Penetration Testing
                            for System
                          Administrators
                      ...
Agenda

                    • Introduction
                    • Description of Penetration Testing
                    • ...
Introduction

                    • Information Security Engineer at SAS
                    • Columnist at EthicalHacker....
Description of Pen
                                    Testing

                    • Means different things to different
...
Overview of Process


                    • Recon
                    • Discovery/Scanning
                    • Enumerati...
Recon


                    • Non Invasive
                    • Whois
                    • Google
                    • ...
Discovery/Scanning


                    • Port Scans
                    • In-depth DNS queries
                    • Vul...
Enumeration



                    • SMB enumeration
                    • Oracle DB Enumeration
                    • Use...
Exploitation


                    • Leverage information gathered
                    • Verify vulnerability information
...
Walkthroughs



                    • Recon
                    • Scanning
                    • Exploitation




Thursday...
Scanning

                    • Nmap Scans
                          • Port/Service/OS Identification
                    •...
Exploitation/
                                 Verification

                    • Metasploit
                          • P...
Docs/Training

                          • SANS Sec504 : Incident Handling
                          • SANS Sec580: Metasp...
Questions?


                    • Contact Info:
                          • Twitter: @sussurro
                          ...
Upcoming SlideShare
Loading in …5
×

Pen test for sys admin

1,502 views
1,387 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,502
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
66
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pen test for sys admin

  1. 1. Penetration Testing for System Administrators Sept 13, 2010 ryan Linn NCSA Meeting Thursday, September 23, 2010
  2. 2. Agenda • Introduction • Description of Penetration Testing • Overview of Process • Walkthrough of Common Tasks • Questions/Closing Thursday, September 23, 2010
  3. 3. Introduction • Information Security Engineer at SAS • Columnist at EthicalHacker.net • Contributed code to Metasploit, Browser Exploitation Framework (BeEF), and Nikto • Spoken at numerous regional and national security conferences Thursday, September 23, 2010
  4. 4. Description of Pen Testing • Means different things to different people • Find vulnerabilities and stop • Find vulnerabilities and verify • Find vulnerabilities and see how far you can get • For today: Find vulnerabilities and verify Thursday, September 23, 2010
  5. 5. Overview of Process • Recon • Discovery/Scanning • Enumeration • Exploitation Thursday, September 23, 2010
  6. 6. Recon • Non Invasive • Whois • Google • Basic DNS Queries Thursday, September 23, 2010
  7. 7. Discovery/Scanning • Port Scans • In-depth DNS queries • Vulnerability Scanning • OS Identification Thursday, September 23, 2010
  8. 8. Enumeration • SMB enumeration • Oracle DB Enumeration • User enumeration Thursday, September 23, 2010
  9. 9. Exploitation • Leverage information gathered • Verify vulnerability information • Possibly go back to gather more information if successful Thursday, September 23, 2010
  10. 10. Walkthroughs • Recon • Scanning • Exploitation Thursday, September 23, 2010
  11. 11. Scanning • Nmap Scans • Port/Service/OS Identification • Nessus/OpenVAS • Vulnerability Scanner • Safe Checks/Unsafe Checks Thursday, September 23, 2010
  12. 12. Exploitation/ Verification • Metasploit • Penetration Testing Framework • Aids in Exploit Development • Exploitation of Vulnerability • Also has scanning capability Thursday, September 23, 2010
  13. 13. Docs/Training • SANS Sec504 : Incident Handling • SANS Sec580: Metasploit Kung Fu for Enterprise Pen Testing • http://www.offensive-security.com/ metasploit-unleashed • http://www.EthicalHacker.net Thursday, September 23, 2010
  14. 14. Questions? • Contact Info: • Twitter: @sussurro • Blog: blog.happypacket.net • http://www.ethicalhacker.net Thursday, September 23, 2010

×