Department of Computer Science and Technology, UTU 2014

Transcription

1 M.Sc. (CA) Semester 3 Course Name & Code: Penetration Testing ( ) Tedi Heriyanto, Shakeel Ali, BackTrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing is abbreviated as ST, #refers to the chapter no. (E.g. #1 means chapter 1) Objectives: To understand installation and configuration of Backtrack, security testing methodology for planning and implementing penetration testing and comparative study of various tools and techniques for security in penetration testing. Course Outcomes: CO1: CO2: CO3: CO4: CO5: CO6: CO7: CO8: CO9: Sub Unit Understand basics of Backtrack to begin with penetration testing process. Learn how to get, install, configure, update and add tools in backtrack environment. Comparative study of security testing methodologies namely OSSTMM, ISSAF, OWASO, WASC-TC. Analyse the necessary guidelines required on formalizing the test requirements within the scope. Learn several tools and techniques that can be used to gather metadata from various types of documents, extract DNS and routing information. Study the process of discovering and fingerprinting your target and basics of target enumeration. Understand different security concepts that can assist in finding security vulnerabilities. Learn the tools and techniques for escalating privilege, network sniffing and spoofing. Know the tools and techniques for protocol, proxies and end-to-end communication along with the testing directives for documentation, reports and presentation. No. of Lecture (s) Topics 1 Beginning with Backtrack Backtrack purpose Getting and Using Backtrack Configuring network connection Updating and Customizing Backtrack Types of penetration testing Vulnerability assessment versus penetration testing Security testing methodologies Backtrack testing methodology Reference chapter/ Additional reading ST#1 pg no 9 to 11 ST#1 pg no 11 to 20 ST#1 pg no 21 to 24 ST#1 pg no 24 to 28 ST#2 pg no 38 to 39 ST#2 pg no 39 to 40 ST#2 pg no 41 to 50 ST#2 pg no 51 to 55 Teaching Methodology Planned Text book & Demo Conceptual reading from textbook Presentati on Conceptual reading from textbook Followe d Date of Lecture Conduction Planned 7/7/ /7/ /7/ /7/2014 8/7/ /7/ /7/ /7/2014 Actua l Evaluati on Paramet er 7/8/2014 QUIZ - 1 Page 1

2 2 Target Scoping and Information Gathering Gathering client requirements ST#3 pg no 62 to Preparing the ST#3 pg no test plan 64 to Profiling test ST#3 pg no boundaries Defining business objectives, Project management and scheduling Public resources and Document gathering DNS and Route information, Utilizing search engines All-in-one intelligence gathering Documenting the information ST#3 pg no 68 to 69 ST#4 pg no 74 to 76 ST#4 pg no 77 to 95 ST#4 pg no 96 to 100 ST#4 pg no 101 to Target Discovery and Enumerating Introduction ST#5 pg no Identifying the target machine ST#5 pg no 110 to OS ST#5 pg no fingerprinting 122 to Port scanning ST#6 pg no 127 to Service ST#6 pg no enumeration 152 to VPN enumeration ST#6 pg no 157 to Vulnerability Mapping and Social Engineering Presentation Conceptual reading from textbook Conceptual reading from textbook 21/7/ /7/ /7/ /7/ /7/ /7/ /7/2014 1/8/2014 4/8/2014 5/8/2014 7/8/2014 8/8/ /8/2014 & 12/8/ /8/2014 & 18/8/2014 UNIT TEST Types of vulnerabilities, Vulnerability taxonomy ST#7 pg no 162 to 165 Conceptual reading from textbook 19/8/ Open Vulnerability ST#7 pg no 165 to 169 Prese ntati on 21/8/2014 Page 2

