Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA

Size: px
Start display at page:

Download "Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA"

Transcription

1 Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA 1

2 Penetration testing Information Gathering Discovery / Fingerprinting Vulnerability analysis Exploitation Reporting 2

3 Information Gathering Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later. 3

4 I.G types Passive Active 4

5 I.G - Types of information Domain, subdomain/host names User names jdoe Accounts Workers names John Doe 5

6 I.G what for? Host/domain information for discovering new targets, to get a description of the host, industrial espionage, etc User names, s, worker names, for performing brute force attacks on available services. 6

7 How can we obtain this kind of info? 7

8 Obtaining host and Domains names - Classic Zone Transfer (active) Whois (passive) Reverse Lookup (active) BruteForce (active++) 8

9 Zone-Transfer - DIG request: weak.dns -t AXFR Tester DNS server 9

10 DNS bruteforce domain: target.com host afrodita.target.com Tester afrodita.target.com has Dictionary afrodita... hermes.. matrix neo... x x DNS server Discoverd hosts: afrodita neo 10

11 Obtaining host and Domains names II Search Engines (passive) Public PGP key servers (passive) 11

12 Obtaining host and Domains names II The PGP public key servers are only intended to help the user in exchanging public keys 12

13 Obtaining host and Domains Search engines subdomain 13

14 Obtaining host and Domains names II subdomains 14

15 Obtaining host and Domains Subdomainer Demo subdomainer 15

16 Obtaining user names - Classic Search engines (passive) Web pages (passive) 16

17 Other sources.. 17

18 Obtaining user names - New sources PgP key servers (passive) Social Networks (passive) Metadata (passive) 18

19 Obtaining user names - New sources Social networks LinkedIn is an online network of more than 15 million experienced professionals from around the world, representing 150 industries. 19

20 Obtaining user names - New sources Current Job Pasts Jobs Education Job description Etc... 20

21 Social networks, correlations zster/images/basic.png 21

22 Obtaining user names theharvester 22

23 Obtaining s theharvester 23

24 Obtaining user names - New sources Metadata: is data about data. Is used to facilitate the understanding, use and management of data. 24

25 Obtaining user names - New sources - Metadata Provides basic information such as the author of a work, the date of creation, links to any related works, etc. 25

26 Metadata - Dublin Core (schema) Content & about the Resource Intellectual Property Electronic or Physical manifestation Title Author or Creator Date Subject Publisher Type Description Contributor Format Language Rights Identifier Relation Coverage 26

27 Metadata - example logo-ubuntu.png logo-kubuntu.png software - Adobe ImageReady size x391 mimetype - image/png software - size x379 mimetype - image/png :/ 27

28 Metadata So where can we get interesting metadata? & 28

29 Metadata Ok, I understand metadata... so what? 29

30 Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites. 30

31 Metagoofil site:nasa.gov filetype:ppt 31

32 Metagoofil Downloaded files ppt 1 ppt 2 ppt 3 libextractor /filtering Results. html ppt n 32

33 Metagoofil Demo 33

34 Metagoofil - results 34

35 Metagoofil - results 35

36 Metagoofil - results z 36

37 Metagoofil - results 37

38 Metagoofil - results 38

39 Metagoofil - results 39

40 Metagoofil & Linkedin results Now we have a lot of usernames, what can i do? 40

41 Using results User profiling Dictionary creation John Doe john.doe jdoe j.doe johndoe johnd john.d jd doe ATTACK! john 41

42 References blog.s21sec.com 42

43 Any question? 43

44 Thank you for coming 44

A fresh new look into Information Gathering. Christian Martorella IV OWASP MEETING SPAIN

A fresh new look into Information Gathering. Christian Martorella IV OWASP MEETING SPAIN A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i? Christian Martorella Manager Auditoria S21sec CISSP, CISA, CISM, OPST, OPSA OWASP WebSlayer Project Leader

More information

Chris Gates http://carnal0wnage.blogspot.com http://www.learnsecurityonline.com

Chris Gates http://carnal0wnage.blogspot.com http://www.learnsecurityonline.com New School Information Gathering Chris Gates http://carnal0wnage.blogspot.com http://www.learnsecurityonline.com Who Am I? Penetration Tester LearnSecurityOnline.com Security Blogger EthicalHacker.net

