Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 7th July.
Watch the webinar here - https://youtu.be/BQWcUjzxJE0
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing. Starting from what platform to choose, where to learn, good resources, hardware requirements etc etc. Will also demo you about Mobexler - A Mobile Application Penetration Testing Platform and how you can use it for pentesting of iOS as well as android apps. This talk will be a mix of some demo, and some knowledge.
-
As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked. So can facial and other biometrics. Why, then, is biometric-based authentication so fashionable? Why did one of the largest insurance companies just announce it is rolling out fingerprint and facial recognition for its customers (while it uses Symantec VIP for internal employees)? Did product management and marketing conduct a study that concluded customers feel safer with fingerprint and facial?
Apple’s Touch ID, and VISA’s integration with it are shaping the fashionable trend faster than a Milan runway. Hopefully these short hemlines will fade soon. Apple’s senior vice president, Dan Riccio, irresponsibly claims, “Fingerprints are one of the best passwords in the world.” He probably understands it is easy to reset a password. He probably does not understand how hard it is to reset his fingerprints. Truly the inmates are running the asylum.
This talk will include an overview and demo of the Open Threat Exchange (OTX) and describe some of its information sources, including anonymous sharing from Open Source Security Information Management (OSSIM.) Jaime will share some of his experiences using OTX as a security researcher. He will also provide his thoughts on how OWASP members can benefit from security research and threat intelligence to "build in" security rather than constantly reacting.
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 7th July.
Watch the webinar here - https://youtu.be/BQWcUjzxJE0
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing. Starting from what platform to choose, where to learn, good resources, hardware requirements etc etc. Will also demo you about Mobexler - A Mobile Application Penetration Testing Platform and how you can use it for pentesting of iOS as well as android apps. This talk will be a mix of some demo, and some knowledge.
-
As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked. So can facial and other biometrics. Why, then, is biometric-based authentication so fashionable? Why did one of the largest insurance companies just announce it is rolling out fingerprint and facial recognition for its customers (while it uses Symantec VIP for internal employees)? Did product management and marketing conduct a study that concluded customers feel safer with fingerprint and facial?
Apple’s Touch ID, and VISA’s integration with it are shaping the fashionable trend faster than a Milan runway. Hopefully these short hemlines will fade soon. Apple’s senior vice president, Dan Riccio, irresponsibly claims, “Fingerprints are one of the best passwords in the world.” He probably understands it is easy to reset a password. He probably does not understand how hard it is to reset his fingerprints. Truly the inmates are running the asylum.
This talk will include an overview and demo of the Open Threat Exchange (OTX) and describe some of its information sources, including anonymous sharing from Open Source Security Information Management (OSSIM.) Jaime will share some of his experiences using OTX as a security researcher. He will also provide his thoughts on how OWASP members can benefit from security research and threat intelligence to "build in" security rather than constantly reacting.
5 Tips to Successfully Running a Bug Bounty Programbugcrowd
Learn why bug bounties are great tools in application security, why they can be difficult, and how you can utilize them to start finding more critical vulnerabilities.
Click and Dragger: Denial and Deception on Android mobilegrugq
A presentation on OPSEC for mobile phones, covering the design and reasoning behind the CryptogenMod ROM and the DarkMatter app.
Source for DarkMatter: https://github.com/grugq/darkmatter
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...CODE BLUE
The modern web-scale network is a pretty complicated place. Modern techniques in Systems Management have made it trivial to create, destroy and repurpose any number of instance types. These instances can span the range from bare metal machines sitting in a datacenter, to 3rd party virtual machines on demand, and now these new containers and microservices seem to be all the rage. Instances are cattle, they are no longer pets. All of this perpetual churn and flexibility is exactly what you want in a constantly changing, highly available, and efficient infrastructure. The ability to create or destroy nodes on demand, or continuously and automatically scale up, down, and re-deploy applications as part of a continuous integration pipeline, have become necessary and an integral part of daily operations. However these systems can generate terabytes of network logs a day. And if your job is detecting, correlating, and alerting on the correct anomaly in all that data, the analogy of the needle in the haystack really doesn’t do it justice, something closer would be akin to finding a needle in the windstorm. How do you begin to collect, store, analyze, and alert on this much data without costing the company a small fortune? What are some practical steps you can take to reduce your overall risk and begin to gain more insight, visibility, and confidence into what is actually taking place on your network? This talk aims to give the attendee a solid understanding of the problem space, as well as recommendations and practical advice from someone who built their own ‘big data’ network and security monitor. It really is easier than it sounds.
