The document summarizes the creation of a penetration testing laboratory by Thomas Butler for his master's degree project. It describes setting up three virtual machines - an "attack machine" running Backtrack5R3, and two "victim machines", one running Metasploitable and another running Badstore.net. Appendices cover the penetration testing methodology, reconnaissance, scanning, exploitation with Metasploit, and post-exploitation activities. The goal was to create a hands-on environment for practicing penetration testing skills.
ROMAN PALKIN
Backed up with real examples, this talk reviews the capabilities of widely-used frameworks TensorFlow and PyTorch for creating and spreading malicious software as well as implementing covert data communication channels. The purpose of this presentation is to draw attention of the community to the danger posed by careless use of Machine Learning models from unreliable sources.
Talk @ #fuzzconeurope2020
Paper: https://ieeexplore.ieee.org/document/9166552
(M. Böhme, C. Cadar, and A. Roychoudhury)
Disclaimer: Our perspective on the discussions. Mistakes are mine.
ROMAN PALKIN
Backed up with real examples, this talk reviews the capabilities of widely-used frameworks TensorFlow and PyTorch for creating and spreading malicious software as well as implementing covert data communication channels. The purpose of this presentation is to draw attention of the community to the danger posed by careless use of Machine Learning models from unreliable sources.
Talk @ #fuzzconeurope2020
Paper: https://ieeexplore.ieee.org/document/9166552
(M. Böhme, C. Cadar, and A. Roychoudhury)
Disclaimer: Our perspective on the discussions. Mistakes are mine.
The Curious Case of Fuzzing for Automated Software Testingmboehme
Presented @ RUB - 2. Tag der Informatik to a General Audience
Abstract: Fuzzing is an automated software testing technique and has become the first line of defense against exploitable software vulnerabilities. When you run a fuzzer on your program, hopefully it does not find any bugs. But what does it really say? Is your program perfectly correct and free of bugs? Probably not. Is your fuzzer effective at finding bugs? How do we even measure the effectiveness of a fuzzer in the absence of bugs? In this talk, we’ll go through some interesting and counter-intuitive recent results in fuzzing, and uncover fundamental limitations of existing approaches.
With new vulnerabilities surfacing daily, businesses need a solid strategy and internal plans to deal with them. This vendor-neutral talk helps people discover the things they need to do to get their house in order before considering costly technology purchases.
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkGert-Jan Bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
This white paper focuses on the dramatic growth in the number and severity of software vulnerabilities, and discusses how multilayered endpoint security is needed to mitigate the threats they pose.
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Rugged DevOps (eBook): 10 Ways to Start Embedding Security into DevOps PatternsEvident.io
Evident is a sponsor of the inaugural DevOps.com eBook titled Rugged DevOps: 10 Ways to Start Embedding Security into DevOps Patterns. Learn more about how to start moving toward a Rugged DevOps mentality through insights shared by security and DevOps experts, including Evident CEO Tim Prendergast, with reporter Ericka Chickowski.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
2009 Security Mega Trends & Emerging ThreatsLumension
To help define what the biggest security threats will be to an organization’s sensitive and confidential data over the next 12 to 24 months, Lumension has teamed up with the Ponemon Institute, a leading research firm, to charter our first annual 2009 Security Mega Trends Survey. The survey also outlines key alignments and gaps between two traditionally disparate groups - IT Security and IT Operations when it comes to these new and emerging threats.
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
The Curious Case of Fuzzing for Automated Software Testingmboehme
Presented @ RUB - 2. Tag der Informatik to a General Audience
Abstract: Fuzzing is an automated software testing technique and has become the first line of defense against exploitable software vulnerabilities. When you run a fuzzer on your program, hopefully it does not find any bugs. But what does it really say? Is your program perfectly correct and free of bugs? Probably not. Is your fuzzer effective at finding bugs? How do we even measure the effectiveness of a fuzzer in the absence of bugs? In this talk, we’ll go through some interesting and counter-intuitive recent results in fuzzing, and uncover fundamental limitations of existing approaches.
With new vulnerabilities surfacing daily, businesses need a solid strategy and internal plans to deal with them. This vendor-neutral talk helps people discover the things they need to do to get their house in order before considering costly technology purchases.
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkGert-Jan Bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
This white paper focuses on the dramatic growth in the number and severity of software vulnerabilities, and discusses how multilayered endpoint security is needed to mitigate the threats they pose.
