140 likes | 336 Views
OWASP Mantra-OS. Because the world is cruel. About Me. Attended United Stated Air Force Institute of Technology Defense Acquisition University Platform Security Engineer at. What is Mantra-OS?.
E N D
OWASP Mantra-OS • Because the world is cruel
About Me • Attended United Stated Air Force Institute of Technology • Defense Acquisition University • Platform Security Engineer at
What is Mantra-OS? • Mantra-OS is a virtualized attack platform designed around Mantra Security toolkit and OWASP WTE repository.
What was Mantra-OS developed for? • SCAP testing and professional pen-testing environment optimized for virtual environments. Such as vSphere, XenDesketop, OpenStack, oVirt. • Installation media iso and deployable ovf/ova.
Mantra-OS & HyTrust • Mantra-OS was implemented into HyTrust QA cycle • It is used for SCAP testing and Vulnerability verification testing. • Is deployed through vCenter.
Mantra-OS Virtualization and Security Kernel • GrSecurity Kernel patch and OpenVZ Kernel patch. • Ganeti for Virtual Cluster • KVM implementation as secondary layer of virtualization.
Mantra-OSContainers and Sandboxing • OpenVZ is used as container controller and lxc with arkose d-bus hook to sandbox desktop. • Libvirtd is used as a job handler for virtualization with glib hook.
Mantra-OSEnhanced Security • IDS protection with suricata • Artillery and honeyd for IPS protection • Container based sandboxing • AppArmor, SElinux
Mantra-OSSecurity Audit Tools • OWASP Zap • Burp • Maltego • Metasploit & Armitage • Zenmap
Mantra-OSPacket Capture • Ettercap • Wireshark
Mantra-OSWeb Application Scanners • Skipfish • Nikto • Gruyere
Mantra-OSSQL Injection • Sqlbrute • Sqlmap • Sqlmap intergration with Zap
Mantra-OSIntel Collection • Maltego