Kerem Kocaer 2010/04/14

Similar documents
Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Vinny Hoxha Vinny Hoxha 12/08/2009

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.


Professional Penetration Testing Techniques and Vulnerability Assessment ...

Certified Ethical Hacker (CEH)

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Ethical Hacking Course Layout

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Build Your Own Security Lab

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Client logo placeholder XXX REPORT. Page 1 of 37

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Demystifying Penetration Testing

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CYBERTRON NETWORK SOLUTIONS

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

SONDRA SCHNEIDER JOHN NUNES

Vulnerability Assessment and Penetration Testing

Penetration Testing Report. Client: xxxxxx Date: 19 th April 2014

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

An Introduction to Network Vulnerability Testing

CRYPTUS DIPLOMA IN IT SECURITY

CEH Version8 Course Outline

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Information Security. Training

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Penetration Testing 2014

Penetration Testing. Presented by

June 2014 WMLUG Meeting Kali Linux

NETWORK PENETRATION TESTING

TESTING OUR SECURITY DEFENCES

The Importance of Vulnerability Assessment For Your Organisation

by Penetration Testing

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Certified Ethical Hacker Exam Version Comparison. Version Comparison

How To Classify A Dnet Attack

Network Attacks and Defenses

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing //Vulnerability Assessment //Remedy

A Network Administrator s Guide to Web App Security

Audience. Pre-Requisites

Threats and Vulnerabilities. Ed Crowley

Bust a cap in a web app with OWASP ZAP

Network Penetration Testing

Ethical Hacking and Attack Tools

Attack and Penetration Testing 101

Healthcare Information Security Governance and Public Safety II

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Penetration Testing with Kali Linux

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

!!!!!!!!!!!!!!!!!!!!!!

Detailed Description about course module wise:

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

FSP-201: Ethical Hacking & IT Security

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Vulnerability Scanning & Management

How to hack VMware vcenter server in 60 seconds

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Federated Network Security Administration Framework

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Web application testing

Enumerating and Breaking VoIP

Put into test the security of an environment and qualify its resistance to a certain level of attack.

Using Nessus In Web Application Vulnerability Assessments

How To Test For Security On A Network Without Being Hacked

McAfee Certified Assessment Specialist Network

The Nexpose Expert System

PENTEST. Pentest Services. VoIP & Web.

Penetration Testing Workshop

gathering Dave van Stein 9 april 2009

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Evaluation of Penetration Testing Software. Research

Penetration Test JSPLC. Contact: James, APS (CCNA, CEH) mail.biz

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Penetration testing & Ethical Hacking. Security Week 2014

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Penetration Testing. How Government Can Achieve Better Outcomes. Delivered by Murray Goldschmidt, Chief Operating Officer

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

(WAPT) Web Application Penetration Testing

EC Council Certified Ethical Hacker V8

Detecting and Defending Against Security Vulnerabilities for Web 2.0 Applications

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture

Penetration Testing in Romania

CMPT 471 Networking II

Transcription:

Kerem Kocaer

1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security requirements, policies, guidelines, etc technical security penetration tests, vulnerability analysis, security review of products, infrastructures, web applications, etc.. 2

2 AGENDA / GOALS Today, we shall: define what a pentest is and is not discuss if / why one would need a pentest look at the different types of pentests go through the steps of a pentest experiment have fun 3

3 WHAT IS A PENETRATION TEST "a method of evaluating the security of a computer system or network by simulating an attack from a malicious source" wikipedia Common confusion Vulnerability assessment: scanning for vulnerabilities and filtering out false positives Penetration testing: scanning for vulnerabilities and exploiting them Goal: Demonstrate how to bypass security controls. Simulating a real attack involves exploiting vulnerabilities to demonstrate that the security mechanisms actually fail. Penetration tests can involve "dangerous" attacks that can disrupt availability. Both provide a picture of the current state of security. 4

4 WHY WOULD YOU DO A PENTEST? Discover technical weaknesses and vulnerabilities before the bad guys Prove to Management that security should be taken seriously Test the effectiveness of current security mechanisms, see if they fulfill the requirements Discover problems in internal policies and procedures (when it comes to security administration), system administration, incident management, log management, etc... Reduce attack vectors Obtain higher assurance by continuously testing your systems 5

4 WHY WOULD YOU DO A PENTEST? The Big Picture: Vuln. Assessments and Pen. Tests are compliance requirements ISO 27001 Req 15:2:2: Technical Compliance Checking Information systems shall be regularly checked for compliance with security implementation standards. PCI DSS Req 11: Regularly test systems and processes Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification. LGA Compliance Audit Questionnaire, Question 12.2.2 Has an external assessment of the Gaming System(s) vulnerabilities been conducted? Is there an internal audit process to assess the level of technical compliance with operating procedures? 6