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Rugged DevOps (eBook): 10 Ways to Start Embedding Security into DevOps PatternsEvident.io
Evident is a sponsor of the inaugural DevOps.com eBook titled Rugged DevOps: 10 Ways to Start Embedding Security into DevOps Patterns. Learn more about how to start moving toward a Rugged DevOps mentality through insights shared by security and DevOps experts, including Evident CEO Tim Prendergast, with reporter Ericka Chickowski.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
2009 Security Mega Trends & Emerging ThreatsLumension
To help define what the biggest security threats will be to an organization’s sensitive and confidential data over the next 12 to 24 months, Lumension has teamed up with the Ponemon Institute, a leading research firm, to charter our first annual 2009 Security Mega Trends Survey. The survey also outlines key alignments and gaps between two traditionally disparate groups - IT Security and IT Operations when it comes to these new and emerging threats.
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
Project 1CST630 Project ChecklistStudent Name: Date:Note: This checklist is designed based on the required project deliverables in the project steps and instructions in the classroom to help students and professors effectively write papers and evaluate assignment submissions respectively. Currently, it supplements the course grading rubric and it's use is optional. The Department welcomes any recommendation(s) for improvement.Project 1: Requires the Following THREE PiecesAreas to Improve1. Security Assessment Report (SAR)(12 pages minimum, double-spaced)2. Executive Briefing Slides (3 to 5 slides) 3. Lab Experience Report with ScreenshotsSpecific Details1. Security Assessment Report (12 pages)Conduct a Security Analysis Baseline (3 of 12 ages)Security requirements and goals for the preliminary security baseline activity.Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering.Include the impacts these attacks have on an organization.Network infrastructure and diagram, including configuration and connections Describe the security posture with respect to LAN, MAN, WAN, enterprise.Network infrastructure and diagram, including configuration and connections and endpoints. What are the security risks and concerns?What are ways to get real-time understanding of the security posture at any time?How regularly should the security of the enterprise network be tested, and what type of tests should be used?What are the processes in play, or to be established to respond to an incident?Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?
Describe the ways to detect these malicious code and what tactics bad actors use for evading detection.In the network diagram: include the delineation of open and closed networks, where they co-exist.In the open network and closed network portion, show the connections to the InternetPhysical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?Discuss operating systems, servers, network management systems.data in transit vulnerabilities
endpoint access vulnerabilities
external storage vulnerabilities
virtual private network vulnerabilities
media access control vulnerabilities
ethernet vulnerabilities
Possible applications. Current and future mobile applications and possible future Bring Your Own Device policy. Include:
remediation
mitigation
countermeasure
recovery
Provide the methods used to provide the protections and defenses.From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.Determine a Network Defense Strategy 2/12 pagesOutline how you would ...
With the advent of microservices , containers and on demand computing and the rate at which code is getting churned out every single day we need to automate or perish. DevOps or Build at Scale and how to have a hands free approach like autonomous cars is what companies need the most today. It is no longer OK to say we build it someone will test it and certify it , it needs to happen in real time and all at once the Build, Automate and Test in a continuous pipeline. How can companies stay on top by effectively making use of Automation shall be looked at in this talk.
We are delighted to have Gary Miliefsky on our second Hacker Hotshot of 2013! Gary is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation information security products. Gary is also the founder of NetClarity, Inc., which is the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology which he invented.
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
Are you ready for the next attack? Reviewing the SP Security Checklist, by Barry Green.
A presentation given at the APNIC 40 Opening Ceremony and Keynotes session on Tue, 8 Sep 2015.
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.
Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan."
Click the following link to learn more about security management: Security Management.
In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device.
How would you track the location of the company asset?
Explain how identity theft could occur and how MAC spoofing could
For more course tutorials visit
www.tutorialrank.com
Project 2
Step 1: Develop a Wireless and BYOD Security Plan
Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company.
Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.
Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan."
1. PRACTICE MAKES PERFECT. CREATION OF A PENETRATION TESTING
LABORATORY, PROCEDURES AND TOOLS, START TO FINISH.
LQT2 Multimedia Presentation by Thomas Butler
Presented to the Information Technology College Faculty
of Western Governors University
in Partial Fulfillment of the Requirements for the Degree
Master of Science in Information Security and Assurance
February 26, 2013
Powerpoint Templates
Page 1
2. root@bt:~# WHOAMI?