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html
Modlishka - Is a Mantis Eating 2FA's Lunch?Lance Peterman
In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods.
#CSA #Dehradun
XSS Video POC in Yahoo :
https://www.youtube.com/watch?v=I2WKUJn8P7I
Tapjacking bug poc in Android 6.0 Video :
https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE - ATT&CKcon
This session discusses Deloitte’s purple teaming approach which is using ATT&CK as a guiding principle to help both teams improve.
This session shows how this works in a customer scenario, how to scope that scenario, how to plan the scenario and choose the various TTPs to be covered to how we assist the customers blue team in understanding the TTPs and helping them design detective capabilities for them.
When the Blue Team is able to connect the dots from offensive activities in the network and what they see in their logs, firewalls, SIEMs, etc. they have the ability to fully understand what adversaries do and what the TTP’s of attackers actually look like if they are active in their network.
It’s much easier to find the needle in the haystack if you know there is a needle to find to begin with. Purple teaming is providing this pointy needle, used to accelerate the Blue Team.
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
This presentation was created for the SWIFT Tech Symposium at Calpoly Pomona. Learn the basics of OSINT, but for hunting Internet infrastructure.
-OSINT Basics: Let’ s talk about what it is, why it’s important, how it’s used in the world of Internet infrastructure.
-Understanding Different Use Cases: We’ll take a quick look at examples of how this is valuable for threat hunters, security practitioners, as well as researchers.
-Practice, practice, practice: I’ll end this talk by sharing out some good resources and ideas for how you can sharpen your OSINT skills for security research or for better organization defense.
Attacks and Defense on Voice controlled device.
some of the slides, Figures and Information are collected from the following paper- https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kumar.pdf
Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations.
In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Hacking and Penetration Testing - a beginners guidePankaj Dubey
Learn all about hacking and penetration testing. The phases in hacking, the process of hacking and then learning what is penetration testing. Also get a sense of cyber crimes and cyber security
5 Tips to Successfully Running a Bug Bounty Programbugcrowd
Learn why bug bounties are great tools in application security, why they can be difficult, and how you can utilize them to start finding more critical vulnerabilities.
Click and Dragger: Denial and Deception on Android mobilegrugq
A presentation on OPSEC for mobile phones, covering the design and reasoning behind the CryptogenMod ROM and the DarkMatter app.
Source for DarkMatter: https://github.com/grugq/darkmatter
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...CODE BLUE
The modern web-scale network is a pretty complicated place. Modern techniques in Systems Management have made it trivial to create, destroy and repurpose any number of instance types. These instances can span the range from bare metal machines sitting in a datacenter, to 3rd party virtual machines on demand, and now these new containers and microservices seem to be all the rage. Instances are cattle, they are no longer pets. All of this perpetual churn and flexibility is exactly what you want in a constantly changing, highly available, and efficient infrastructure. The ability to create or destroy nodes on demand, or continuously and automatically scale up, down, and re-deploy applications as part of a continuous integration pipeline, have become necessary and an integral part of daily operations. However these systems can generate terabytes of network logs a day. And if your job is detecting, correlating, and alerting on the correct anomaly in all that data, the analogy of the needle in the haystack really doesn’t do it justice, something closer would be akin to finding a needle in the windstorm. How do you begin to collect, store, analyze, and alert on this much data without costing the company a small fortune? What are some practical steps you can take to reduce your overall risk and begin to gain more insight, visibility, and confidence into what is actually taking place on your network? This talk aims to give the attendee a solid understanding of the problem space, as well as recommendations and practical advice from someone who built their own ‘big data’ network and security monitor. It really is easier than it sounds.
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html
Modlishka - Is a Mantis Eating 2FA's Lunch?Lance Peterman
In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods.