More information

gathering Dave van Stein 9 april 2009

gathering Dave van Stein 9 april 2009 Modern information gathering Dave van Stein 9 april 2009 Who Am I Dave van Stein 34 years Functional tester > 7 years Specializing in (Application) Security Testing Certified Ethical Hacker Agenda Goal

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Onderwerp: Modern Information Gathering

Onderwerp: Modern Information Gathering Modern information gathering Onderwerp: Modern Information Gathering Datum: 26-JUN-2012 Aanwezigen: OWASP Classificatie: Public Who Am I Dave van Stein 38 years Tester > 11 years (Application) Security

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Hacking Techniques & Intrusion Detection

Hacking Techniques & Intrusion Detection Hacking Techniques & Intrusion Detection Winter Semester 2012/2013 Dr. Ali Al-Shemery aka: B!n@ry Footprinting Walking the trails to a target Outline External Footprinting Identify External Ranges Passive,

More information

NCS490 Penetration Testing. Ronny L. Bull, MS Lecturer Computer Science Department. Spring 2014

NCS490 Penetration Testing. Ronny L. Bull, MS Lecturer Computer Science Department. Spring 2014 NCS490 Penetration Testing Ronny L. Bull, MS Lecturer Computer Science Department Spring 2014 Outline General Overview Target Selection OSINT Covert Gathering Foot-printing Identifying Protection Mechanisms

More information

2010: and still bruteforcing

2010: and still bruteforcing 2010: and still bruteforcing OWASP Webslayer Christian Martorella July 18th 2010 Barcelona Who am I Manager Auditoria CISSP, CISA, CISM, OPST, OPSA,CEH OWASP WebSlayer Project Leader FIST Conference, Presidente

More information

040020305-Penetration Testing 2014

040020305-Penetration Testing 2014 Comprehensive Questions/Practical Based :- 040020305-Penetration Testing 2014 1. Demonstrate the installation of BackTrack using Live DVD. Also list all the steps. 2. Demonstrate the installation of BackTrack

More information

The Power. Chema. of FOCA 3

The Power. Chema. of FOCA 3 The Power of FOCA 3 What s a FOCA? 5/25/12 2 Al principio fue el Metadato 5/25/12 3 Metadata, hidden info Mala ges.ón Mala conversión Opciones inseguras & lost data Buscadores Arañas Bases de datos Mala

More information

Targeted attacks: Tools and techniques

Targeted attacks: Tools and techniques Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that

More information

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat. 1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Vinny Hoxha Vinny Hoxha 12/08/2009

Vinny Hoxha Vinny Hoxha 12/08/2009 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology

More information

Don t scan, just ask A new approach of identifying vulnerable web applications. 28th Chaos Communication Congress, 12/28/11 - Berlin

Don t scan, just ask A new approach of identifying vulnerable web applications. 28th Chaos Communication Congress, 12/28/11 - Berlin Don t scan, just ask A new approach of identifying vulnerable web applications Summary It s about identifying web applications and systems Classical network reconnaissance techniques mostly rely on technical

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

SCADA Security Example

SCADA Security Example SCADA Security Example Christian Paulino and Janusz Zalewski Florida Gulf Coast University December 2012 1. Introduction SCADA systems are always connected to a network, so they are vulnerable to attack.

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

A New Era. A New Edge. Phishing within your company

A New Era. A New Edge. Phishing within your company Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

PURPLE PAPER EXEGESIS OF VIRTUAL HOSTS HACKING BY PETKO PETKOV AND PAGVAC (ADRIAN PASTOR)

PURPLE PAPER EXEGESIS OF VIRTUAL HOSTS HACKING BY PETKO PETKOV AND PAGVAC (ADRIAN PASTOR) PURPLE PAPER EXEGESIS OF VIRTUAL HOSTS HACKING BY PETKO PETKOV AND PAGVAC (ADRIAN PASTOR) VIRTUAL HOST ENUMERATION TECHNIQUES There is a lot that we can say about finding virtual hosts from a given IP

More information

1. LAB SNIFFING LAB ID: 10

1. LAB SNIFFING LAB ID: 10 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP PKF Avant Edge Penetration Testing Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP What is Penetration Testing (PenTest)? A way to identify vulnerabilities that exists in a system/network that has existing

