The 99¢ Heart surgeon dilemma<br />Stefan Friedli<br />
Hi, I’m Stefan.<br />
BSides Vienna<br />
Switzerland<br />
Please note that the views and opinions expressed during this presentation are my own and not necessarily my employers.<br />
The 99¢ heart surgeon dilemma<br />
Pen Testing?<br />
Judging a painter is easy...<br />Good<br />Bad<br />
This is how most of our clients see us<br />Good<br />Bad<br />
Killing «bad» pentesting<br />Overall Quality<br />
5173 Pages<br />
«Due to copyright reasons, all of our documents are print-only by default. If you would like to purchase an electronic ver...
Bombs?!<br />«Due to the incorrect input validation of the parameter «s», arbitrary script code can be executed.»<br />
Impact Metrics?<br /><br />«The amount of bombs depends on the danger the vulnerability causes. (...) There is no uppe...
MS08-067: Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability<br />            ...
Fat Fingers<br />10.231.0.1/24<br />- 10.213.0.1/24<br />9 Days – Wasted.<br />
How can we improve?<br />
SCOPE!<br />
Things that don’t exist:<br /><ul><li>Unicorns
Imaginary childhood friends
A decent Metallica album after 1991
«No Scope»</li></li></ul><li>Scope<br />Time/Effort<br />Money<br />
Out of Scope<br />
Work with the client.<br />
Things get a lot easier...<br />Confrontation<br />Working together<br />
Talk to the suits.<br />
Scanning is stupid.<br />Scanner Monkey Mode<br />run nmap<br />run nessus/nexpose<br />run Metasploit/Core/Canvas<br />db...
Scratching on the surface...<br />Help killing bad pentesting.<br />http://www.pentest-standard.org<br />Check out the PTE...
Upcoming SlideShare
Loading in...5
×

BSides Vienna: The 99¢ Heart Surgeon Dilemma

916

Published on

Presentation held in Vienna on 06/19/2011.

Abstract:
Let's assume you need heart sugery. I hope you don't, but let's just stick with it for a minute. How much would you be willing for someone to fix it and who would you hire to do it? If you are a suicidal emo kid, please do not answer, you are ruining the point here. Here's the thing: People want someone suitable and knowledgable to cut them open and sew them up again and they are willing to pay good money for it. Here are two things you don't want to do:

1) You don't want to hire some old drunk with a pocket knife and a sewing kit from the dollar shop which claims to fix your heart for 100 bucks.

2) You don't want to hire the same guy for 100'000 bucks when he's wearing a white coat and got shiny high tech tools because the last guy paid in advance...

What does this have to do with penetration testing? More than we like, unfortunately. I have met companies that invested thousands of dollars, expecting a pentest and getting a spiced up Nessus report as a result. More subtle nuances of "crappy pentest" might overlook essential threats and leave customers at risk with a false sense of security.

This talk will explore the common mistakes made when performing pentests, which includes the test itself, as well as pre- and post-engagement matters. Also, it applies for testers and customers alike. Also, it might help saving the rainforests.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
916
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

BSides Vienna: The 99¢ Heart Surgeon Dilemma

  1. 1. The 99¢ Heart surgeon dilemma<br />Stefan Friedli<br />
  2. 2. Hi, I’m Stefan.<br />
  3. 3. BSides Vienna<br />
  4. 4. Switzerland<br />
  5. 5.
  6. 6. Please note that the views and opinions expressed during this presentation are my own and not necessarily my employers.<br />
  7. 7. The 99¢ heart surgeon dilemma<br />
  8. 8. Pen Testing?<br />
  9. 9. Judging a painter is easy...<br />Good<br />Bad<br />
  10. 10. This is how most of our clients see us<br />Good<br />Bad<br />
  11. 11.
  12. 12. Killing «bad» pentesting<br />Overall Quality<br />
  13. 13. 5173 Pages<br />
  14. 14. «Due to copyright reasons, all of our documents are print-only by default. If you would like to purchase an electronic version at additional cost, please contact our sales staff.»*<br />* Translated from German<br />
  15. 15. Bombs?!<br />«Due to the incorrect input validation of the parameter «s», arbitrary script code can be executed.»<br />
  16. 16. Impact Metrics?<br /><br />«The amount of bombs depends on the danger the vulnerability causes. (...) There is no upper limit.»*<br />* Translated from German<br />?<br />
  17. 17. MS08-067: Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability<br />                                                                                                                                                                                                                                                                                                                                                                                                                                     <br />
  18. 18. Fat Fingers<br />10.231.0.1/24<br />- 10.213.0.1/24<br />9 Days – Wasted.<br />
  19. 19. How can we improve?<br />
  20. 20. SCOPE!<br />
  21. 21. Things that don’t exist:<br /><ul><li>Unicorns
  22. 22. Imaginary childhood friends
  23. 23. A decent Metallica album after 1991
  24. 24. «No Scope»</li></li></ul><li>Scope<br />Time/Effort<br />Money<br />
  25. 25. Out of Scope<br />
  26. 26. Work with the client.<br />
  27. 27. Things get a lot easier...<br />Confrontation<br />Working together<br />
  28. 28. Talk to the suits.<br />
  29. 29. Scanning is stupid.<br />Scanner Monkey Mode<br />run nmap<br />run nessus/nexpose<br />run Metasploit/Core/Canvas<br />db_autopwn (...)<br />Root as much as you can.<br />Real World Mode<br />Send well-crafted phishing mail<br />Compromise client<br />Beacon out on tcp/443<br />Exfiltrate data<br />Get to the heart of the company.<br />
  30. 30. Scratching on the surface...<br />Help killing bad pentesting.<br />http://www.pentest-standard.org<br />Check out the PTES-G!<br />... and come party with us at Blackhat/Defcon/BSidesLV<br />
  31. 31. One last thing...<br />«We were unable to complete the task because it [the website] was too big.»<br />Thank you, Ben Jackson!<br />http://code.google.com/p/weblabyrinth/<br />
  32. 32. Thank you.<br />The hashdays 2011 conference will be held on October 26th - 29th 2011<br />Lucerne, Switzerland<br />CFP is still open...<br />

×