#CSA #Dehradun
XSS Video POC in Yahoo :
https://www.youtube.com/watch?v=I2WKUJn8P7I
Tapjacking bug poc in Android 6.0 Video :
https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE - ATT&CKcon
This session discusses Deloitte’s purple teaming approach which is using ATT&CK as a guiding principle to help both teams improve.
This session shows how this works in a customer scenario, how to scope that scenario, how to plan the scenario and choose the various TTPs to be covered to how we assist the customers blue team in understanding the TTPs and helping them design detective capabilities for them.
When the Blue Team is able to connect the dots from offensive activities in the network and what they see in their logs, firewalls, SIEMs, etc. they have the ability to fully understand what adversaries do and what the TTP’s of attackers actually look like if they are active in their network.
It’s much easier to find the needle in the haystack if you know there is a needle to find to begin with. Purple teaming is providing this pointy needle, used to accelerate the Blue Team.
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
This presentation was created for the SWIFT Tech Symposium at Calpoly Pomona. Learn the basics of OSINT, but for hunting Internet infrastructure.
-OSINT Basics: Let’ s talk about what it is, why it’s important, how it’s used in the world of Internet infrastructure.
-Understanding Different Use Cases: We’ll take a quick look at examples of how this is valuable for threat hunters, security practitioners, as well as researchers.
-Practice, practice, practice: I’ll end this talk by sharing out some good resources and ideas for how you can sharpen your OSINT skills for security research or for better organization defense.
Attacks and Defense on Voice controlled device.
some of the slides, Figures and Information are collected from the following paper- https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kumar.pdf
Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations.
In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Hacking and Penetration Testing - a beginners guidePankaj Dubey
Learn all about hacking and penetration testing. The phases in hacking, the process of hacking and then learning what is penetration testing. Also get a sense of cyber crimes and cyber security
Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.
Key Takeaways:
-Great places in the user journey to inject security tests
- Ways to augment existing test approaches to cover security concerns
- Typical security tools that are free, cheap, and easy for software testers
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
Billions are being spent on network and endpoint security each year and yet companies continue to get breached and become big news headlines. So the question remains: How can organizations protect their network and applications while detecting unwanted users and potential attackers? Join 451 Research and SecureAuth as we explore the current state of information security and discuss some of the emerging access control technologies that can help address these challenges.
In this informative webinar you will learn:
•Why the future of access control will require higher security while improving user experience
•How adaptive access control techniques can protect against an attack using multi-layered risk analysis
•How using Behavioral Biometrics can identify anomalous user behavior - continuously
This presentation was delivered at SkyDogCon 6 in October 2016. The A/V is available here: https://www.youtube.com/watch?list=PLLEf-wPc7Tyae19iTuzKOXmPj-IQBIWuU&v=mKxGulV2Z74
It is an updated version of the original deck presented at BSides Augusta 2016 - Added original content including information on use cases and added definition/clarity.
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
Certified Ethical Hacking - Book Summaryudemy course
Book summary of the course Certified ethical hacking.
Basic course on Penetration Test:
https://www.udemy.com/basic-professional-penetration-tests/?couponCode=HACKING%408
Similar to A Journey Into Pen-tester land: Myths or Facts! (20)
Materi yang saya sampaikan pada cara Focus Group Discussion (FGD) BSSN mengenai peraturan Voluntary Vulnerability Disclosure Program (VVDP) milik BSSN, berkaitan dengan uji publik peraturan. Semoga bermanfaat
Cybercrime: A threat to Financial industryAmmar WK
Cybercrime to Financial Services, aimed at taking over customer transactions and online banking sessions, also
attacks against the financial institutions
themselves.
Pemateri akan membahas tentang fenomena "bug bounty" di dunia keamanan, membahas juga
mengenai "0day" exploit yang menjadi senjata andalan para pelaku kejahatan siber sampai "APT actor",
dan mengajak bersama-sama untuk membahas apakah benar "bug bounty" dapat membendung dampak dari 0day exploit.
