SlideShare a Scribd company logo

WTF is Penetration Testing v.2

Download as PPTX, PDF
Scott Sutherland
Scott Sutherland

This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world. Additional resources can be found in the blog below: https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers More security blogs by the authors can be found @ https://www.netspi.com/blog/

Technology
1 of 54
WTF is Penetration Testing v.2
Who are we? Eric Gruber @egru http://github.com/egru http://github.com/netspi http://netspi.com/blog Karl Fosaaen @kfosaaen http://github.com/kfosaaen http://slideshare.com/kfosaaen Scott Sutherland @_nullbind http://github.com/nullbind http://slideshare.com/nullbind
Demo Common Escalation Paths: • Enumerate live systems and open ports with nmap • Brute force database account with SQLPingv3 • Get a shell on the database server with the mssql_payload Metasploit module • Dump domain admin passwords in clear text with mimikatz • Log into high value database to access data • Log into domain controller to find and access everything else
Overview • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
What is a Penetration Test?
What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities usually from the perspective of an unprivileged or anonymous user to determine potential real world impacts…” “…legally and under contract”
What is Penetration Testing? In short…
What is Penetration Testing? …we try to break into stuff before the bad guys do
Why do companies buy Penetration Tests?
Why do companies buy pentests? • Meet compliance requirements • Evaluate risks associated with an acquisition or partnership • Validate preventative controls • Validate detective controls • Prioritize internal security initiatives • Proactively prevent breaches
Why do Companies Pen Test?
Why do Companies Pen Test?
What types of Penetration Tests are there?
Hats and Boxes?
Types of Penetration Testers Black Hat Independent research and exploitation with no collaboration with vendor. Gray Hat Independent research and exploitation with some collaboration with vendor. White Hat Collaborative research, assessment, and exploitation with vendor.
Types of Penetration Tests Black Box Zero knowledge of target. Gray Box User knowledge of target. Sometimes as an anonymous user. White Box Administrative or development knowledge of target.
Types of Penetration Tests Information Black Box Gray Box White Box Network Ranges x x IP Addresses x x Domains x x Network Documentation x x Application Documentation x x API Documentation x x Application Credentials x Database Credentials x Server Credentials x
Types of Penetration Tests • Technical Control Layer ‒ Network ‒ Application (mobile, web, desktop etc) ‒ Server ‒ Wireless ‒ Embedded Device • Physical Control Layer ‒Client specific site ‒Data centers • Administrative Control Layer ‒Email phishing ‒Phone and onsite social engineering
What are the Rules of Engagement?
Rules of Engagement • • • • • • • • • Hack Responsibly! Written permission Clear communication Stay in scope No Denial-of-Service Don’t change major state Restore state Use native technologies Stay off disk
Are there any Penetration Testing methodologies?
Common Approach • • • • • • • • • Kickoff: Scope, test windows, risks, contacts Information Gathering Vulnerability Enumeration Penetration Escalation Evidence Gathering Clean up Report Creation Report Delivery and Review
Common Approach: Standards Methodologies • Ptes • OSSTM • ISSAF • NIST • OWASP Certifications • SANS • OSCP • CREST
Penetration Test vs. Vulnerability Assessment
Assessment VS. Penetration What can both an assessment or pentest answer? • • • • • What are my system layer vulnerabilities? Where are my system layer vulnerabilities? Will we know if we are being scanned? How do I fix my vulnerabilities? Are we fixing things over time?
Assessment VS. Penetration What else can a pentest answer? • What vulnerabilities represent the most risk? • What are my high impact system, network, and application layer issues? • Can an attacker gain unauthorized access to critical infrastructure, application functionality, and sensitive data • Can attackers bypass multiple layers of detective and preventative controls? • Can attackers pivot between environments? • Are procedures being enforced
Who conducts Penetration Testing?
Who Conducts Penetration Testing? People that can pass a background check
Who Conducts Penetration Testing? • Internal Employees ‒ Security analysts ‒ Security consultants • Third Parties ‒ Audit Firms ‒ Value-Added Reseller (VAR) ‒ Manage Services ‒ Software as a Service (SaaS) ‒ Software Vendors ‒ Security Consultants
What skills are required?
What Skills are Needed? • • • • Non Technical Basic Technical Offensive Defensive
Non Technical Skillsets • Written and Verbal Communications ‒ Emails/phone calls ‒ Report development ‒ Small and large group presentations • Professionalism ‒ Respecting others, setting, and meeting expectations
Non Technical Skillsets • Troubleshooting Mindset ‒ Never give up, never surrender! ‒ Where there is a will, there is a way • Ethics ‒ Don’t do bad things ‒ Pros (career) vs. Cons (jail) ‒ Hack responsibly
Basic Technical Skillsets • • • • • Windows Desktop Administration Windows Domain Administration Linux and Unix Administration Network Infrastructure Administration Application Development ‒ Scripting (Ruby, Python, PHP, Bash, PS, Batch) ‒ Managed languages (.Net, Java, Davlik) ‒ Unmanaged languages (C, C++)
Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation • Reverse engineering • Anti-virus Evasion • Social engineering techniques
What are some of the common tools?
Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
Common Tools That being said…
Common Tools Knowledge > Tools = Train your brain! Understand the core technologies Understand basic offensive techniques Understand basic defensive techniques
Common Tools: Info Gathering Find online resources owned by target including: • Subsidiaries (companies) • Systems (live IP addresses) • Services • Domains • Web applications • Email addresses Tool Examples: • Public registries: IP, DNS, SEC Filings, etc. • Nmap • Recon-ng • Google • BackTrack / Kali tool sets (many discovery tools)
Common Tools: Identify Vulnerabilities Find vulnerabilities: • Missing patches • Weak configurations ‒ system, application, network • Application issues Tool Examples: • Patches/Configurations: OpenVAS, Nessus, NeXpose, Qualys, IP360 etc • Applications: Burp, Zap, w3af, Nikto, DirBuster, SQLMap, Web Inspect, Appscan etc
Common Tools: Penetration Common penetration methods: • Buffer overflows • Default and weak passwords • SQL Injection • Insecure Protocols Tool Examples: • Patches: Metasploit, Canvas, Core Impact • Configurations: Native tools, Responder, Metasploit, Yersinia, Cain, Loki, Medusa • Applications: SQLMap, Metasploit, Burp, Zap etc
Common Tools: Privilege Escalation Exploit trust relationships to access to everything! Tool Examples: • Local Exploits & Weak Configurations ‒ Metasploit, Core Impact, Canvas, ‒ exploit-db.com • Password Hash Cracking ‒ John the ripper, Hashcat, Rainbow Tables • Pass-the-Hash ‒ Metasploit, PTH toolkits, WCE • Token stealing ‒ Metasploit and Incognito • Credential dumping ‒ Mimikatz, LSA Secrets, Credential Manager, groups.xml, unattend.xml etc
Common Tools Tools output a TON of data!
How do people manage all that data?
Common Pentest CMS Options Managing penetration test data: • Storing files in organized folders • Writing reports from word/excel templates • Storing information in databases and XML • Open source CMS projects • Commercial CMS products • Examples: ‒ Dradis ‒ Threadfix ‒ CorrelatedVM ‒ Risk IO
Penetration Testing as a Career?
Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and development ‒ Contribute to/start open source projects ‒ Present research at conferences • Training and Certifications ‒ Community: DC612, OWASP, Conferences, etc ‒ Professional ($): SANS, OffSec, CISSP, CREST, etc • Volunteer • Internships
Pen Testing as a Career: Common Paths • Internal Paths ‒ Help Desk ‒ IT Support ‒ IT Admin ‒ Security Analyst ‒ IRP Team ‒ Senior Security Analyst ‒ Internal Consultant ‒ CISO • Security Consulting Paths ‒ Internship ‒ Consultant ‒ Senior Consultant ‒ Principal Consultant ‒ Team Lead ‒ Director Corporate employees tend to stay corporate. Security consultants often end up in malware research and exploit development.
What we covered… • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
Questions, comments, curses?
BE SAFE and HACK RESPONSIBLY