More information

Pwning Intranets with HTML5

Pwning Intranets with HTML5 Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

External Network Penetration Test Report

External Network Penetration Test Report External Network Penetration Test Report Jared Doe jared@acmecompany.com C O N F I D E N T I A L P a g e 2 Document Information Assessment Information Assessor Kirit Gupta kirit.gupta@rhinosecuritylabs.com

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Presenters: Bruce Upton CISSP, CISA, C EH bruce.upton@protectmybank.com Jerry McClurg CISSP, CISA, C EH jerry.mcclurg@protectmybank.com Agenda and Overview:

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

TESTING OUR SECURITY DEFENCES

TESTING OUR SECURITY DEFENCES INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki maria.papadaki@plymouth.ac.uk 1 1 Do we need to test our defences? Can penetration testing help to improve security?

More information

Using Google to Find Vulnerabilities In Your IT Environment

Using Google to Find Vulnerabilities In Your IT Environment R e p o r t s. I n f o r m a t i o n W e e k. c o m Next M a r c h 2 0 1 2 Using Google to Find Vulnerabilities In Your IT Environment Attackers are increasingly using a simple method for finding flaws

More information

Client logo placeholder XXX REPORT. Page 1 of 37

Client logo placeholder XXX REPORT. Page 1 of 37 Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!! Infrastructure Security Assessment Methodology January 2014 RSPS01 Version 2.1 RandomStorm - Security Assessment Methodology - RSPS01 Version 2.1-2014 - Page 1 Document Details Any enquires relating to

More information

Computer Security and Penetration Testing. Chapter 2 Reconnaissance

Computer Security and Penetration Testing. Chapter 2 Reconnaissance Computer Security and Penetration Testing Chapter 2 Reconnaissance Objectives Identify various techniques for performing reconnaissance Distinguish and discuss the methods used in social engineering Discuss

More information

McAfee Certified Assessment Specialist Network

McAfee Certified Assessment Specialist Network McAfee Certified Assessment Specialist Network Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample

More information

Penetration Test Report

Penetration Test Report Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787

More information

Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010

Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010 Penetration Testing Getting the Most out of Your Assessment Chris Wilkinson Crowe Horwath LLP September 22, 2010 Introduction Chris Wilkinson, CISSP Crowe Horwath LLP Product Manager - Penetration Testing

More information

Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing.

Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing. Finding Your Way in Testing Jungle A Learning Approach to Web Security Testing. Research Questions Why is it important to improve website security? What techniques are already in place to test security?

More information

Reconnaissance CHAPTER 7 CHAPTER OVERVIEW AND KEY LEARNING POINTS INTRODUCTION INFORMATION IN THIS CHAPTER

Reconnaissance CHAPTER 7 CHAPTER OVERVIEW AND KEY LEARNING POINTS INTRODUCTION INFORMATION IN THIS CHAPTER CHAPTER 7 Reconnaissance INFORMATION IN THIS CHAPTER Website Mirroring Google Searches Google Hacking Social Media Job Sites DNS and DNS Attacks CHAPTER OVERVIEW AND KEY LEARNING POINTS This chapter will

More information

Penetration: from Application down to OS

Penetration: from Application down to OS April 13, 2010 Penetration: from Application down to OS Getting OS Access Using Lotus Domino Application Server Vulnerabilities Digitаl Security Research Group (DSecRG) www.dsecrg.com Alexandr Polyakov.

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

Department of Computer Science and Technology, UTU 2014

Department of Computer Science and Technology, UTU 2014 M.Sc. (CA) Semester 3 Course Name & Code: Penetration Testing (040020305) Tedi Heriyanto, Shakeel Ali, BackTrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing is abbreviated as ST,

More information

Exam 1 - CSIS 3755 Information Assurance

Exam 1 - CSIS 3755 Information Assurance Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information

More information

January 2011 Maltego 3 User Guide - Transforms Version 3.0

January 2011 Maltego 3 User Guide - Transforms Version 3.0 PATERVA Maltego transforms A reference guide RT 2011/01 Table of Contents 1 Introduction... 7 2 Search engine transforms... 8 2.1 General notes when using search engine transforms... 8 2.2 Problems with

More information

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Intel Security Certified Product Specialist Security Information Event Management (SIEM) Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking

