3-Tier Approach for a True Penetration Test

108 views

Published on

Presented at InnoTech Oklahoma 2016. All rights reserved.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

3-Tier Approach for a True Penetration Test

  1. 1. WHY HAVE A PENETRATION TEST? • Get a Baseline for Security? • Discovery of a Vulnerability? • Secure your Environment? • 3rd Party Perspective? • Make the Auditors Leave you ALONE!? • Want to Get More?
  2. 2. DISCOVERY, RECOVERY AND INTELLIGENCE • LINKEDIN • CISO’S BACKGROUND, CEO BACKGROUND, SECURITY PERSONAL AND THEIR TALENT SKILLS • GOOGLE • FIND IP RANGES, NET WORTH, BUSINESS PARTNERS, KNOWN VULNERABILITIES • PASTE SITES • LEAKED USERNAMES AND PASSWORDS, VULNERABILITY CODE, LEAKED INTERNAL NETWORK INFORMATION • DARKWEB • RAT FOR SALE, LEAKED USERNAME AND PASSWORDS, BLACKMAIL MATERIAL, DARKWEB INTEL OF COMPANY • FORUM / LISTERV • DISCOVER / PURCHASE DATA TO SEE WHAT IS KNOWN ABOUT A COMPANY WITH SOCK PUPPET TECHNOLOGY TIER-1
  3. 3. SCANNING AND VULNERABILITIES Bad 58% Good 23% Okay 10% EH? 9% Awesome Pie Chart Bad Good Okay EH? • Why do We Scan the Environment? • Is one Scanner Good Enough? • Vulnerability is Found. Now What? • Not Practical. Single Scan Next Steps? • 30 Day - Return of the Hack. TIER-2
  4. 4. GETTING EXPOSED, EDUCATED WITH A TOUCH OF INICIDENT RESPONSE • Live Scenario! • We have Identified the Vulnerabilities. • How does a Vulnerability Translate into a Breach? • Does Your Team even known what the Breach would look like? • How do we Stop the Breach!? TIER-3
  5. 5. TAKEAWAYS • Why have a Penetration Test? • Discovery, Recovery and Intelligence. • Scanning and Vulnerabilities. • Exposed, Educate and Incident Response. • Get More from a Penetration Test.
  6. 6. THANK YOU Presented By: Donovan Farrow

×