Thomas Butler……Houston, Texas
CPA, CIA, CISA, CISSP, Security+, Network+, PMP
Over 20 years in DoD IT Audit (Retired)
Interested in IT Security & Penetration Testing
Started IT Security Consulting Co.-Dec 2011-http://www.butleritsec.com
Started WGU MS Degree-1 July 2012
WGU MS Degree Offers Credibility in IT Security
Powerpoint Templates
Page 2
3. PRESENTATION OVERVIEW-PER THE RUBRIC
Why I Chose This Project
Overview of Problem
What Project Consisted Of
Special Strategies Used
Successes In Achieving Milestones
Obstacles Encountered
What I Learned
How I Will Apply What I Learned
Powerpoint Templates
Page 3
4. WHY I CHOSE THIS PROJECT
A SERIOUS PROBLEM TO THE CYBERSECURITY OF THE NATION.
RESPONSE TO CURRENT CRITICISM THAT AVAILABLE SECURITY
CERTIFICATIONS DO NOT TEACH ENOUGH HANDS-ON PROCEDURES
AND THAT THEIR EXAMS DO NOT REQUIRE HANDS-ON BUT ARE
INSTEAD MULTIPLE CHOICE.
DOD AND OTHER GOVERNMENT AGENCIES CLAIM EMPLOYEES
OBTAINING AVAILABLE CERTIFICATIONS CANNOT DO THE JOB REQUIRED
DUE TO LACK OF HANDS-ON SKILLS. TRAINING NEEDS TO EMPHASIZE
MORE HANDS-ON AND LESS BOOK KNOWLEDGE. (refer to news article in page 6)
I COULD NOT FIND A TURN-KEY, OFF –THE-SHELF SOLUTION SO
I DECIDED TO CREATE ONE.
I GOT ALL THE CERTS , THE CEH, CHFI, CISSP, SECURITY+, CCENT, BUT I NEED
HANDS-ON PRACTICE OR I WILL COMPLETELY FORGET EVERYTHING
I LEARNED.
HANDS ON PRACTICE MAKES PERFECT AND INSTILLS CONFIDENCE.
Powerpoint Templates
Page 4
5. OVERVIEW OF PROBLEM DISCUSSED IN PROJECT
THE PROBLEM! Practice on systems you do not own without
written permission is illegal.
Need more hands-on.
I needed:
A way to practice, ethically and legally
All-in-one document
Easy to follow. Easy to setup and use.
Free and/or cheap
I could not find anything that satisfied all my needs, therefore, I decided to do
this project to create a practice lab for myself. Hopefully the project will benefit
others as well.
Powerpoint Templates
Page 5
6. CAUSES OF THE PROBLEM
High demand for penetration tests>government regulations & industry standards
a. PCI-DSS (Penetration Testing. Wikipedia, 2013) requires both annual and ongoing penetration testing
(after system changes).
a. FISMA -Federal Information Security Management Act (FISMA) via procedures promulgated by
NIST 800-53, Appendix E. (NIST 800-53, Rev. 3, 2009)
Shortage of well-trained penetration testers-THERE IS ARTICLE AFTER ARTICLE AFTER ARTICLE
a. A Barclay Simpson Corporate Governance Recruitment report on Information Security found that
the demand exceeds the supply of qualified penetration testers (Barclay Simpson, Corporate
Governance Recruitment, 2011).
b. US Air Force is planning on going on a “hiring binge” to hire 1,000 persons in cyber operations in
2014 (Magnuson, 1/17/2013). National Defense Industrial Association Magazine, 2111 Wilson Blvd.,
Suite 400, Arlington, VA 22201, Air Force Cyber-Operations Wing to Go on Hiring Binge).
c. Experts say DoD cyber workers undertrained By Zachary Fryer-Biggs - Staff writer
Posted : Saturday Feb 16, 2013 12:38:06 EST in the Federal Times a Gannett Pub.
http://www.marinecorpstimes.com/news/2013/02/dn-cyber-certification-
021613/?goback=.gde_54384_member_216288717
”Money is not being spent on hands-on training.” Others focused on the lack of hands-on training
required, resulting in broad certifications that are required for many jobs but are not specific
to any of them. Book training is simply not enough.”
Powerpoint Templates
Page 6
7. MORE CAUSES OF THE PROBLEM
Requires almost daily training reinforcement practice, or skills rapidly lost.
Every day new hacking software is introduced. Every day new vulnerabilities
are discovered.
How do you keep up if everything changes so rapidly?
Penetration testing is unique and very difficult because skills must be
transferred by computer keyboard>very labor intensive>requires humans to
think “outside the box”. No two infrastructures or system requires the same
penetration testing procedures.
How do you use what was learned in CEH when testing the client’s systems?
Powerpoint Templates
Page 7
9. WHAT THE PROJECT CONSISTED OF
The project is documented in appendices A through G.
