vulnerability & penetration test - infopercept · 01 a form of stress testing, which exposes...
TRANSCRIPT
![Page 1: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/1.jpg)
Vulnerability & PenetrationTest
![Page 2: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/2.jpg)
Code Red infected 359,000 servers in less than 14 hours – at the peak, it infected more than 2,000 new hosts/minute – estimated cost? $2.6B(Computer Economics)
India's Railway Email System hacked by Pakistan Cyber Army
www.thehackernews.com
Within 24 hours of NIMDA hitting, 50% of the infected hosts went offline
(CNet)
India was the third most-infected country for Stuxnet with 10 per cent infections –
www.business-standard.com
Threats Continue to Rise….
Second largest malicious codes come from India –www.business-standard.com
1 vulnerability exists in every 1500 lines of code (IBM’s Watson Research Lab) ; Windows XP has 45M lines of code; W2K has 35M lines of code; MS code lines doubleevery 866 days….
According to Symantec Critical Infrastructure ProtectionSurvey 2010, over half of India’s critical infrastructure providers were victims of cyber attacks– Symantec
Over 35,697 active bot computers in India. Average of 435 bots per day in 2010 –
www.business-standard.com
![Page 3: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/3.jpg)
To assist in decision making processes To Validate that current security mechanisms are working
To improve information security awareness
To assess risk
To mitigate risk immediately To reinforce the information security process
Highest Security Risk
Compliance to various security standards and regulations such as ISO 27001, IT ACT 2000, SOX,
HIPAA, PCI, etc.
NEED FOR VA - PT
![Page 4: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/4.jpg)
01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open
02 Door
03 A valued Assurance Assessment tool
04 PT can be used to find Flaws in Specifications, Architecture, Implementation, Software, Hardware any many more….
Vulnerability assessment is the process of identifying andquantifying vulnerabilities in a system. A vulnerability assessmentis what most companies generally do, as the systems they are testingare live production systems and can’t afford to be disrupted byactive exploits which might crash the system
What is VA/PT
Infopercept
![Page 5: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/5.jpg)
Tester need to acquire the Knowledge and Penetrate :
➢ Acquire knowledge using tools or Social Engineering techniques➢ Publicly available information may be given to the penetration tester
Benefits :
➢ Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies.
➢ It is also known as “Zero-Knowledge” testing
TYPI
CA
L A
PPR
OA
CH
BLACK BOXTESTING
Internals Not knows
![Page 6: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/6.jpg)
It is known as “Complete Knowledge” testing :
➢ Testers are given full information about the target system they are supposed to attack.
➢ Information Include➢ Technology overviews➢ Data flow & Network diagrams➢ Code snippets➢ & More
Benefits :
➢ Reveals more vulnerabilities and may be faster
➢ Compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack.
TYPI
CA
L A
PPR
OA
CH
WHITE BOXTESTING
Internals fully knows
![Page 7: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/7.jpg)
➢ The tester simulates an inside Employee. The tester is given an
➢ account on the internal network and standard access to the network.
➢ This test assesses internal threats from employees within the
➢ Company
➢ The relative merits of all these approaches are debatable
➢ In most cases it is preferable to assume a worst-case scenario and
➢ provide the testers with as much information as they require,
➢ assuming that any determined attacker would already have acquired
➢ this.
TYPI
CA
L A
PPR
OA
CH
GRAY BOXTESTING
Internals Partially knows
![Page 8: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/8.jpg)
Scope / Goal Definition
Information Gathering
Information Analysis & Planning
Information Analysis & Planning
Result Analysis &Reporting
Attack & Penetration /Privilege Escalation
Vulnerability Detection
Clean Up
SOS
Methodology for VA-PT
![Page 9: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/9.jpg)
External Penetration Testing :The goal of the external network Penetration Testing is to demonstrate the existence of known security vulnerabilities that could be exploited by an attacker as they appear outside the perimeter of the network, usually from the internet. External testing involves analysis of publicly available information, a network enumeration phase and the behaviour of the security devices is analyzed. It is the traditional approach to Penetration Testing and it involves assessing the servers, technology infrastructure and the underlying software comprising the target. It is performed with no prior knowledge of the target environment. All web servers, mail servers, firewalls, routers, IDPS, etc should undergo the Penetration Testing activity to evaluate the security posture.
Infopercept VAPT Methodology
![Page 10: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/10.jpg)
Internal Penetration Testing :Internal network Penetration Testing reveals the holistic view of the security posture of the organization. An internal network security assessment follows a similar technique to external assessment but with a more complete view of the site security. Testing will be performed from a number of network access points, representing each logical and physical network segments. For example, this may include tiers and DMZ’s within the environment, the corporate network or partner company connections. Internal network Penetration Testing is used to determine If a disgruntled internal employee of the organization penetrates the network with the amount of IT knowledge he has, If a hacker breaks into the internal network by compromising the weak perimeter security controls and steals the sensitive information and If the guest visitor walks by the company and steals sensitive data from the internal network.