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
The content:
1. Discuss about famous web attack vector
2. DVWA low security level walkthrough
3. Web Application Security Tools, nikto and nmap
4. Burp Suite Usage
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
2. Ahmad Muammar WK, OSCE, OSCP, eMAPT.
•Professional hacker/Penetration tester
•Doing offensive security/hacking for 15+ years
•Founder of echo.or.id & idsecconf.org
•Web: http://me.ammar.web.id
•email: me@ammar.web.id
•twitter: @y3dips
3. A Journey into Pen-tester Land: Myths or Facts - y3dips
•About Penetration Testing
•How to become Penetration Tester
•Myths or Facts Around Pen-test
Agenda
5. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Is a way to Validate/check the level of
security on every aspect of IT
Infrastructure.
•Also to ensure that necessary security
controls are integrated into the design and
implementation.
•To prepare for better enhancement
IT Security Assessment
6. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Vulnerability Assessment
•Penetration Testing
•Security Audit
IT Security Assessment
7. A Journey into Pen-tester Land: Myths or Facts - y3dips
•A vulnerability assessment is usually
carried out by security vulnerability
scanner application. Most of the product
test type of Operating system, application,
patch level, user account and else.
•Vulnerability scanner identify common
security configuration mistakes and
common attack.
Vulnerability Assessment (VA)
8. A Journey into Pen-tester Land: Myths or Facts - y3dips
Vulnerability Assessment (VA)
9. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Most part are checklist-based (corporate
security policies or regulation standards
(ISO) or PBI)
•IMPORTANT for being complied with
security policies, legislation and standards
•e.g: is there any backups? ANTIVIRUS?
Security Audit
10. A Journey into Pen-tester Land: Myths or Facts - y3dips
Security Audit
http://vsanspareil.com/security-audit-report-template/security-audit-report-template-2/
11. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Is When a “Hacker” do the attacker work.
•The only goal is to get as much as possible
and as deep as possible to break into the
system.
Penetration Testing
12. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Vulnerability Assessment identifies the
“possible” vulnerabilities (Also false
positive).
•Penetration Testing validates the
vulnerability.
VA vs Pen-test
13. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Security Audits important for being
complied with security policies, legislation
and standards.
•Pen-test compliment Security Audit and
help to fix security threat before an
attacker discovers it.
Security Audit vs Pen-test
14. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Check sensitive information available.
•Check what kind of privileges pen-tester
gain.
•Check if it is possible to escalate privileges.
•Check if Vulnerability can lead to more
exploitation (another application, system,
or server, scope).
Pen-test
15. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Should be only Blackbox!
•Black box: 0 information about the system,
maybe only the ip/domain name. Full
attacker perspective
•grey box: partial information about a
system, simulate attack by employee,
vendors.
•White box: significant information about a
system, source code/configuration review.
Type of Pen-test
16. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Ideal = no scope that limited the
activity.
•Wire Network Infrastructure
•Wireless Network Infrastructure
•Application Infrastructure
•Operating System Infrastructure
•Physical Infrastructure
•Social Engineering (people hacking)
Pen-test Scope?
17. A Journey into Pen-tester Land: Myths or Facts - y3dips
Pen-test Methodology
!
18. A Journey into Pen-tester Land: Myths or Facts - y3dips
ISSAF
19. A Journey into Pen-tester Land: Myths or Facts - y3dips
Demo [Video 1]
21. A Journey into Pen-tester Land: Myths or Facts - y3dips
•IT Security Officer
•IT Security Analyst
•IT Security Auditor
•IT Security Engineer
Information Security Professional
22. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Security Contact Point for Organisation
•Principle Advisor for IT Security
•Ensure Security Program Running ( Security
Awareness course, etc)
•Creating Security Policy, Procedures,
Hardening guide
•Title: CSO, CISO, Head of IT Security, VP
Security, IT Sec Manager
IT Security Officer
23. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Monitor all type of access to protect
confidentiality and integrity
•Provides Direct Support and Advise to the
IT Security Manager
•Title: System Security Analyst, Network
Security Analyst
IT Security Analyst
24. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Auditing an Organisations Technology
processes and security.
•IT General Controls Reviews
•Application Controls Reviews
•Title: Security Auditor, Penetration Tester
IT Security Auditor
25. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Maintenance Computer Hardware and
Software that comprises a computer
Network
•Doing a Security hardening and
Configuration
•Title: System Security Engineer, Network
Security Engineer
IT Security Engineer
27. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Penetration Tester
•Ethical Hacker
•Professional Hacker
•Information Security Professional
•Red Team officer
Pen-tester
28. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Recently, New ‘Hot’ Profession beyond and
separate from Security Auditor.