3 Assessment System (OpenVAS) Cisco analysis, Fuzzy analysis, SMB analysis, SNMP analysis Web application analysis, Application assessment tools Modeling human psychology, Attack process and methods Social Engineering Toolkit (SET) Common User Passwords Profiler (CUPP) ST#7 pg no 169 to 188 ST#7 pg no 188 to 216 ST#8 pg no 219 to 224 ST#8 pg no 224 to 234 ST#8 pg no 234 to Target Exploitation and Privilege Escalation Vulnerability research ST#9 pg no 237 to Vulnerability ST#9 pg no and exploit 240 repositories Advanced exploitation toolkit Target Exploitation Summary Attacking the password Network sniffers Network spoofing tools Privilege Escalation Summary 6 Maintaining Access, Documentation and Reporting Protocol tunneling ST#9 pg no 241 to 273 ST#9 pg no 273 ST#10 pg no 275 to 289 ST#10 pg no 289 to 298 ST#10 pg no 298 to 304 ST#10 pg no 304 ST#11 pg no 305 to 311 Conceptual reading from textbook Presentation Conceptual reading from textbook Conceptual reading 25/8/ /8/ /8/2014 2/9/2014 3/9/2014 & 5/9/2014 4/9/2014 QUIZ - 2 8/9/2014 9/9/ /9/ /9/ /9/ /9/ /9// /9/ /9/ Proxy ST#11 pg 25/9/2014 Page 3

4 Text Book: Reference Books: no 311 to End-to-end connection ST#11 pg no 313 to Documentation ST#12 pg and results no 321 to verification Types of ST#12 pg reports no 323 to Presentation ST#12 pg no 327 to Post testing procedures ST#12 pg no 328 to Tedi Heriyanto, Shakeel Ali. Backtrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing 1. Vivek Ramachandran. Backtrack 5 Wireless Penetration Testing Beginner s Guide, Shroff/Packt Publishing 2. Lee Alen. Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide, Shroff/Packt Publishing 3. Patrick Engebreston. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Syngress. 4. Ronald L. Krutz and Russell Dean Vines. The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking, Wiley 5. Thomas Wilhelm. Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab, Syngress Conceptual Reading Make students read from textbook and then explain. Course Objectives and Course Outcomes Mapping: To understand installation and configuration of BackTrack: CO1, CO2 security testing methodology for planning and implementing penetration testing: CO3, CO4, CO6 29/9/2014 7/10/ /10/ /10/ /10/201 4 comparative study of various tools and techniques for security in penetration testing: CO5, CO7, CO8, CO9 Course Units and Course Outcomes Mapping: UNIT TEST - 2 Unit No. Unit Course outcome CO1 CO2 CO3 CO4 CO5 CO6 CO7 CO8 CO9 1 Beginning with Backtrack 2 Target Scoping and Information Gathering 3 Target Discovery and Enumerating 4 Vulnerability Mapping and Social Page 4

5 Engineering 5 6 Target Exploitation and Privilege Escalation Maintaining Access, Documentation and Reporting Hands-on Experience Activity: Modes of Transaction (Delivery): Students will implement commands of target discovery and vulnerability mapping on BackTrack 4 or BackTrack 5. For Unit 1: (1.3, 1.6, 1.7, 1.8) ;Unit 2: (2.5, 2.6, 2.7, 2.8); Unit 3: (All sub units); For Unit 4: (4.4, 4.5, 4.6, 4.7); Unit 5: (5.3 to 5.8); Unit 6: (All sub units) Students will bring their textbooks, I will make them underline important points and explain them accordingly. For Unit 1 (1.5); Unit 2 (2.1 to 2.4); Unit 4 (4.2, 4.3); Unit 5(5.1, 5.2) Presentation method will be used. For Unit 1 (1.1, 1.2) Demonstration of BackTrack 4 will be given. Activities/Practicum: Assignment Activity: Atleast five questions from each unit will be given. Concept Map: The following activities shall be carried out by the students. Understand the installation process of BackTrack 4 using USB, LIVE DVD & installing it to the hard disk. Viva will be conducted to ensure their understanding The following activities shall be carried out by the teacher. Demonstration of BackTrack 4 installation will be given. Penetration Testing Page 5

6 Unit-1: Beginning with Backtrack Unit-2: Target Scoping and Information Gathering Page 6

7 Unit-3: Target Discovery and Enumerating Unit-4: Vulnerability Mapping and Social Engineering Page 7

8 Unit-5: Target Exploitation and Privilege Escalation Page 8

9 Unit-6: Maintaining Access, Documentation and Reporting Page 9