Turn-Key Penetration Testing Labs

Similar documents
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Security Considerations White Paper for Cisco Smart Storage 1

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Lab Objectives & Turn In

CYBERTRON NETWORK SOLUTIONS

INFORMATION SECURITY TRAINING CATALOG (2015)

Kevin Cardwell. Toolkits: All-in-One Approach to Security

Linux Operating System Security

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Topics in Network Security

Security. TestOut Modules

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Understanding Security Testing

Step-by-Step Configuration

SCP - Strategic Infrastructure Security

Penetration Testing LAB Setup Guide

CMPT 471 Networking II

Firewall Firewall August, 2003

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.


Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Vulnerability Assessment and Penetration Testing

information security and its Describe what drives the need for information security.

Rapid Vulnerability Assessment Report

Client logo placeholder XXX REPORT. Page 1 of 37

9 Simple steps to secure your Wi-Fi Network.

Developing Network Security Strategies

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Penetration Testing with Kali Linux

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

SonicWALL PCI 1.1 Implementation Guide

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Cyber Exercises, Small and Large

Multi-Homing Dual WAN Firewall Router

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

CRYPTUS DIPLOMA IN IT SECURITY

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Step-by-Step Configuration

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Attack Frameworks and Tools

Kerio Control. Step-by-Step Guide. Kerio Technologies

Remote Unix Lab Environment (RULE)

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Firewalls. Pehr Söderman KTH-CSC

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Attack and Penetration Testing 101

June 2014 WMLUG Meeting Kali Linux

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Firewall implementation and testing

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Firewalls (IPTABLES)

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Self Service Penetration Testing

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA. Test Code: 8148 Version: 01

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Penetration Testing Report. Client: xxxxxx Date: 19 th April 2014

Why The Security You Bought Yesterday, Won t Save You Today

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Information and Digital Technology

Connecting to and Setting Up a Network

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Windows Remote Access

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Windows Operating Systems. Basic Security

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Introduction of Intrusion Detection Systems

EZblue BusinessServer The All - In - One Server For Your Home And Business

Chapter 9 Firewalls and Intrusion Prevention Systems

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Project 2: Firewall Design (Phase I)

Ethical Hacking Course Layout

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Introduction on Low level Network tools

Blended Security Assessments

2016 TÜBİTAK BİLGEM Cyber Security Institute

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Nixu SNS Security White Paper May 2007 Version 1.2

INFORMATION SECURITY TRAINING CATALOG (2016)

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Best Practices For Department Server and Enterprise System Checklist

Transcription:

Turn-Key Penetration Testing Labs Thomas Wilhelm CISSP SCSECA SCNA SCSA IAM

Why Do I Need a PenTest Lab?...or Why Hacking the Internet is Bad Legal Ramifications Mr. Heckenkamp: 8 months, $268,291 restitution Two counts of gaining unauthorized access into a computer and recklessly causing damage CompSci. Grad student at University of Wisconsin Mr. Lukawinsky: 12 months, $198,458 restitution Accessed computer network without authorization and downloaded several encrypted password files Did not compromise any of the confidential or proprietary information http://www.usdoj.gov/criminal/cybercrime/cccases.html Turn-Key Penetration Testing Labs 2

Why Do I Need a PenTest Lab?...or Why Hacking the Internet is Bad Bandwidth Problems Brute Force Attacks Aggressive Scanning Denial of Service Attacks Cost Associated with Bandwidth Usage Wife Can't Play Her MMORPG Turn-Key Penetration Testing Labs 3

Why Do I Need a PenTest Lab?...or Why Hacking the Internet is Bad Time Constraints Finding the Right Equipment to Hack Find a Legal System (friend-of-a-friend)? Servers are Often Down Denial of Service Idiots (intentional or not) Code of Ethics I Want to Keep my Job Turn-Key Penetration Testing Labs 4

Disadvantages of PenTest Labs Expensive & Expansive Equipment & Electrical Costs Limited Rack Space Application / Operating System / Patch Disks Diversity is up to You Finding Older and Unique Equipment / Software is a Serious Pain Turn-Key Penetration Testing Labs 5

Disadvantages of PenTest Labs How do You Make a Real World Challenge? What's a Real Scenario if I've Never Pentested before? If YOU Create a Scenario, YOU Instantly Know How to Solve it Turn-Key Penetration Testing Labs 6

...So, I Began To Think How to Get Rid of the Disadvantages of a Lab Needs to be Easy for Neophytes to Use Challenging Enough for All Skill Levels Simulate Real-World Situations Not Just Another Web-Hacking Scenario Easy to Create Portable (LAN Parties) Nerdy Enough to Be Kind of Cool Turn-Key Penetration Testing Labs 7

Advantages of Live CDs Cost Advantage Less Equipment Virtualization (future releases) Portable and Compact (iso file) Quick & Easy to Use They are Real Servers with Real Services Turn-Key Penetration Testing Labs 8

Disadvantages of Live CDs Depends on Your Goals LiveCD vs. Fully-Installed System Learning Goals are Different PenTesting Learn SysAdmin Modules vs. Packages -> LiveCDs -> Full Install Fewer Modules, but Easier to Install More Packages, but More Complicated You can Still use Packages in LiveCDs Proprietary Operating Systems Turn-Key Penetration Testing Labs 9

A Live CD PenTesting Lab Is... I Needed Some Standards Slax (slax.org) BackTrack (remote-exploit.org) Hardware Router(s) Two Machines Target Attack Turn-Key Penetration Testing Labs 10

A Live CD PenTesting Lab Is... I Needed Some Standards Target machine = Static IP Address IP Address Indicates Difficulty Level 192.168.1.xxx = level 1 192.168.2.xxx = level 2, etc. Attack machine = Dynamic IP Address Router Needs to Provide DHCP OSSTMM Turn-Key Penetration Testing Labs 11

