Penetration Testing Using The Kill Chain Methodology



Similar documents
Penetration Testing with Kali Linux

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CRYPTUS DIPLOMA IN IT SECURITY

Vulnerability Assessment and Penetration Testing

CYBERTRON NETWORK SOLUTIONS

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Discovering passwords in the memory

Post Exploitation. n00bpentesting.com

I Hunt Penetration Testers!

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Vulnerability analysis

Detailed Description about course module wise:

Social Engineering Toolkit

Learn Ethical Hacking, Become a Pentester

IDS and Penetration Testing Lab ISA656 (Attacker)

Metasploit The Elixir of Network Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Audience. Pre-Requisites

The Open Cyber Challenge Platform *

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

FORBIDDEN - Ethical Hacking Workshop Duration

Smartphone Pentest Framework v0.1. User Guide

Metasploit Lab: Attacking Windows XP and Linux Targets

Hands-on Hacking Unlimited

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Defcon 20 Owning One To Rule Them All. Dave DeSimone Manager, Information Security Fortune 1000

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Thick Client Application Security

Maintaining Access CHAPTER 10 CHAPTER OVERVIEW AND KEY LEARNING POINTS INTRODUCTION INFORMATION IN THIS CHAPTER

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

LINUX / INFORMATION SECURITY

How to hack a website with Metasploit

VESZPROG ANTI-MALWARE TEST BATTERY

Computer Security DD2395

Loophole+ with Ethical Hacking and Penetration Testing

Firewalls and Software Updates

IDS and Penetration Testing Lab ISA 674

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Hacking Database for Owning your Data

Security A to Z the most important terms

BSIDES Las Vegas Secret Pentesting Techniques Shhh...

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

IDS and Penetration Testing Lab II

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Metasploit: Penetration Testing in a Virtual Environment. (Final Draft) Christopher Steiner. Dr. Janusz Zalewski. CNT 4104 Fall 2011 Networks

CEH Version8 Course Outline

Vulnerability Assessment Lab

5 Steps to Advanced Threat Protection

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Walkthrough

Kautilya: Teensy beyond shells

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

EECS 354 Network Security. Introduction

Penetration Testing LAB Setup Guide

Secure Your Mobile Workplace

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

Custom Penetration Testing

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Certified Cyber Security Analyst VS-1160

Virtualization System Security

Hackers: Detection and Prevention

How To Use Powerhell For Security Research

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

PuttyRider. With great power comes great responsibility. # Pivoting from Windows to Linux in a penetration test. Adrian Furtunã, PhD adif2k8@gmail.

Passing PCI Compliance How to Address the Application Security Mandates

Net Protector Admin Console

Computer Networks & Computer Security

Worms, Trojan Horses and Root Kits

Cisco IPS Tuning Overview

Post-Access Cyber Defense

Contents Who Should Read this Book... 3 Credits:... 3 Introduction and background... 3 Lab Setup... 3 A primer on windows user privileges...

Penetration Testing - a way for improving our cyber security

Lab 12: Mitigation and Deterrent Techniques - Anti-Forensic

Advanced Endpoint Protection Overview

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

The Top Web Application Attacks: Are you vulnerable?

HoneyBOT User Guide A Windows based honeypot solution

NAS103: Essentials of Network

How We're Getting Creamed

Anatomy of an ethical penetration test

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

PowerShell for Penetration Testers

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Transcription:

Penetration Testing Using The Kill Chain Methodology Presented by: Rupert Edwards

This course is intended for a technically astute audience.this course is 98% hands on.the attendee should have some basic knowledge of the systems being tested in this courses scenarios and lab. This course will focus on three areas: methodology, tools, and technique. Let us note that there are tons of tools that will net the same results. To maintain focus on all three aspects, we will be using just a small subset of popular pentesting tools. If I may add, some of my favorite tools did make it on the list, such as shellter and the backdoor factory. Other tools outside of the Kill Chain tools will be discussed and used in this course. Refer to the syllabus for more detail. What will not be covered in this material: We will not rehash definitions of white hat vs black hat vs gray hat. The assumption is made that you know what penetration testing is and what it entails a pen tester s job. Let us start by stating the fact I am not a lawyer (INAL). You should be aware of the legal ramification that comes with being a pen tester. Know the rules of engagement. Without any rules established, it defaults to a black hat scenario hence is not good. This material will not go over every tool in detail and usage. These tools are feature rich. What will be covered in this material: Why the need for a penetration test. A description of a pen tester. Most importantly, it is to get your Kill Chain environment setup. Also to get familiar with the tools. This document s main focus is on the software installation and tools setup thereafter. It will also introduce some terms that are thrown around a lot in the pen testing community and are often used within the tools themselves. 1

Penetration Testing The goal: to identify security vulnerabilities in systems and humans. The Benefits of Penetration Testing: Preventing financial loss Preserving corporate image Easy targets are often referred to as low hanging fruit. These systems tend to make up a good portion of the botnets. What is a Penetration Tester? A penetration tester s job is to see how deep into a system one can penetrate. A system might include, but not limited to, the applications group, desktops group, mobile group, and servers group. A system may also be a logical system that might include all things related to Information Technology (IT) inside the building and outside the building, which may include the IT staff and its in house training and how it responds to an incident. Because such systems are very complex, it is imperative to detail every bit of information and by what means it was acquired. Not all the information will be useful or necessary in the final analysis, but some vulnerabilities are not immediately obvious. Penetration testing is not very useful without proper documentation and remediation. The pen tester s paramount concern should be on the remediation. Recommended read: Models of a Red Team Operations 2

