Client-Side Penetration Test Report

Similar documents
Information Security Organizations trends are becoming increasingly reliant upon information technology in

PCI Vulnerability Validation Report

How To Test For Security On A Network Without Being Hacked

Creating a Resume Webpage with

Webapps Vulnerability Report

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Website Implementation

Fighting Advanced Threats


USB Baiting. Project Proposal. Daan Wagenaar, Dimitar Pavlov, Yannick Scheelen. Universiteit van Amsterdam

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

A send-a-friend application with ASP Smart Mailer

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

WHITEPAPER. Skinning Guide. Let s chat Velaro info@velaro.com by Velaro

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Global Security Report 2011

WEB ATTACKS AND COUNTERMEASURES

ITNP43: HTML Lecture 4

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Building A Secure Microsoft Exchange Continuity Appliance

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Penetration Testing Scope Factors

Penetration Test Report

CYBER SECURITY THREAT REPORT Q1

Using Microsoft Expression Web to Upload Your Site

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

THE THREE Es OF MODERN SECURITY FOR PHISHING

CS 558 Internet Systems and Technologies

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Uploaded images filter evasion for carrying out XSS attacks

Cross Site Scripting in Joomla Acajoom Component

N-Dimension Solutions Cyber Security for Utilities

How We're Getting Creamed

Internet Technologies

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

How To Perform An External Security Vulnerability Assessment Of An External Computer System

Continuous Penetration Testing

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Social Engineering Toolkit

STATE OF NEW JERSEY IT CIRCULAR

Report. Bromium: Endpoint Protection Attitudes & Trends Increasing Concerns Around Securing End Users

SysAidTM Deployment Tool Guide

Technical Testing. Network Testing DATA SHEET

About This Document. Response to Questions. Security Sytems Assessment RFQ

Novell Identity Manager

Trust Digital Best Practices

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review

Topic 1 Lesson 1: Importance of network security

Xtreeme Search Engine Studio Help Xtreeme

SPEAR PHISHING AN ENTRY POINT FOR APTS

Step by step guides. Deploying your first web app to your FREE Azure Subscription with Visual Studio 2015

Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect

New Systems and Services Security Guidance

Lab 1: Windows Azure Virtual Machines

Outline of CSS: Cascading Style Sheets

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

The Social-Engineer Toolkit (SET)

Cyber Essentials Scheme

Threat Spotlight: Angler Lurking in the Domain Shadows

How To Prevent Hacker Attacks With Network Behavior Analysis

Apache: Analyze Logs for Malicious Activities & Monitor Server Performance

Securing Your Business s Bank Account

Web Design and Databases WD: Class 7: HTML and CSS Part 3

Web Development CSE2WD Final Examination June (a) Which organisation is primarily responsible for HTML, CSS and DOM standards?

JBoss security: penetration, protection and patching. David Jorm

Finding Security in the Cloud

Web Security School Final Exam

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

Targeted attacks: Tools and techniques

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

MWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May Contents

Chapter 5 Configuring the Remote Access Web Portal

ATTACKS TO SAP WEB APPLICATIONS

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

IBM Security re-defines enterprise endpoint protection against advanced malware

Slide.Show Quick Start Guide

Chapter 1: Your relationship with risk

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

ENABLING FAST RESPONSES THREAT MONITORING

The case for continuous penetration testing

The Importance of Patching Non-Microsoft Applications

QQ WebAgent Quick Start Guide

Transcription:

Tuesday, May, Client-Side Penetration Test Report Introduction This report presents the results of client-side penetration tests conducted by CORE Impact Professional. Unlike remote network attacks, client-side attacks require an end user to perform an action to trigger a compromise of their computer. The report includes detailed information on deployed social engineering attacks such as those that launch exploits via malicious web servers and emails. These attack vectors attempt to compromise end-user systems by exploiting known client-side vulnerabilities or by taking advantage of gaps in end-user security awareness. Once a computer is compromised, an attacker can establish a beachhead to infiltrate further into the organization s back-end network. Client-side attacks are arguably the most difficult to protect against because they take advantage of the human element in a network. In addition to maintaining computers at the current patch level, the best way to protect against these types of attacks is to educate end users on the latest social engineering attack trends and to continuously raise security awareness by testing the end-user community with controlled client-side penetration tests Workspace Summary Name: Started: Finished: Exact Time: Report 5// ::PM 5// ::PM 56 minutes 6 seconds Running Time: minutes 5 seconds All successful client-side attacks Total number of hosts and mobiles compromised through email-borne attacks: Total number of hosts and mobiles compromised through malicious web server attacks: Total number of unique hosts and mobiles compromised through client-side attacks: Total number of compromised hosts and mobiles using decouple: Summary of email-borne attacks Total number of email addresses targeted: Total number of emails sent: Total number of hosts and mobiles compromised through email-borne attacks: Percentage of successful email-borne attacks:.% Summary of malicious web server attacks Total number of malicious web sites deployed: Total number of unique user hits on the malicious web sites: Total number of hosts and mobiles compromised through malicious web server attacks: Number of malicious web server attacks: Number of successful malicious web server attacks: Percentage of successful malicious web server attacks: 6.% CORE Impact Professional - Client-Side Penetration Test Report Page

Summary of exploited client-side vulnerabilities Total number of client-side vulnerabilities successfully exploited: Total number of unique client-side vulnerabilities successfully exploited: Total number of hosts and mobiles successfully exploited by client-side vulnerabilities: Successful client-side exploits per operating system Total* Windows unknown Exploits unknown Windows Operating System & Version * Unknown operating systems are not shown Most successful email-borne attacks - No successful email-borne attacks. CORE Impact Professional - Client-Side Penetration Test Report Page

Most successful malicious web server attacks Web Sites with Highest Number of Compromised Hosts and Mobiles Unit Exploit accessed Exploit successful http://.../packse cnseojysbzczrkkygaa * The number of successful exploit attempts is, at most, equal to the number of exploit access attempts, never greater. Details of non-trojan based email-borne attacks No email templates used. Details of trojan-based email-borne attacks No email templates used Details of malicious web server attacks Web site: http://.../packsecnseojysbzczrkkygaa Exploits: NOCVE-9999-9999: One Link Multiple Clientsides Exploit. Total number of compromised hosts and mobiles: List of hosts and mobiles that were compromised: None Vulnerability description Not available. Additional exploit information http://www.securityfocus.com/bid/97 http://xforce.iss.net/xforce/xfdb/59 http://www.securityfocus.com/archive//9555 http://www.securitytracker.com/alerts/5/apr/676.html Total number of unique hits on the URL: Total number of exploits accessed: Browsers identified: msie 6.. CORE Impact Professional - Client-Side Penetration Test Report Page

Details of Phishing attacks No phishing attacks deployed. Unique email messages sent Exploit Name: NOCVE-9999-9999: One Link Multiple Clientsides Exploit. Subject: Online games <html> <head> <%headinsert%> </head> <body> <%bodyinsert%> <p class="msonormal" style="text-align: center;" align="center"><b><span style="font-size: 8pt; color: rgb(5,, );">ONLINE GAMES: PLAY FOR FREE</span></b></p> <span style="font-size: pt; font-family: "Times New Roman";"><br> Bored of your job? Need a break? Not allowed to install games on your company's workstation?<br> We have the solution for you! Click on the link below and start playing games online, no installation required!!!<br> <br> <%linkbegin%>click To Play<%linkend%><br> <br> Afraid your boss might come back and see you goofing around? Don't worry! <br> >From our game page you are just a click away from your predefined "escape" page! Nobody will ever notice!</span> <%imagetag%> </body> </html> CORE Impact Professional - Client-Side Penetration Test Report Page

Index Description Introduction Workspace Summary (Report ) Successful client-side exploits per operating system Most successful email-borne attacks Most successful malicious web server attacks Details of non-trojan based email-borne attacks Details of trojan-based email-borne attacks Details of malicious web server attacks Details of Phishing attacks Unique email messages sent Page CORE Impact Professional - Client-Side Penetration Test Report Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information