How a Slax Live CD Works 2037+ Modules Runs from USB or CD 6 Pre-Built.iso's Server Distro Includes: DNS, DHCP, HTTP, FTP, MySQL, SMTP, POP3, IMAP and SSH. Smallest Distro: 50MB GNU General Public License Turn-Key Penetration Testing Labs 12

How a Slax Live CD Works Don't Like Slax? Check out linux-live.org Turn-Key Penetration Testing Labs 13

How a Slax Live CD Works File Structure / base boot devel modules optional rootcopy tools Base OS (devel) Gets Installed First modules are Installed Second (found in base and modules) rootcopy is Copied Next (Empty by Default) Turn-Key Penetration Testing Labs 14

How a Slax Live CD Works /rootcopy etc rc.d home opt var rc.local ssh passwd shadow sudoers rc.d Executed on Startup Come from modules Create Your Own rc.local Shell Script that Launches at Startup Primary Script for PenTest Disks Turn-Key Penetration Testing Labs 15

How a Slax Live CD Works Snippet of rc.local #Prevent brute force attacks iptables -A INPUT -p tcp -i eth0 -m state - state NEW --dport 22 -m recent --update - seconds 15 -j DROP iptables -A INPUT -p tcp -i eth0 -m state - state NEW --dport 22 -m recent --set -j ACCEPT # #remove the clues # cd / umount /boot rm -r /boot # Turn-Key Penetration Testing Labs 16

The Idea Behind Levels Some Hacking Techniques are Easier than Others Level 1 - Brute Force, Hidden Directories, Password Cracking... Level 2 - IDS Evasion, Back Doors, Elevating Privileges, Packet Sniffing... Level 3 - Weak Encryption, Shell Code, Reversing... Level 4 -??? Turn-Key Penetration Testing Labs 17

Real World Scenarios...or How to Intentionally Screw up Your Box Bad/Weak Passwords Unnecessary Services (ftp, telnet, rlogin (?!?!)) Unpatched Services Too Much Information Given (contact info, etc.) Poor System Configuration Poor / No Encryption Methodology Elevated User Privileges No IPsec Filtering Incorrect Firewall Rules (plug in and forget?) Clear-Text Passwords Username/Password Embedded in Software No Alarm Monitoring Turn-Key Penetration Testing Labs 18

Scenarios at De-ICE.net Warning: Spoiler Scenario Disk 1.100 CEO pressured by the Board of Directors to have a penetration test done CEO, feels this is a huge waste of money Already has a company scan their network for vulnerabilities (using nessus) Contracts you to look at only one server Turn-Key Penetration Testing Labs 19

Scenarios at De-ICE.net Warning: Spoiler For the PenTester Disk 1.100 There is a hints page that provides tools required as well as clues to push you along if you get stuck Objective is to learn the tools and expand your thought process Turn-Key Penetration Testing Labs 20

Scenarios at De-ICE.net Warning: Spoiler Tools Required nmap Firefox ssh hydra john (the ripper) openssl Disk 1.100 Turn-Key Penetration Testing Labs 21

Scenarios at De-ICE.net Warning: Spoiler nmap Scan - Target Does Not Respond to ping - ftp is Intentionally Broken - There are no nessus Vulnerabilities (not Included in BackTrack) Disk 1.100 Turn-Key Penetration Testing Labs 22

Scenarios at De-ICE.net Warning: Spoiler HTTP Info Disk 1.100 User names: adams, banter, coffee, adamsa, banterb, coffeec, adama, bobb, chadc, aadams, bbanter, ccoffee, aadam, bbob, cchad, etc. (caps, numbers) Turn-Key Penetration Testing Labs 23

Scenarios at De-ICE.net Warning: Spoiler hydra / ssh Info Disk 1.100 Login: bbanter / bbanter (joe password) - You could try all possible combinations using dictionary attack, but this is a quick check and narrows things down Turn-Key Penetration Testing Labs 24

Scenarios at De-ICE.net Warning: Spoiler hydra / ssh Info Disk 1.100 Login: aadams / nostradamus Turn-Key Penetration Testing Labs 25

Scenarios at De-ICE.net Warning: Spoiler What's Next? john (the ripper) openssl Disk 1.100 I'll leave the rest for you to work through hint: Find the CEO's bank account info to win Turn-Key Penetration Testing Labs 26

The Future for De-ICE.net What is Next for LiveCD PenTest Disks? Wireless Pentesting Potential Scenarios Might run Parallel to Current Level System WEP, WPA, WPA2 cracking Mimic MAC Address DoS Client / Assume Client Identity Man-in-the-Middle Attack Turn-Key Penetration Testing Labs 27

The Future for De-ICE.net What is Next for LiveCD PenTest Disks? IDS/IPS Potential Scenarios Network-Based Scenarios (currently Host-Based) Log Servers Attack Against Signature Files Slow Attacks (under thresholds) Turn-Key Penetration Testing Labs 28

The Future for De-ICE.net What is Next for LiveCD PenTest Disks? Beyond the PenTest Labs Disks Forensics Lab Learn how to use Forensics tools Real-World Scenarios Classroom How-To Demonstrations with Hands-On Labs Turn-Key Penetration Testing Labs 29

Links and Contact Info Thomas Wilhelm email: twilhelm@herot.net LiveCD PenTest Disks http://www.de-ice.net Network Configuration Information and Download Links in Forum (signup required) Turn-Key Penetration Testing Labs 30

Questions? Thank you for attending!!!...those of you still awake, please nudge those sleeping next to you. We're done here. It's been an honor to present to you today, and I'm always available to answer your questions. Turn-Key Penetration Testing Labs 31

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information