The Kill Chain approach to penetration testing What is Kill Chain? From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision, order to attack the target, and finally the destruction of the target. 1. Reconnaissance Uses social engineering to find weaknesses in the target s security posture. 2. Weaponization Crafting attack tools for the target system. 3. Delivery Delivering the attack tools to the target system. 4. Exploit The malicious file intended for an application target system or the operating system vulnerabilities control objectives is opened by the victim on target system. 5. Installation Remote control program installed on target system. 6. Command & Control Successfully compromised hosts will create a C2 channel on the Internet to establish a connection with the C2 server. 7. Actions After the preceding process, the attacker will continue to steal information about the target system, undermine the integrity and availability of information, and further to control the machine to jump to attack other machines, to expand the sphere of influence. 3

A walk through of Kill Chain and its attacks tools killchain.py: Kill Chain was created for training pentesting methodology to a large group of students and professionals. 4

Anonymizer The Kill Chain console is equipped with a build in anonymizer that uses the Tor network for anonymity. Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. courtesy tor website The Kill Chain De Anonymizer should be self explanatory. Kill Chain SET tool kit is for reconnaissance and social engineering The Social Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open source Python driven tool aimed at penetration testing around Social Engineering. SET has been presented at large scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social engineering penetration tests and supported heavily within the security community. The Social Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social engineering type environment. 5

TrustedSec believes that social engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, Metasploit: The Penetrations Tester s Guide written by TrustedSec s founder as well as Devon Kearns, Jim O Gorman, and Mati Aharoni. courtesy TrustedSec website 6

Kill Chain OpenVas to perform vulnerability assessments against target. OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. courtesy OpenVas website 7

Veil Evasion generate payload executables that bypass common antivirus solutions. courtesy veil Framework website 8

Kill Chain WebSploit Advanced MITM Framework perform social engineering along with man in the middle attacks and much more. This is full feature pentesting tool. Kill Chain Metasploit Framework is for executing exploits against targets. The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best known sub project is the open source [2] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub projects include the Opcode Database,shellcode archive and related research. The Metasploit Project is well known for its anti forensic and evasion tools, some of which are built into the Metasploit Framework. 9

Kill Chain WiFite For wireless site survey. 10

Setting up your Kill Chain environment What software is required: Pen testing OS: K Linux Free Download Virtual Machine Applications: VMWare Player Free VirtualBox Free Download for Linux, Windows, and OSx Parallels Costs Money; For OS X Installing Killchain.py sudo apt get update Follow the screenshots below. In the screenshot I am root. sudoapt get installwebsploitopenvasveil evasiontor sudogitclonehttps : //github.com/ruped24/killchaincdkillchain sudopythonkillchain. py 11

Once the installation is complete. Go through the options on the menu. Option 4, OpenVas takes a while on first run. Go get a coffee or two. You can launch multi Kill Chain sessions. No need to watch paint dry. Once OpenVas setup has completed. Reset openvas web interface admin password by running the commands below in an external terminal. openvas start openvasmd user = admin new password = Your_new_reset_admin_password Point your browser to https://localhost:9392 Login Username = admin Login Password = Your_new_reset_admin_password Option 5, note on Veil Evasion: Veil Evasion will complete the setup upon launch. Accept all the defaults. This takes a while. Done leave the screen tho, there re dialog you will have to click through. Once it s complete, it will auto launch. Option 6; Websploit: To exit websploit, type exit. Option 7; Metasploit: To exit metasploit, type exit. Option 8; WiFite: It is for site survey. Within the context of this course. Run wifite in an external terminal to do wireless attacks against target. Now you should be cooking with gas Tell me and I ll forget; show me and I may remember; involve me and I ll understand. 12

Terms and definitions: Target A target is a specific system or a specific systems group. C2 Serve r Command and control servers, also called C&C or C2, are used by attackers to maintain communications with compromised systems within a target network. The terms command and control are often bandied about without a clear understanding, even among some security professionals, of how these communications techniques work to govern malware. Exploits Exploit code is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial of service attack. Injection Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or inject ) code into a vulnerable computer program and change the course of execution. The result of successful code injection is often disastrous (for instance: code injection is used by some computer worms to propagate). Payload A payload refers to the part of malware which performs a malicious action. In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software s harmful results. Shellcode Shellcode is basically a list of carefully crafted instructions that can be executed once the code is injected into a running application. Stack and heapbased buffer overflows are the most popular way of doing so. The term shellcode literally refers to written code that starts a command shell. Encoder An encoder is a device, circuit, transducer, software program, algorithm or person that converts information from one format or code to another, for the purposes of standardization, speed or compressions. 13

Backdoor A backdoor is an undocumented method of gaining access to program or a computer by using another installed program or rootkit that bypasses normal authentication. The backdoor is generally written by the programmer who created the original program and is often only known to that person. Reverse shell A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved. Bind shell Bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection. The attacker then connects to the victim machine s listener which then leads to code or command execution on the server. Meterpreter Meterpreter is an advanced, dynamically extensible payload that uses in memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client side Ruby API. It features command history, tab completion, channels, and more. Site survey A wireless site survey, sometimes called an RF site survey or wireless survey, is the process of planning and designing a wireless network, to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability and Quality of Service (QoS). Tell me and I ll forget; show me and I may remember; involve me and I ll understand. Cyber Kill Chain is a registered trademark of Lockheed Martin. 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information