4 WHY WOULD YOU DO A PENTEST? The Big Picture: Vuln. Assessments and Pen. Tests are risk analysis activities OCTAVE Phase 2: Identify Infrastructure Vulnerabilities "the outputs of Phase 2 document the present state of the computing infrastructure with respect to technological weaknesses that could be exploited by human threat actors. 7

4 WHY WOULD YOU DO A PENTEST? The Big Picture: Vuln. Assessments and Pen. Tests are Common Criteria security assurance components CC Part 3 Class AVA: Vulnerability Assessment "The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. 8

5 TYPES OF PENETRATION TESTS Black-box / Gray-box / White-box Destructive / Non-destructive Internal / External Target / environment Infrastructure / Network A single machine Web application Wireless Social engineering 9

6 METHODOLOGY A typical penetration testing project Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 11

6.1 Meeting and planning What type of penetration testing? Black-box or white-box? External or internal? To DoS or not to DoS? Can I exploit humans? What's the target? How many IPs? Firewalls, IDSs, IPSs,? What are the objectives? What is the primary goal? Project planning How many hours? How many consultants? How much time for each step? Coordinate with customer Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 12

6.2 Information gathering Goal: Gather "enough" information about the target Ask the customer (previous phase) Read documentation and diagrams Passive information gathering Internet service registration / WHOIS Domain Name System Website (public docs, robots.txt, error messages,...) Search engines Emails Online analysis websites (netcraft, archive) Tools Maltego Metagoofil Traceroute... Passive sniffing (if hub) Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 13

6.2 Information gathering Active information gathering Spider Check live systems Host enumeration Check open ports Banner grab Fingerprinting OS detection Network mapping including FW, routers, etc. Active sniffing ARP poisoning Switched environment Social engineering Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 14

6.3 Vulnerability scanning Goal: Identify vulnerabilities that can potentially be exploited, based on information gathered in the previous phase Manual search CVE database (nvd.nist.gov) Security Focus (www.securityfocus.com) Mailing lists such as Bugtraq / Full Disclosure (Insecure.org) Google... Automated tools, such as: Nessus Qualys (Core Impact) In web applications: WebInspect Paros / Burpsuite / WebScarab Fuzzing Nikto Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 15

6.4 Penetration testing Time to have some fun... Goal: Exploiting the vulnerabilities that were previously identified, in order to: get access to the target machine, retrieve confidential information, render service unavailable, launch further attacks, etc... Steps: Penetrate Escalate privilege Maintain access Clean up Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 16

6.4 Penetration testing Penetrate! Web search & compile Core Impact-like solutions Metasploit Escalate! Crack admin/root password, with Rainbow tables Dictionnary attack Brute-force Maintain! Rootkits Trojans Clean up! Disable auditing Clean logs Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 17

6.4 Penetration testing Denial of Service Goal: Make a resource unavailable to its intended users Warning: Be sure the customer is cool with that! Some scans and exploits can cause DoS. Include or exclude them according to the agreement with the customer. DoS attacks Smurf Fraggle SYN flood Teardrop Ping of Death.. DDoS! Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 18

6.5 Analysis of results Since we're the good guys, we don't go further than proving that the vulnerabilities are exploitable Steps: Stop Take a deep breath Analyse what a malicious hacker could do with the identified exploit(s) Check if the project goals are met Proceed to documentation Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 19

6.6 Documentation Probably the most boring but the most important step Do not underestimate the time needed for documentation Goal: Classify and report identified risks Classification: High risk Medium risk Low risk Information Mee/ng and planning Informa/on gathering Important sections: Vulnerability scanning Executive summary Penetra/on tes/ng Purpose, scope, limitations Risks, weaknesses, vulnerabilities Risk remediation, recommentations Appendices with logs and screenshots Analysis of results Documenta/on Delivery and presenta/on 20

6.7 Delivery and presentation Present the results during a meeting with the customer Adjust the level of technical detail according to the audience Answer questions Receive feedback Mee/ng and planning Informa/on gathering Vulnerability scanning Penetra/on tes/ng Analysis of results Documenta/on Delivery and presenta/on 21

7 SOCIAL ENGINEERING What's the weakest link? Feelings Phishing Demo: nasty PDF 22

8 WIRELESS A whole big topic of its own, WEP WPA/2 Wardriving Demo: nasty AP 23

9 TOOLS To start with, you can play with: BackTrack Nmap Nessus Metasploit WebScarab Wireshark You can practice with: De-ICE PenTest Discs Metasploit Unleashed WebGoat HackThisSite Hax.tor.hu Damn Vulnerable Linux / WebApp Build your own lab.. Test your own network.. 24

10 RESOURCES Check these websites: milw0rm Security Focus insecure.org packetstormsecurity.org InfoSecNews (maillist / RSS) OWASP Dark Reading Blogs 25

QUESTIONS???? 26

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information