190 likes | 327 Views
Presented by: Tyler Leet RISC Services Manager ATTUS Technologies, Inc. Penetration Testing: Defense Through Ethical Weaponization. What is Penetration Testing?. Security audit Ethical hacking Intent is not malicious Have written permission Follow an attacker’s methodology
E N D
Presented by: Tyler Leet RISC Services Manager ATTUS Technologies, Inc. Penetration Testing: Defense Through Ethical Weaponization
What is Penetration Testing? • Security audit • Ethical hacking • Intent is not malicious • Have written permission • Follow an attacker’s methodology • “Point-in-time” tests • Testing should be performed regularly • Configs are modified • New vulnerabilities are discovered • Systems get replaced/updated
Types of Tests • Network • Internal • External • Web Application • Application • Wireless • Physical • White Box • Black Box
Phases of Penetration Testing • Phase 1 – Pre Test Activities • Getting approval • Setting parameters • Scope • Rules of Engagement • Establishing a goal • Phase 2 – Perform the Test • Phase 3 – Post Test Activities • Test report • Exit meeting
Pen Testing Skill Sets • Scripting • Python • Perl • Ruby • Cross-platform Knowledge • Linux • Windows • Packet Analysis/Crafting • Command Line Fu • Database Queries • Debugging • Strong Documentation Skills • Strong Research Skills • Craftiness • Desire to Learn
Five Steps of an Attack • Reconnaissance • Scanning • Gaining Access • Maintaining Access* • Covering Your Tracks* * - Highly Intrusive
I. Reconnaissance • The process of learning about the target • Little to no interaction with target systems • Can provide extremely valuable information Analogy A burglar watches a neighborhood to find the patterns of its residents, what they have in their homes, etc.
Elements of Reconnaissance Internet Searches WHOIS Information Website Reviews Reconnaissance IP Block Information DNS Interrogation Reverse DNS Information
Reconnaissance – Tester’s Toolkit • Maltego • theHarvester • Metagoofil • Foca • Sam Spade • Fierce • Basic operating system components • Dig • WHOIS • Nslookup • Your web browser
II. Scanning • The process of looking for openings on target systems • Identify systems, services and vulnerabilities • First major contact with the target’s systems Analogy A burglar rattles doorknobs and checks windows for any that are open. Also, inspects the doors and windows to see what is available behind them and if they are secure.
Elements of Scanning Network Mapping Vulnerability Scanning Port Scanning Scanning Service Fingerprinting OS Fingerprinting
Scanning – Tester’s Toolkit • NMAP • Netcat • Nessus • Nexpose • OpenVAS • SAINT • Arachni • w3af • Nikto • Wikto • skipfish • Grendel-Scan • DirBuster • Wireshark • Dsniff • Cain and Abel • Ettercap • tcpdump • Kismet
III. Gaining Access • The process commonly associated with “hacking” • Attempt to compromise a device/system • Utilizes information gathered from previous steps Analogy The burglar breaks into the home using the door or window he thinks is the best.
Avenues of Gaining Access Social Engineering Exploiting Vulnerable Software Web Application Attacks Gaining Access Configuration Weaknesses & Flaws Password Attacks
Gaining Access – Tester’s Toolkit • Metasploit • Armitage • Core Impact • Canvas • Rainbow Tables • John the Ripper • Hydra • CoWPAtty • Aircrack • sqlmap • sqlninja • BeEF • Burp • Fiddler • WebScarab • Paros • SET • Hping • Scapy • Taof • Sulley • IDA Pro • OllyDbg • Immunity • Custom exploits • Downloaded exploits*** *** - Use at your own peril
First Hand Pen Test Results • Types of high risk vulnerabilities/weaknesses we commonly encounter: • Default credentials • Outdated software containing vulnerabilities • Web application vulnerabilities • Non-encrypted services that transmit sensitive information • End users!!! • Successful device/service access ~10% • External pen tests only • Most targets did not have large/complex perimeter systems • This % would be higher if disruption concerns didn’t exist and/or SE would have been allowed
Pen Testing Resources • www.owasp.org • www.oissg.org/issaf.html • www.isecom.org/research/osstmm.html • www.pentest-standard.org • www.vulnerabilityassessment.co.uk/Penetration%20Test.html • www.sans.org/reading_room/ • www.backtrack-linux.org • sectools.org • www.offensive-security.com/metasploit-unleashed/ • www.tcpipguide.com/free/t_toc.htm • www.ietf.org/rfc.html
Root Responsibly!!! Final Thought