penetration testing

487 views
448 views

Published on

penetration testing

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
487
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

penetration testing

  1. 1. Introduction ToPenetration TestingPaul Asadoorian, GCIA, GCIHPaulDotCom Enterprises, LLChttp://pauldotcom.com
  2. 2. Outline• Why should we perform assessments?• Security Assessment classifications• Future of security assessments
  3. 3. Why HackYourself?• Security assessments helporganizations to:• Understand threats for better defense• Determine risk to make informed ITdecisions• Test incident handling procedures,intrusion detection systems, and othersecurity• TSA is a good example
  4. 4. Risk = Threat xVulnerability“Risk is a function of the likelihood of a given threat-sourcesexercising a particular potential vulnerability, and the resultingimpact of that adverse event on the organization.”
  5. 5. Assessment Classifications• Target Identification• Portscanning• Vulnerability Scanning• Penetration Testing• Web Application Testing• Client-Side Exploits• Source Code Auditing• “Ethical Hacking” Components
  6. 6. Target Identification• Local scans, use ARP• Remote test, use common ports, be sneaky• RDP (!), SSH known_hosts, netstat, DNS• Tools• Nmap - ARP scanning• nbtscan - NetBIOS scanner, fast!• Cain & Abel - ARP Scanner• Superscan - Foundstone tool
  7. 7. Portscanning• Find open ports on a host• Often includes service and OSfingerprinting• Tools include Nmap & NessusPORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds3052/tcp open powerchute APC PowerChute Agent 6.XNmap In The Movies!
  8. 8. Vulnerability Scanning• Looks at the open port• Determines the service running• Performs more actions to determine if aservice contains known vulnerabilities• Tools include Nessus and other specializedapplications
  9. 9. Vulnerability Scanning• Looks at the open port• Determines the service running• Performs more actions to determine if aservice contains known vulnerabilities• Tools include Nessus and other specializedapplicationsIT Staff can perform this testing ontheir own with inProtect
  10. 10. Penetration Testing• Takes and identified port, associatedservice which contains vulnerabilities• Uses an exploit to gain unauthorizedaccess to the target system• Tools include Metasploit, CANVAS, &Core IMPACT• Used to find and compile random exploits
  11. 11. Web Application Testing• Looks for vulnerabilities in webapplications on the web server• SQL Injection• Remote File Include• Cross-Site Scripting• Manipulate the applications to gainunauthorized access• Commercial tools include AppScanand WebInspect
  12. 12. Client-Side PenetrationTesting• Attempts to exploit applications on a usersdesktop system• Sending email to the user with hopes theywill click a link or open an attachment• Requires the users email address and aserver reachable from the clients• Core IMPACT is able to automate thistesting
  13. 13. Fun to put images on user’s desktops!
  14. 14. Fun to put images on user’s desktops!
  15. 15. Source Code Auditing• Analyze the source code of applications,looking for vulnerabilities• Tools include DevInspect and Ounce
  16. 16. Ethical Hacking• Information Gathering• Social Engineering• Password Cracking (remote & local)• War Dialing• Wireless (WifI, Bluetooth)• VoIP, Blackberry, Smartphones, etc...
  17. 17. Future Tactics• Attacking mobile devices,printers, cameras, access points,wireless routers• Protocol Attacks (WiMax,Bluetooth, EVDO, GSM)Assessments must always continue to help analyze risk!
  18. 18. /* End */• Email: paul@pauldotcom.com• Web: http://pauldotcom.com -Podcast, Blog, Mailing List, IRCChannel,Wiki

×