In Trot Open Testing
-
Upload
hashmatulla-amiri -
Category
Documents
-
view
231 -
download
0
Transcript of In Trot Open Testing
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 1/18
Introduction To
Penetration Testing
Paul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLC
http://pauldotcom.com
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 2/18
Outline
• Why should we perform assessments?
• Security Assessment classifications
• Future of security assessments
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 3/18
Why Hack Yourself?
• Security assessments helporganizations to:
• Understand threats for better defense
• Determine risk to make informed ITdecisions
• Test incident handling procedures,intrusion detection systems, and othersecurity
•TSA is a good example
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 4/18
Risk = Threat x Vulnerability
“Risk is a function of the likelihood of a given threat-source's
exercising a particular potential vulnerability, and the resulting
impact of that adverse event on the organization.”
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 5/18
Assessment Classifications
• Target Identification
• Portscanning
• Vulnerability Scanning
• Penetration Testing
• Web Application Testing• Client-Side Exploits
• Source Code Auditing
• “Ethical Hacking” Components
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 6/18
Target Identification
• Local scans, use ARP
• Remote test, use common ports, be sneaky
• RDP (!), SSH known_hosts, netstat, DNS
• Tools
• Nmap - ARP scanning
• nbtscan - NetBIOS scanner, fast!
• Cain & Abel - ARP Scanner
•Superscan - Foundstone tool
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 7/18
Portscanning
• Find open ports on a host
• Often includes service and OSfingerprinting
• Tools include Nmap & Nessus
PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.X
Nmap In The Movies!
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 8/18
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 9/18
Vulnerability Scanning
• Looks at the open port
• Determines the service running
• Performs more actions to determine if aservice contains known vulnerabilities
•Tools include Nessus and other specialized
applications
IT Staff can perform this testing on
their own with inProtect
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 10/18
Penetration Testing
• Takes and identified port, associatedservice which contains vulnerabilities
• Uses an exploit to gain unauthorizedaccess to the target system
•Tools include Metasploit, CANVAS, &Core IMPACT
• Used to find and compile random exploits
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 11/18
Web Application Testing
• Looks for vulnerabilities in webapplications on the web server
• SQL Injection• Remote File Include
• Cross-Site Scripting
• Manipulate the applications to gainunauthorized access
• Commercial tools include AppScanand WebInspect
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 12/18
Client-Side Penetration
Testin• Attempts to exploit applications on a users
desktop system
• Sending email to the user with hopes theywill click a link or open an attachment
• Requires the users email address and a
server reachable from the clients• Core IMPACT is able to automate this
testing
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 13/18Fun to put images on user’s desktops!
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 14/18
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 15/18
Source Code Auditing
• Analyze the source code of applications,looking for vulnerabilities
• Tools include DevInspect and Ounce
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 16/18
Ethical Hacking
• Information Gathering
• Social Engineering
• Password Cracking (remote & local)
• War Dialing
•Wireless (WifI, Bluetooth)
• VoIP, Blackberry, Smartphones, etc...
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 17/18
Future Tactics
• Attacking mobile devices,printers, cameras, access points,
wireless routers
• Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)
Assessments must always continue to help analyze risk!
8/6/2019 In Trot Open Testing
http://slidepdf.com/reader/full/in-trot-open-testing 18/18
/* End */
•Email: [email protected]
• Web: http://pauldotcom.com -Podcast, Blog, Mailing List, IRCChannel, Wiki