Appendix A: Creation of the Penetration Testing Lab
Appendix B: Penetration Testing Methodology
Appendix C: Reconnaissance and Information
Gathering
Appendix D: Active Scanning and Enumeration
Appendix E: Exploitation
Appendix F: Post-exploitation and Covering Tracks
Appendix G: Technology Terms/Acronyms
Powerpoint Templates
Page 9
10. WHAT THE PROJECT CONSISTED OF
Appendix A: Creation of the Penetration Testing Lab
Three virtual machines created within a Windows Vista OS using FREE
VMWare Player community edition
“Attack Machine” FREE Linux Ubuntu “Backtrack5R3”
”The pen testers premier OS and toolkit.”
“Victim Machine” FREE Linux “Metasploitable”-
OS-Created by Metasploit Project to allow hands-on practice
“Victim Machine” FREE Trinux “Badstore.net”-
vulnerable OS and Web App
Did I say FREE?
Powerpoint Templates
Page 10
12. WHAT THE PROJECT CONSISTED OF
Appendix C: Reconnaissance and Information Gathering
In summary of reconnaissance and foot printing, we have used the following for legal, passive,
reconnaissance and information gathering on J.C.Penney and have provided screen print proof
of concept (picture worth a thousand words). These tools are included in Backtrack5R3 or built
into command line.
Google-website URL, tons of other info;
Netcraft-OS & Web server running and IP address;
SmartWhoIs-Domain Registrar information
theHarvester-Emails and Sub-domains;
Maltego-Subdomains;
traceroute/tracert command line-traces routers from origin to destination;
nslookup command line-finds IP address from domain name>Linux “dig” and “host” are
alternatives, but NA in Windows
Powerpoint Templates
Page 12
13. WHAT THE PROJECT CONSISTED OF
Appendix D: Active Scanning and Enumeration
Using scanning tools in Backtrack5R3, we performed active scanning of
Metasploitable and Badstore.net, our “victims.” We provided screen
prints (picture worth a thousand words)for proof of concept. All these
tools are included in BT5R3.
Nmap-port scan, OS version, services running;
Nessus-port scans and vulnerability scans;
Nikto (Wikto-Windows)-port scans and vulnerability scans;
Metasploit-port, OS version, services running, vulnerability
Powerpoint Templates
Page 13
14. WHAT THE PROJECT CONSISTED OF
Appendix E: Exploitation with Metasploit
Metasploit-included free in Backtrack5R3-msfconsole. Proof of concept
screen prints (picture worth a thousand words) included in project.
Command line: root@bt:~# /pentest/exploits/framework2/msfconsole
OR>
root@bt:~# /opt/metasploit/msf3/msfconsole
modules: auxiliary, exploits, payloads
We also used Armitage-a GUI for Metasploit
Command line: root@bt:~# /opt/metasploit/msf3/armitage
modules: auxiliary, exploits, payloads
Powerpoint Templates
Page 14
15. WHAT THE PROJECT CONSISTED OF
Appendix F: Post-exploitation and Covering Tracks
Not a lot of in-depth information available on this topic!
Post-Exploitation: Got Root?, Elevation of privilege=Create
user, Add user to Admin Group; Offline and online password
attacks, John the Ripper, Pass the Hash, Cain and Abel.
Covering Tracks: Use Metaspoit to delete Event Logs. Use
Metasploit to remove file timestamps.
Powerpoint Templates
Page 15
16. WHAT THE PROJECT CONSISTED OF
Appendix G: Technology Terms/Acronyms
Includes 33 definition of terms
Powerpoint Templates
Page 16
17. SPECIAL STRATEGIES USED
Member of 41 Linked-In IT Security Groups>To share
information with IT security groups
Subscriptions to 35 IT Security Tutorial Blogs>To learn IT
security and ethical hacking
750 Linked-In Connections>To share information with IT
security individuals
Some basic knowledge of HTML, SQL, PYTHON
Powerpoint Templates
Page 17
18. SUCCESSES IN ACHIEVING MILESTONES
All files were downloaded and installed successfully with no problems
All three virtual machines were successfully created, opened
simultaneously, and run simultaneously on my Windows Vista box
with no memory problems. My Windows box has 4 G RAM and
I allocated 1G RAM for the “attack” machine and .5G RAM for each
“victim machine” leaving approx. 2 G RAM for the Windows box.
All penetration testing tools were run successfully and proof of concept
screen prints were obtained for all tools.
Powerpoint Templates
Page 18
19. OBSTACLES ENCOUNTERED
Limitation: Lab only includes software. Practice in this lab will not encounter
Hardware firewalls, routers, switches, hardware intrusion systems,
and other hardware security devices that would be encountered in a
real world penetration test.
