1. Linux small business server
PENTRATION TESTING ZENTYAL NETWORKS
MUSSA KHONJE
Zentyal summit – Zaragoza Oct. 4&5, 2012
2. Linux small business server
Angoni Computer Security Labs ltd
ACSLabs
Mussa Khonje
wildfirelab@gmail.com
www.cehlab.com
Oct. 4th & 5th Zentyal summit 2012 2
3. Linux small business server
Born in East Africa Malawi and joined British Forces Army in year 2000
served most of the time with NATO HQ Germany as Group 6 Information
System Engineer until 2009 .Currenty studing at Staffordshire Universty
BSc in Cyber Security and Digital Forensic
Oct. 4th & 5th Zentyal summit 2012 3
4. Linux small business server
WHY PENTEST NETWORK ?
• Protect bussines Asset
• Protect bussiness integrity
• Protecting bussiness service avalability
• Complant with ISO standard
• Protecting shareholders and public
confidence
Oct. 4th & 5th Zentyal summit 2012 4
5. Linux small business server
HOW IS PENTEST CONDUCTED
• Contract Signed Autholise PENTEST
• Contract might explicity NO DDOS, DOS
imagine if PENTEST EBAY will they afford
server down time.
• Redteam goes to work
Oct. 4th & 5th Zentyal summit 2012 5
6. Linux small business server
PENTEST ZENTYAL NETWORK
• Stages used to conduct Pentest
• Reconassance [ Finding more about the
target]
• Scanning [ Services offered by the target]
• Gain Access [ Gain privilage to the target]
Oct. 4th & 5th Zentyal summit 2012 6
7. Linux small business server
• Maintain Access [Install a backdoor]
• Cover Tracks [ Erase traces of being in the
computer [Event Logs,Registry Edit]
• Make the victim into a zombe to be used in
attack of other computers in the network
Oct. 4th & 5th Zentyal summit 2012 7
8. Linux small business server
HACKERS OS
• Backtrack 5r3 comes with 300 + tools to be used in
Pentration Testing and Digital Forensic
• Popular program used in Pentest if Metasploit
framework
Oct. 4th & 5th Zentyal summit 2012 8
9. Linux small business server
TOOLS USED IN PENTEST
• Nmap latest version is 6.01
• Nessus Vulnability Scanner
• Metasploit Attacking Framework
DEMONSTRATION RAPID ATTACK USING MSF
Oct. 4th & 5th Zentyal summit 2012 9
10. Linux small business server
DEMO HACK WINBOX
• This is showing tools of pentration testing
how their are used and how MSF works .
Oct. 4th & 5th Zentyal summit 2012 10