•Nowadays so many Information Security
Curriculum, Faculty, also a University.
•High Demand because of Regulation,
especially the growth in electronic
transactions.
Pen-tester
29. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Skillset, Knowledge
•Experience
•Attitude
•Able to work independent/group
•..
Requirements
30. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Knowledge of Operating System
•Knowledge of Networking
•Knowledge of Application
•Knowledge of Programming
•Much more :)
Skillset, Knowledge
31. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Self-taught Hacker
•Formal Education
Skill & Experience
32. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Join in the community/hacking group
•Gain their hacking knowledge by Hacking
•Hack to Learn not otherwise.
•Often start as kiddies and hike the way into
Hackers
Self-Taught Hacker
33. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Newbie (larva) > kiddies < Hacker (elite)
•Know the Tools, Able to use the tools and
modify; But, Do not know how the tool
“really” works.
kiddies
34. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Gain Information Security/Knowledge from
formal Education, Course, Certification
Formal Education
35. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Most of University (nowadays) has Info-sec
curriculum.
•ITB has Master engineering of Information
Security.
Formal Education
37. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Self-Taught [+] / Formal [-]
•Proven Skill and Experiences
•Able to do a proof of concept
Self-Taught Hacker vs Formal
Education
38. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Self-Taught [-] / Formal[+]
•Lack of Methodologies
•Lack or Organisations/Managerial
Self-Taught Hacker vs Formal
Education
39. A Journey into Pen-tester Land: Myths or Facts - y3dips
•[+] Need to Boost
•Willing to learn, share and teach.
•Eager to learn new things faster.
•…
Attitude
40. A Journey into Pen-tester Land: Myths or Facts - y3dips
•[-] Need To Avoid at all costs!
•Become Drama Queen/King!.
•like to selfie around data centre, client
server, target.
•publish post in social media especially
about client and the weakness even with
or without NDA.
•Always take and not give.
Attitude
41. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Able to work Alone (individual),
•or a Team Player
Work
42. A Journey into Pen-tester Land: Myths or Facts - y3dips
Demo [Video 2]
44. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Myth!
•Penetration Testing validates the
vulnerability.
•If the company get Pen-tests report that
look like VA reports, then blame your
selection process of pen-tester.
Pen-test is just “marketing VA”
46. A Journey into Pen-tester Land: Myths or Facts - y3dips
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
47. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Myth!
•They do need to have knowledge about
the target but not to be a master of all
(since it won’t be possible)
•Great Pen-tester should be a fast learner
and able to adapt since most of the system
he never interact before even heard.
•Technologies will always changing and
improves and hard to stick to only one.
Great Pen-tester is “master” of
programming, networking, ….
everything!
48. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Myth!
•Ideally pen-test not cover every
vulnerability, because it’s only the one that
give access even the smallest vulnerability.
•Security is a process.
•Now you are secure, next minute is not.
•Compare to actual criminal, pen-tester
limited by time, scope, resources.
After fixing pen-test result,
Yeay we are secure!
49. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Myth!
•Truth is VA results are equal!
•Even with same School or Certifications.
•Thats why “smart company” spend time on
sorting the pen-tester. (beauty contest,
administrations, go through the cv for
every pen-tester, etc)
Pen-tester are Equal!
50. A Journey into Pen-tester Land: Myths or Facts - y3dips
•Myths!
•Targeting Low Hanging Fruit Vulnerability
first.
•Weak/Default Password
•Out-of-date and vulnerable version
usage.
•Security Misconfiguration
•…
•Well, some are really sophisticated, since it
already being pen-test over and over ;)
Wow, pen-test is always
sophisticated!
51. A Journey into Pen-tester Land: Myths or Facts - y3dips
Wow, pen-test is always
sophisticated!
https://xkcd.com/538/
52. A Journey into Pen-tester Land: Myths or Facts - y3dips
Wow, pen-test is always
sophisticated!
http://allthetropes.wikia.com/wiki/Hollywood_Hacking