pentration testing zentyal networks
TRANSCRIPT
Zentyal community summit 2012
Zentyal summit Zaragoza Oct. 4&5, 2012
PENTRATION TESTING ZENTYAL NETWORKS
MUSSA KHONJE
Angoni Computer Security Labs ltd
ACSLabs
Mussa Khonje
[email protected]
www.cehlab.com
Linux small business server
Born in East Africa Malawi and joined British Forces Army in year 2000 served most of the time with NATO HQ Germany as Group 6 Information System Engineer until 2009 .Currenty studing at Staffordshire Universty BSc in Cyber Security and Digital Forensic
WHY PENTEST NETWORK ?
Protect bussines Asset
Protect bussiness integrity
Protecting bussiness service avalability
Complant with ISO standard
Protecting shareholders and public confidence
HOW IS PENTEST CONDUCTED
Contract Signed Autholise PENTEST
Contract might explicity NO DDOS, DOS imagine if PENTEST EBAY will they afford server down time.
Redteam goes to work
PENTEST ZENTYAL NETWORK
Stages used to conduct Pentest
Reconassance [ Finding more about the target]
Scanning [ Services offered by the target]
Gain Access [ Gain privilage to the target]
Maintain Access [Install a backdoor]
Cover Tracks [ Erase traces of being in the computer [Event Logs,Registry Edit]
Make the victim into a zombe to be used in attack of other computers in the network
HACKERS OS
Backtrack 5r3 comes with 300 + tools to be used in Pentration Testing and Digital Forensic
Popular program used in Pentest if Metasploit framework
TOOLS USED IN PENTEST
Nmap latest version is 6.01
Nessus Vulnability Scanner
Metasploit Attacking Framework
DEMONSTRATION RAPID ATTACK USING MSF
DEMO HACK WINBOX
This is showing tools of pentration testing how their are used and how MSF works .
ANY QUESTIONS
Linux small business server