More information

THE OPEN UNIVERSITY OF TANZANIA

THE OPEN UNIVERSITY OF TANZANIA THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

More information

Securing an Internet Name Server

Securing an Internet Name Server Securing an Internet Name Server Cricket Liu cricket@verisign.com Securing an Internet Name Server Name servers exposed to the Internet are subject to a wide variety of attacks: Attacks against the name

More information

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business

Ed Ferrara, MSIA, CISSP eferrara@temple.edu. Fox School of Business MIS 5208 Week 4 Cybersecurity & Fraud Ed Ferrara, MSIA, CISSP eferrara@temple.edu Hacking Source: www.youtube.com Computer Crime A cyber breach is any event that intentionally or unintentionally causes

More information

Sample Report. Security Test Plan. Prepared by Security Innovation

Sample Report. Security Test Plan. Prepared by Security Innovation Sample Report Security Test Plan Prepared by Security Innovation Table of Contents 1.0 Executive Summary... 3 2.0 Introduction... 3 3.0 Strategy... 4 4.0 Deliverables... 4 5.0 Test Cases... 5 Automation...

More information

DYNAMIC DNS: DATA EXFILTRATION

DYNAMIC DNS: DATA EXFILTRATION DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to

More information

Radware s Behavioral Server Cracking Protection

Radware s Behavioral Server Cracking Protection Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information

More information

Pentests: Exposing real world attacks

Pentests: Exposing real world attacks HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Security Day 2011 Pentests: Exposing real world attacks Renaud Dubourguais

More information

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE: PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration

More information

Deciphering and Mitigating Blackhole Spam from Email-borne Threats

Deciphering and Mitigating Blackhole Spam from Email-borne Threats Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges

More information

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

ET XXX Introduction to Penetration Testing

ET XXX Introduction to Penetration Testing ET XXX Introduction to Penetration Testing 2014 Fall Semester Monday, Wednesday, Friday 1:30 2:20 PM Engineering Complex III, Room XXX Instructor Alejandro Baca alejbaca@nmsu.edu 575-646-5789 Course Description

More information

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Turning your managed Anti-Virus

Turning your managed Anti-Virus Turning your managed Anti-Virus into my Botnet Jérôme NOKIN http://funoverip.net About me # id Jérôme Nokin http://funoverip.net jerome.nokin@gmail.com # job Penetration Tester Verizon Enterprise Solutions

More information

Demystifying Penetration Testing

Demystifying Penetration Testing Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: debasis_mty@yahoo.com Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration

More information

Penetration Testing Automation System

Penetration Testing Automation System Universitat Politècninca de Catalunya Final Thesis Penetration Testing Automation System Author: Oriol Caño Bellatriu Supervisor: Manuel Garcia-Cervignon Gutierrez A thesis submitted in fulfilment of the

More information

Redefining SIEM to Real Time Security Intelligence

Redefining SIEM to Real Time Security Intelligence Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Kerem Kocaer 2010/04/14

Kerem Kocaer 2010/04/14 Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

Honeypot that can bite: Reverse penetration

Honeypot that can bite: Reverse penetration Honeypot that can bite: Reverse penetration By Alexey Sintsov, Russian Defcon Group #7812 Introduction The objectives of this work are to determine the benefits and opportunities in conducting counter

More information

Switching Your DNS WiredTree

Switching Your DNS WiredTree Switching Your DNS Switching your DNS Now that you have your new account with us it is time to start planning on moving your current hosting over to your new server. This getting started guide covers switching

More information

Penetration Testing. Security Testing

Penetration Testing. Security Testing Penetration Testing Gleneesha Johnson Advanced Topics in Software Testing Fall 2004 Security Testing Method of risk evaluation Testing security mechanisms to ensure that their functionality is properly

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Information Security Organizations trends are becoming increasingly reliant upon information technology in DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights

More information

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD Penetration Testing University of Sunderland CSEM02 Harry R Erwin, PhD Resources Qinetiq Information Security Foundation Course (2002) Tittle, Stewart, and Chapple, 2004, CISSP: Certified Information Systems

More information

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. Tools for penetration tests 1 Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. What is a penetration test? Goals: 1. Analysis of an IT-environment and search

More information

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014 QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure

