS

MUSSA KHONJE

Angoni Computer Security Labs ltd

ACSLabs

Mussa Khonje
wildfirelab@gmail.com
www.cehlab.com

Linux small business server

Born in East Africa Malawi and joined British Forces Army in year 2000 served most of the time with NATO HQ Germany as Group 6 Information System Engineer until 2009 .Currenty studing at Staffordshire Universty BSc in Cyber Security and Digital Forensic

WHY PENTEST NETWORK ?

Protect bussines Asset

Protect bussiness integrity

Protecting bussiness service avalability

Complant with ISO standard

Protecting shareholders and public confidence

HOW IS PENTEST CONDUCTED

Contract Signed Autholise PENTEST

Contract might explicity NO DDOS, DOS imagine if PENTEST EBAY will they afford server down time.

Redteam goes to work

PENTEST ZENTYAL NETWORK

Stages used to conduct Pentest

Reconassance [ Finding more about the target]

Scanning [ Services offered by the target]

Gain Access [ Gain privilage to the target]

Maintain Access [Install a backdoor]

Cover Tracks [ Erase traces of being in the computer [Event Logs,Registry Edit]

Make the victim into a zombe to be used in attack of other computers in the network

HACKERS OS

Backtrack 5r3 comes with 300 + tools to be used in Pentration Testing and Digital Forensic

Popular program used in Pentest if Metasploit framework

TOOLS USED IN PENTEST

Nmap latest version is 6.01

Nessus Vulnability Scanner

Metasploit Attacking Framework

DEMONSTRATION RAPID ATTACK USING MSF

DEMO HACK WINBOX

This is showing tools of pentration testing how their are used and how MSF works .

ANY QUESTIONS

Linux small business server