Infopercept VAPT Methodology
![Page 11: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/11.jpg)
Test One
Test Two
Test Three
Test Four
Open Web Application Security Project (OWASP) Testing Guide01
Technical Guide to Information Security Testing and Assessment (NIST 800-115)02
The Penetration Testing Execution Standard (PTES)
03
Payment Card Industry (PCI) Penetration Testing Guidance
04
Standards we follow for External Penetration Testing
Infopercept
![Page 12: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/12.jpg)
Pla
nn
ing
& E
xecu
tio
n 1. Intelligence Gathering
2. Review Rules of Engagement
1. Reconnaissance
2. Threat Modeling
3. Vulnerability Analysis
4. Exploitation
5. Post Exploitation
6. Reporting
Planning :
Execution :
![Page 13: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/13.jpg)
Frameworks
• Kali Linux• R3 Security Onion
Reconnaisance
• Smartwhois• MxToolbox• CentralOps• dnsstuff• nslookup• DIG• netcraft
Discovery
• Angry IP scanner• Colasoft ping tool • nmap• Maltego• NetResident• LanSurveyor• OpManager
Port Scanning
• Nmap• Megaping• Hping3• Netscan tools pro • Advanced port
scannerServiceFingerprinting Xprobe
• nmap• zenmap
Enumeration
• Superscan• Netbios enumerator • Snmpcheck• onesixtyone• Jxplorer• Hyena• DumpSec• WinFingerprint• Ps Tools• NsAuditor• Enum4Linux • nslookup• Netscan
VAPT Tests and Tools
![Page 14: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/14.jpg)
Scanning
• Nessus, GFI• Languard• Retina• SAINT • Nexpose
VAPT Tests and Tools
Password Cracking
• Ncrack• Cain & Abel • LC5• Ophcrack• pwdump7 • fgdump• John The Ripper• Rainbow Crack
Sniffing
• Wireshark• Ettercap • Capsa Network
Analyzer MiTM Attacks
• Cain & Abel• Ettercap
Exploitation
• Metasploit • Core Impact
![Page 15: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/15.jpg)
Scope/Goal Definition
➢ Which attacker profile the tester will use
• Hacker with no knowledge about the target
• Hacker with knowledge about the target
• Internet user with access
➢ Which System or network the test will be conducted
➢ Duration of Test
1.
Infopercept
![Page 16: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/16.jpg)
➢ Information about the Target
• Who is: ARIN ; RIPE ; APNIC
• Google: General Information; Financial, Phone Book, Google
Hacking Databases; Web Searching
• DNS Retrieval, SOA Record, MX Records, NS Records, A Records
etc.
• Tools / Websites: Cheops-ng, Sam Spade, www.dnstuff.com
• Social Engineering
• Dumpster Diving
• Web Site Copy
Information Gathering
2.
Infopercept
![Page 17: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/17.jpg)
➢ Manual Detection
Manually probe the target host from commonmisconfiguration or flaws because a vulnerabilityscanner can fail to identify certain vulnerabilities.
• Ex: Database configuration etc
• Open TCP Ports
• Closed TCP Ports
• Open UDP Ports
• Closed UDP Ports
• Service Probing
Vulnerability Detection
3.
Infopercept
![Page 18: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/18.jpg)
➢ Collating the information gathered in previous stages.
➢ Preparation of High level attack planning.
• Overall Approach
• Target identification.
Information Analysis & Planning
4.
Infopercept
![Page 19: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/19.jpg)
➢ Attack & Penetration
• Known / available exploit selection – Tester acquires publicly
available s/w for exploiting.
• Exploit customization – Customize exploits s/w program to work
as desired.
• Exploit development – Develop own exploit if no exploit program
available
• Exploit testing – Exploit must be tested before formal Test to
avoid damage.
• Attack – Use of exploit to gain unauthorized access to target..
Penetration & Privilege Escalation
5.
Infopercept
![Page 20: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/20.jpg)
➢ Privilege Escalation
What can be done with acquired access / privileges.
• Alter
• Damage
• What not
Penetration & Privilege Escalation
5.
Infopercept
![Page 21: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/21.jpg)
➢ Organize Data/related results for Management Reporting
• Consolidation of Information gathered.
• Analysis and Extraction of General conclusions.
• Recommendations.
Result Analysis & Reporting
6.
Infopercept
![Page 22: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/22.jpg)
➢ Cleaning of all that has been done during the testing
• Any System alterations
• Exploits
Cleanup6.
Infopercept
![Page 23: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/23.jpg)
Vulnerability Database
➢ National Vulnerability Database -nvd.nist.gov
➢ Common Vulnerabilities and Exposures - cve.mitre.org/cve/
➢ Security Focus Bugtraq -www.securityfocus.com/vulnerabilities/
➢ Open Source Vulnerability Database -
➢ www.osvdb.org/search.php
➢ US-CERT Vulnerability Notes Database - www.kb.cert.org/vuls/
Tools and Technologies✓ Nmap
✓ Professional Version of Nessus
✓ Acunetix
✓ Back Track
✓ In House Scripts
✓ Back Track Tool Kit
✓ Manual Intelligence
![Page 24: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/24.jpg)
CHALLENGES AND WHY
Infopercept
➢ Quality & Experience of Pen Testers
➢ Quality & Effectiveness of Tools
➢ Usage of Globally Accepted Methodology such
as OSSTMM, OWASP etc.
➢ Ensuring all the findings are reported to the
Management.
➢ Follow stringent program to Fix Vulnerabilities.
➢ Conduct Periodic Testing.
Infopercept
![Page 25: Vulnerability & Penetration Test - Infopercept · 01 A form of Stress testing, which exposes weaknesses or flaws in a computer system Art of finding an Open 02 Door 03 A valued Assurance](https://reader036.vdocuments.mx/reader036/viewer/2022081612/5f1030367e708231d447e1a8/html5/thumbnails/25.jpg)
Thank You
For More Information Please Visit our Website
www.infopercept.com