This document provides information about penetration testing services offered by DTS Solution. It includes contact information for two consultants, Shah H Sheikh and Mohamed Bedewi. It then discusses penetration testing methodologies, including white box and black box testing. It also outlines steps for information gathering, including initial gathering through search engines and deep gathering through techniques like port scanning and banner grabbing. The document notes various attacks that could be performed and stresses the importance of documentation. It concludes by listing security assessment services provided, such as penetration testing, vulnerability assessment, and availability testing.

1. Penetration Testing Services
www.dts-solution.com
Shah H Sheikh – Sr. Security Solutions Consultant
MEng CISSP CISA CISM CRISC CCSK
shah@dts-solution.com
Mohamed Bedewi – Penetration Testing Consultant
Network + CCNA MCSE Linux + RHCE Security + CEH PWB
mohamed@dts-solution.com

2. Introduction
Penetration Testing is the process of assessing the security of a computer
system by attacking it with the intention of finding security weaknesses,
potentially gaining access to it, it's functionality and data
There's several available methodologies to conduct a successful
penetration testing and there's no such thing called the right
methodology but if a team choose to improvise and not choosing any
then that might lead to:
(Incomplete Testing, Time Consumption, Waste of Efforts, Ineffective Testing)
There's no 100% secured system, a human made the system and a
human will break it!
Early in 1970's, Department of Defense (DOD) used penetration testing
to demonstrate the security weaknesses in computer systems and to
initiate the development of programs to create more secure systems.

3. Methodology
DTS - Methodology to Conduct
a Successful Penetration Testing
Information Team Tools
WhiteBox
BlackBox
Roles
Responsibilities
Information Gathering

4. Give me six hours to chop down a
tree and I will spend the first four
sharpening the axe
Abraham Lincoln

5. Information
The most important element of any successful penetration testing, without
the proper knowledge of your target you'll be just a skiddie who's firing
random attacks which will probably trigger all kinds of red-flags more than
doing any penetration!
White Box Penetration Testing:
is a penetration testing approach that uses the knowledge of the internals of
the target system to elaborate the test cases, it's non realistic attack but it
maximizes testing time and enable penetration testers to conduct deep
testing.
Black Box Penetration Testing:
is a penetration testing approach that requires no previous information and
usually takes the approach of an uninformed attacker, it simulates a very
realistic scenario but testing time can't be maximized in certain scenarios
and some area of the infrastructure might remain untested.

6. Initial Gathering
Information Gathering
Search Engines
Location Information
Employees Search
Financial Services
Job Postings
DNS Information
Network Range
Google Hacking
Whois Lookup

7. Deep Gathering
Information Gathering
Network Survey
You're blind and this
is your first phase
which is opening your
eyes to the system to
be tested, you will
have a network map
that you'll use to find
reachable systems
to be tested
Objectives
Domain Names
Server Names
IP Addresses
Network Map
ISP Information
Systems Owner
Services Owner
OS Identification
Every OS has special
characteristics and if
a comparison of
variations in OS
TCP/IP stack
implementation
behavior is made, a
remote OS can
be identified (TCP/IP
Fingerprinting)
Objectives
OS Type
System Type
Example
NMAP
Port Scanning
Each internet enabled
system has 65536
TCP and UDP ports,
the first 1023 ports
are called the well-
known ports, probing
ports on the transport
and network level can
reveal the running
services on
A computer system
Objectives
Open Ports
Closed Ports
Filtered Ports
Attack Surface
Depending on the last
three phases you can
perform banner
grabbing to identify
the installed services,
name and version
along with their
patch level
Objectives
Services Type
Application Type
Patch Level
Attack Vector
Example
Nessus

8. Only two things are infinite, the
universe and human stupidity, and
I'm not sure about the former
Albert Einstein

9. Local Gathering
Information Gathering
Dumpster Diving
Social Engineering
Tailgating
Old Hardware
Piggybacking
Company Tour
Reverse SE
Job Applying

10. Responsibilities:
A team of penetration testers is most effective and efficient when it's crew members
are elites and everyone knows exactly his role and responsibility during a pen-testing
process otherwise a distraction, waste of time and resources will arise.
Tools:
Every penetration tester has his own tools which he feels comfortable with and can
get the best out of during a pen-testing process, most penetration testers use tools to
automate the work, make their work most effective and to save time that's why a
good penetration tester doesn't know all the tools but he can make use of the one he
knows best!
Team

11. ATTAAAAAAAAAAAAAACK!

12. NOOOOOO STOP!
Even if you had the perfect payload to compromise a remote vulnerable
system there's a huge chances that your attack will be filtered and
detected because it's not the 90's anymore and there's probably IDS's,
IPS's, Firewalls, UTM's, Anti-Viruses, Anti-Malware, Anti-Rootkits, WAF's,
Honeybots and zillion of traps so if you did your information gathering
phase right, you already know about their presence and now it's time
for you to bypass them to deliver your payload and compromise the
remote system!
I am not going through bypassing security mechanisms for the sake of
time but you can always revert to our session on Evasion of
Infrastructure Security for a couple of hints!

13. Some Famous Attacks
Brute Forcing Sniffing MITM Hash Injection
DHCP Starvation Rogue DHCP ARP Poisoning DNS Poisoning
Spoofing Phishing Amplified DDOS Session Hijacking
XSS Session Fixation Directory Traversal Unvalidated Input
Parameter Tampering SQL Injection LDAP Injection File Injection
CSRF Buffer Overflow Cookie Poisoning Rogue AP
Routing Attacks VOIP Sniffing DOS Open Relay
Replay Attacks HTML Injection SNMP Attacks
SMB Attacks Evil Twin Worm Attacks Trojan Attacks
Virus Attacks Zeroday Attacks Malware Attacks Cryptanalysis
NTP Attacks

14. Documentation and Patching
After performing the penetration testing with successful exploitation,
compiling the results in an understandable format is the key element for
selling your hard work which no one will understand specially if it came as
pure technical (decision makers in any company are mostly non-technical
and if they couldn't understand your report then all your hard work is
wasted) that's why including Executive Summary and Management Summary
inside your report is a very good idea also in my opinion stating a deep
technical information about the security risk is not advisable since the target
in question is probably a high hack value and it probably invested in his
engineers good, if they knew too much about the vulnerabilities they will
probably patch them and they'll not use you in patching phase, which mean
in business terms Loss of Potential Business!

15. DTS Solution – Assessment Services
Security Assessment Services
 Penetration Testing and Vulnerability Assessment
 Black Box Ethical Testing
 Vulnerability Management
 Unified Communications Audit
 VoIP / UC / Tele-presence security
 SCADA Security Evaluation Toolkit
 Industrial Control Systems Security Readiness
 Mobile Network Security
 UMTS / LTE – GTP Scan / Spoofed TEID / SCTP Scan / APN bruteforce
 Fixed Mobile Convergence – SeGW and IMS Security
 Endpoint IP Discovery and Network Leakage Detection
 Rogue and Unknown Network Detection
 Backdoor connections (3G / xDSL / Rogue WiFi and leaking endpoints discovery and classification)
 Availability Assessment
 DDoS Protection – Botnet / Zombie Detection
 Web Portal Availability / DNS Server Protection – Protocol Fuzzing, DDoS attack simulation
 Core Network Security
 MPLS – MP-BGP and VRF Security (RT import and export analysis) / PE-CE security and label insertion
 VPLS – Spanning Tree, ARP poisoning, MAC spoofing

16. Thanks and Have a Good Day

17. Shah H Sheikh – Sr. Security Solutions Consultant
MEng CISSP CISA CISM CRISC CCSK
shah@dts-solution.com