I somewhat lacked an intermediate programming knowledge. I recommend
that the penetration testing student learn the following programming languages:
HTML to understand http requests and responses for use of
web proxies like Paros Proxy, Webscarab Proxy, Burp Proxy
SQL to understand SQL injection for use of tools like
SQLMap and manual injection of code
PYTHON to understand most of the penetration testing tools
in Backtrack5R3 for tools like theHarvester. The predominant
language for most tools in BT5R3 is python.
root@bt:~# ./theHarvester.py
Powerpoint Templates
Page 19
20. WHAT I LEARNED
A penetration test should not just be to gain access and get a shell and quit. It should be an audit of
the IT security posture and the goal should be to identify as many vulnerabilities as possible that need
fixing.
Money is wasted on training-Companies with a lot of money and the US Government (DoD) will send
their employees to SANS training for a 4 day crash course. Costs of travel, hotel, per diem, salary,
SANS Course fee could be > $10K for one student. Student returns to work and still cannot
do the job. (refer to recent news article in slide 6)
There has to be a better way. WGU is part of the solution to a better way
Cyberlaw, regulations, and compliance-Penetration testing without written permission is
illegal. Some regulations and industry standards require periodic penetration testing, i.e.
PCI-DSS, FISMA.
Leadership and professionalism-penetration testing is not a true profession like CPA, law,
medicine, etc. There is no barrier to entry. A barber needs a state license;
a penetration tester does not. Anyone can hold themselves out to be a penetration tester.
High ethical standards should be required for penetration testers.
Background checks, criminal checks, financial and credit checks, REFERENCES,
memberships in IT security organizations, and certifications.
Powerpoint Templates
Page 20
21. WHAT I LEARNED
Security Planning and Management- Organizations need to:
Start with a framework and set of internal controls such as ISO 27000/27001/27002;
Set a reasonable policy that can be followed and enforced;
Employee training ;
Create policy that requires vulnerability scans, periodic penetration testing,
periodic IT security audits, and periodic IT policy compliance audits.
Systems Security
No such thing as 100% security;
Penetration test is only one part of “defense in depth.” Perimeter defenses such as firewalls,
routers, switches, IDS/IPS, web application and database monitoring systems must be properly
configured;
Patches and AV must be kept up to date.
Log files must be filtered (quantity reduced) and suspicious log entries must be examined.
Powerpoint Templates
Page 21
22. HOW I WILL APPLY WHAT I LEARNED
I will apply the knowledge to running the company
http://www.butleritsec.com , an IT Security consultant
Company
I will apply the knowledge to provide best value to
clients in a highly ethical way.
I will continuously study and practice hands-on.
I am just beginning to learn.
Powerpoint Templates
Page 22
23. REFERENCES
Penetration Test, (2013) Wikipedia. Retrieved 2013 from: http://en.wikipedia.org/wiki/Penetration_test
NIST 800-53 and Federal Information Processing Standards (FIPS) 200 Retrieved from:
http://csrc.nist.gov/publications/PubsSPs.html#800-53.
Barclay Simpson, Corporate Governance Recruitment, (2011) Market Report on Information Security. Retrieved 2013
from: http://www.barclaysimpson.com/document_uploaded/BS_InfoSec_2011.pdf
Magnuson, (2013) National Defense Industrial Association Magazine, Air Force Cyber-Operations Wing to Go on
Hiring Binge. Retrieved 2013 from:
http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=1026&goback=.gde_1836487_member_20563
4892
Penetration Testing Execution Standard, (2013) PTES. Retrieved 2013 from: http://www.pentest-
standard.org/index.php/Main_Page
Open System Security Testing Methodology Manual, (2013) ISECOM. Retrieved 2013 from:
http://www.isecom.org/research/osstmm.html
Certified Ethical Hacker (CEH), (2013) Ethical Hacking. Retrieved 2013 from: http://eccouncil.org
Experts say DoD cyber workers undertrained By Zachary Fryer-Biggs - Staff writer
Posted : Saturday Feb 16, 2013 12:38:06 EST in the Federal Times a Gannett Pub.
http://www.marinecorpstimes.com/news/2013/02/dn-cyber-certification-
021613/?goback=.gde_54384_member_216288717
Powerpoint Templates
Page 23
24. FINIS
A THANK YOU TO ALL THE WGU IT FACULTY
CINDY
WENDY
NORMA
CHARLES
AND MY MENTOR, BRETT
I HAVE THOROUGHLY ENJOYED THE EXPERIENCE
QUESTIONS FOR ME?
Powerpoint Templates
Page 24