More information

EVILSEED: A Guided Approach to Finding Malicious Web Pages

EVILSEED: A Guided Approach to Finding Malicious Web Pages + EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of

More information

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Eight Essential Elements for Effective Threat Intelligence Management May 2015 INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

More information

Bust a cap in a web app with OWASP ZAP

Bust a cap in a web app with OWASP ZAP The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,

More information

Vulnerability management lifecycle: defining vulnerability management

Vulnerability management lifecycle: defining vulnerability management Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By

More information

DSMS: Automating Decision Support and Monitoring Workflow for Incident Response. Chris HORSLEY (CSIRT Foundry) SC LEUNG (HKCERT) Wally Wong (HKCERT)

DSMS: Automating Decision Support and Monitoring Workflow for Incident Response. Chris HORSLEY (CSIRT Foundry) SC LEUNG (HKCERT) Wally Wong (HKCERT) DSMS: Automating Decision Support and Monitoring Workflow for Incident Response Chris HORSLEY (CSIRT Foundry) SC LEUNG (HKCERT) Wally Wong (HKCERT) Agenda 1. What are our challenges? 2. How we run IR how

More information

Penetration Testing Scope Factors

Penetration Testing Scope Factors 1 NZ PAPER LINUX AND WEB APPLICATION SECURITY Penetration Testing Scope Factors April 20, 2013 Zeeshan Khan NZPAPER.BLOGSPOT.COM 2 Abstract: This paper contains the key points of penetration testing. All

More information

CLEO NED Active Directory Integration. Version 1.2.0

CLEO NED Active Directory Integration. Version 1.2.0 CLEO NED Active Directory Integration Version 1.2.0 CLEO NED Active Directory Integration Manual v1.2.0 Copyright c 2010 Lancaster University Network Services Limited. All rights reserved. Microsoft, Windows,

More information

User Guide to the Content Analysis Tool

User Guide to the Content Analysis Tool User Guide to the Content Analysis Tool User Guide To The Content Analysis Tool 1 Contents Introduction... 3 Setting Up a New Job... 3 The Dashboard... 7 Job Queue... 8 Completed Jobs List... 8 Job Details

More information

Enabling Office 365 Services

Enabling Office 365 Services Exam : 70-347 Title : Enabling Office 365 Services Version : DEMO 1 / 5 1.You are the Microsoft Lync administrator for a company that uses Lync Online. The company has mandated that employees may use Lync

More information

Talk-101 User Guide. DNSGate

Talk-101 User Guide. DNSGate Talk-101 User Guide DNSGate What is DNSGate? DNSGate is a management interface to allow you to make DNS changes to your domain. The interface supports A, CNAME, MX and TXT records. What is DNS? DNS stands

More information

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Intelligence Gathering. n00bpentesting.com

Intelligence Gathering. n00bpentesting.com Intelligence Gathering Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Target Selection and OSINT Scenario Lab Tw0 - Footprinting What s Next? 3 3 3 4 4 4 5 5 13 17 2 Prerequisites

More information

APT A%ribu*on and DNS Profiling. Frankie Li ran2@vxrl.org Twi4er: @espionageware

APT A%ribu*on and DNS Profiling. Frankie Li ran2@vxrl.org Twi4er: @espionageware APT A%ribu*on and DNS Profiling Frankie Li ran2@vxrl.org Twi4er: @espionageware Agenda APT A4ribu

More information

Attack Frameworks and Tools

Attack Frameworks and Tools Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet

More information

Penetration Testing SIP Services

Penetration Testing SIP Services Penetration Testing SIP Services Using Metasploit Framework Writer Version : 0.2 : Fatih Özavcı (fatih.ozavci at viproy.com) Introduction Viproy VoIP Penetration Testing Kit Sayfa 2 Table of Contents 1

More information

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains

More information

What is Penetration Testing?

What is Penetration Testing? White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking

More information

Tutorial: How to Use SQL Server Management Studio from Home

Tutorial: How to Use SQL Server Management Studio from Home Tutorial: How to Use SQL Server Management Studio from Home Steps: 1. Assess the Environment 2. Set up the Environment 3. Download Microsoft SQL Server Express Edition 4. Install Microsoft SQL Server Express

More information

We Know It Before You Do: Predicting Malicious Domains

We Know It Before You Do: Predicting Malicious Domains We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and

More information