The document discusses the importance of vulnerability management and assessment in computer security, highlighting tools like OWASP ZAP and Metasploit for identifying and exploiting vulnerabilities. It emphasizes the necessity for manual validation of vulnerability scanner reports and encourages security professionals to proactively scan for sensitive data exposure and weak credentials. Additionally, it warns that threat actors are likely exploiting these vulnerabilities, urging organizations to address these issues before they are discovered by malicious entities.

1. CiNPA Hacker’s Night 19CiNPA Hacker’s Night 19
May 23, 2019
Matt Scheurer
@c3rkah
Slides:
https://www.slideshare.net/cerkah
<script src="noSkillsRequired.js"></script><script src="noSkillsRequired.js"></script>
Why Script Kiddies SucceedWhy Script Kiddies Succeed

2. About me...About me...
●
Sr. Systems Security
Engineer working in
the Financial Services
Industry
●
Frequent speaker at
Information Security
Conferences
●
Teacher at heart
●
Chair of the

3. Places where I have presented...Places where I have presented...

4. What is Vulnerability Management?What is Vulnerability Management?
●
Vulnerability management is integral to
computer security and network security
●
Vulnerability management is the "cyclical
practice of identifying, classifying, prioritizing,
remediating, and mitigating" software
vulnerabilities
Source: https://en.wikipedia.org/wiki/Vulnerability_management

5. What is a Vulnerability Assessment?What is a Vulnerability Assessment?
●
A vulnerability assessment is the process of
identifying, quantifying, and prioritizing (or
ranking) the vulnerabilities in a system.
Source: https://en.wikipedia.org/wiki/Vulnerability_assessment

6. What is a Vulnerability Scanner?What is a Vulnerability Scanner?
●
A vulnerability scanner is a computer program
designed to assess computers, networks or
applications for known weaknesses. They are utilized
in the identification and detection of vulnerabilities
arising from mis-configurations or flawed programming
within a network-based asset such as a firewall, router,
web server, application server, etc.
Source: https://en.wikipedia.org/wiki/Vulnerability_scanner

7. Manual ValidationManual Validation
●
The action of checking or proving the validity or
accuracy of findings in a vulnerability scanner
report(s) in order to determine and distinguish
– True Positives
– True Negatives
– False Positives
– False Negatives

8. Why Perform Manual Validation?Why Perform Manual Validation?
●
Validate vulnerability scanner report findings
●
Learn and understand some of the tools being
leveraged against your organization
●
Improving security maturity by getting more
meaningful results from future penetration tests

9. Kali LinuxKali Linux
●
All of the tools
demonstrated here
are open source, and
included in Kali Linux
●
Free to download and
use by anybody
●
https://www.kali.org/

10. *** Live Demo Alert ***
This presentation
features “Live Demos”,
because the speaker
is...

11. *** Live Demo Alert ***
This presentation
features “Live Demos”,
because the speaker
is...

12. *** Live Demo Alert ***
This presentation
features “Live Demos”,
because the speaker
is...

13. *** Live Demo Alert ***
This presentation
features “Live Demos”,
because the speaker
is...

14. *** Live Demo Alert ***
Please pick 2…

15. *** Live Demo Alert ***
Please pick 2…
So I am not just Crazy!

16. OWASP ZAPOWASP ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the
world’s most popular free security tools and is
actively maintained by hundreds of international
volunteers*. It can help you automatically find
security vulnerabilities in your web applications
while you are developing and testing your
applications. Its also a great tool for experienced
pentesters to use for manual security testing.
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

17. OWASP ZAP Demo
●
In this live demo, I will use OWASP ZAP to find
hidden files on the web
●
OWASP ZAP will uncover accidental exposure
●
Sensitive data exposure is A3 on the latest
OWASP Top 10 (2017) list

18. SPARTA
SPARTA is a python GUI application which simplifies
network infrastructure penetration testing by aiding the
penetration tester in the scanning and enumeration
phase. It allows the tester to save time by having
point-and-click access to his toolkit and by displaying
all tool output in a convenient way. If little time is spent
setting up commands and tools, more time can be
spent focusing on analyzing results.
https://sparta.secforce.com/

19. SPARTA Demo
●
In this live demo, I will use SPARTA to scan a network
●
This should reveal hosts and the services running on
them
●
It will also check discovered services for vulnerabilities
●
SPARTA also collects screen shots of running web
services

20. Metasploit & Armitage
●
Metasploit is the world's most used penetration testing
software. Uncover weaknesses in your defenses,
focus on the right risks, and improve security.
●
Armitage - Cyber Attack Management for Metasploit.
Armitage makes penetration testing easy by adding a
GUI to the Metasploit framework
https://www.rapid7.com/products/metasploit/
http://www.fastandeasyhacking.com/

21. Metasploit & Armitage Demo
●
In this live demo, I will use Armitage in an
attempt to find and exploit vulnerabilities on
another host
●
Our goal is to establish a remote shell with root
level privileges

22. Leveling Up
●
Check out the Metasploit Unleashed
Free Ethical Hacking Course
– https://www.offensive-security.com/metasploit-unleashed/

23. Conclusions
●
Powerful vulnerability exploitation tools are
readily available for free to tech defenders and
malicious threat actors alike
●
The barrier to entry for unskilled attackers is
very low

24. Provocative Questions
Are you actively scanning your web sites and
cloud storage for sensitive data exposure?

25. Provocative Questions
Are you actively scanning your web sites and
cloud storage for sensitive data exposure?
Are you checking for credentials susceptible to
simple dictionary and brute force attacks?

26. Provocative Questions
Are you actively scanning your web sites and
cloud storage for sensitive data exposure?
Are you checking for credentials susceptible to
simple dictionary and brute force attacks?
Are your systems and network devices vulnerable
to simple exploit kit attacks?

27. Considerations
Malicious threat actors are probably doing these
things against our environments...

28. Considerations
Malicious threat actors are probably doing these
things against our environments...
Who would you rather have discover exposed
data, weak credentials, or easily exploitable
vulnerabilities first?

29. Questions
●
Who ...
●
What ...
●
When ...
●
Where ...
●
Why ...
●
How ...

30. CiNPA Hacker’s Night 19CiNPA Hacker’s Night 19
May 23, 2019
Matt Scheurer
@c3rkah
Slides:
https://www.slideshare.net/cerkah
<script src="noSkillsRequired.js"></script><script src="noSkillsRequired.js"></script>
Thank you for attending!Thank you for attending!