Your SlideShare is downloading. ×
0
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Vulnerability Ass... Penetrate What?

1,770

Published on

This is a high level introduction to vulnerability assessment and penetration testing given at Hacker Halted 2010.

This is a high level introduction to vulnerability assessment and penetration testing given at Hacker Halted 2010.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,770
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
145
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. Vulnerability Ass... Penetrate What? You are doing it wrong! Hacker Halted 2010
    • 2. Jorge Orchilles is a South Florida Information Security ProfessionalInformation * field for over 8 yearsSecurity Analyst for Fortune 10 company (not speaking ontheir behalf, LinkedIn.com for more ;)Consultant by night - Orchilles ConsultingBBA and MS in MIS - Florida International UniversityAuthor - Microsoft Windows 7 Administrator’s Reference(Syngress)Certs - CEH, GCIH, CICP, CCDA, CSSDA, MCTS, MCP,Security+Organizations - VP of SFISSA, OWASP, Hack Miami,InfraGard, MECTF
    • 3. We will be discussing how to perform a vulnerabilityassessment (VA) or penetration test (PenTest) toprovide the most value to the target business Audience Feedback Terminology Planning (scope) Testing Reporting
    • 4. What does the audience know about VAand/or PenTesting and/or Ethical Hacking Does your company have a VA or PenTest policy or had an assessment performed against your organization? Internal or third-party testing? Have you ever performed a VA or PenTest? Internal or for another organization?
    • 5. VA and/or PenTests are performedto bring business valueMeasure the organizations business riskWhat is the business trying to accomplish orget out of the test? Identify vulnerabilities Add realism to threats Test defenses (IDS, IPS, Firewall, AV, etc) Compliance :(
    • 6. TerminologyVulnerability - a flaw or weakness in systemsecurity procedures, design, implementation, orinternal controls that may be exploitedThreat - any potential danger to information oran information systemAttack - an effort by a threat agent to launch athreat by exploiting a vulnerabilityRisk - compromised of the factors of threats,vulnerabilities, and current value of assets
    • 7. Vulnerability Assessments andPenetration Testing are differentVulnerability Assessment (VA)- process ofidentifying, quantifying, andprioritizing the vulnerabilities in a systemPenetration Testing (PenTest)- simulatingan actual attack. May not identify allvulnerabilities.Difference is in the scope (is exploitationallowed; how far can you go)
    • 8. Defining the scope is criticalWhat does the business want?External or Internal: External testing is more realistic of an external attacker Internal testing is more realistic to an insider threat or once an external attacker has breached the perimeter. Easier to identify vulnerabilitiesType of testing: Black Box testing - no authentication White Box testing - authenticated testingWho will be notified?What systems will be tested?When may they be tested (green zones)?What systems may be exploited?Social Engineering allowed?Physical, Wireless, Web App, Network testing?
    • 9. Attackers do not have theseboundariesAttackers don’t have ascope or testing timesAttackers don’t stop oncethey get rootAttackers don’t haveportions of the testremoved from scope
    • 10. Manage the VA or PentestSales Engineer - understands technicaland businessProject ManagerPrimary TesterSecondary TesterSpecialized testers?Communication is key!
    • 11. The kick off call is veryimportant for everyoneThis is the conference that must occur beforethe testing beginsIt is mainly to confirm the scopeA great time and opportunity for the testersto understand the business and processes(reason for the systems in the first place)Notify business where you will be attackingfrom (if in scope)
    • 12. Different MethodologiesInformation System SecurityAssessment Framework (ISSAF)Open Source Security TestingMethodology Manual (OSSTM)Project Management Body of KnowledgeCombination of these and some of yourown
    • 13. The testing process may varydepending on scopeStep 1: Information GatheringStep 2: ScanningStep 3: Identify and ValidatevulnerabilitiesStep 4: Exploitation, Post-Exploitation,and clean-up (Pen Testing)Step 5: Reporting
    • 14. Information Gathering isVERY importantUnderstand and learn the networkLearn about your targetDevelop your attack for this specifictargetThis will ensure the other steps don’t fail
    • 15. Gathering Information istime consuming but worth itGoogle Hacking (Dorks)Social NetworksMailing ListsDNS (whois, host)
    • 16. Scanning“One machine can do the work of fifty ordinary men. No machinecan do the work of an extraordinary man.” – Elbert HubbardAutomated Scanning nmap - identify hosts, OS, services Nessus - based on nmap (Nmap NASL) and intel configure the scanManual Testing Difference between you and others
    • 17. Vulnerability Identification &VerificationGo through the automated and manualscan output http://cve.mitre.org http://osvdb.org/Must verify all identifiedvulnerabilities as they may be falsepositive
    • 18. ExploitationFrameworks Metasploit Core Impact Immunity CanvasManual http://www.exploit-db.com/ http://inj3ct0r.com/
    • 19. OMG! I g0t r00t!So what?This brings no business value!Dig deeper - find: Intellectual property Future projections Confidential or Secret documents
    • 20. Clean-up your mess!After exploitation and digging deeper,clean up your mess!Very important to document what youdid.If this step fails we as an industry lookbad!
    • 21. The report is the mostimportant to the businessWho will get the report? SysAdmins get technical Management gets summarySpend time writing the report! Makesure it is understandable and bringsvalue!
    • 22. Most organizations and serviceproviders are not doing it rightLack of talent and focusMany cheap providers of VA and PenTestsReason for testing = Compliance
    • 23. How it should be done
    • 24. Remediation & RetestingThe report alone doesn’t bring value ifthe issues are not fixed.Assist the business in fixing. Providerecommendations to issues on the report.Retest once the business thinks theyfixed the issue
    • 25. Thank youEmail: jorge@orchilles.comBlog: http://www.orchilles.com/Twitter: jorgeorchilles

    ×