Recommended

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 

Recommended

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
Andrew McNicol
 

More Related Content

What's hot

VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 

What's hot (20)

VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Application Security
Application SecurityApplication Security
Application Security
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Web application security
Web application securityWeb application security
Web application security
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
 

Viewers also liked

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
Andrew McNicol
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
amiable_indian
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Tipos de Pentest
Tipos de PentestTipos de Pentest
Tipos de Pentest
Rafael Seg
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Surachai Chatchalermpun
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
Chris Gates
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
Scott Sutherland
 
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: ResilienceEd Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista
 
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Mundo Contact
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
syrinxtech
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticasyomito_2
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaMeztli Valeriano Orozco
 
Ciberseguridad en empresas
Ciberseguridad en empresasCiberseguridad en empresas
Ciberseguridad en empresas
Pedro De La Torre Rodríguez
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetración
David Thomas
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
Hardway Hou
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest share
ny4nyi
 

Viewers also liked (20)

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Tipos de Pentest
Tipos de PentestTipos de Pentest
Tipos de Pentest
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: ResilienceEd Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
 
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad Informática
 
Ciberseguridad en empresas
Ciberseguridad en empresasCiberseguridad en empresas
Ciberseguridad en empresas
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetración
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest share
 

Similar to WTF is Penetration Testing v.2

The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
gcara4
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
Andrew McNicol
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Chris Gates
 
Httpillage lascon-2015
Httpillage lascon-2015Httpillage lascon-2015
Httpillage lascon-2015
forcedrequest
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
DaveEdwards12
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
isc2-hellenic
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
The Security of Things Forum
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
Joshua L. Davis
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
dnomura
 

Similar to WTF is Penetration Testing v.2 (20)

The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Httpillage lascon-2015
Httpillage lascon-2015Httpillage lascon-2015
Httpillage lascon-2015
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario Malicioso
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overview
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 

More from Scott Sutherland

Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Scott Sutherland
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
Scott Sutherland
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
Scott Sutherland
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL
Scott Sutherland
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
Scott Sutherland
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Scott Sutherland
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
Scott Sutherland
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL Server
Scott Sutherland
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
Scott Sutherland
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
Scott Sutherland
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
Scott Sutherland
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
Scott Sutherland
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
Scott Sutherland
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
Scott Sutherland
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from Windows
Scott Sutherland
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
Scott Sutherland
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
Scott Sutherland
 

More from Scott Sutherland (20)

Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL Server
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from Windows
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 

Recently uploaded

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 

Recently uploaded (20)

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 

WTF is Penetration Testing v.2

  • 1. WTF is Penetration Testing v.2
  • 2. Who are we? Eric Gruber @egru http://github.com/egru http://github.com/netspi http://netspi.com/blog Karl Fosaaen @kfosaaen http://github.com/kfosaaen http://slideshare.com/kfosaaen Scott Sutherland @_nullbind http://github.com/nullbind http://slideshare.com/nullbind
  • 3. Demo Common Escalation Paths: • Enumerate live systems and open ports with nmap • Brute force database account with SQLPingv3 • Get a shell on the database server with the mssql_payload Metasploit module • Dump domain admin passwords in clear text with mimikatz • Log into high value database to access data • Log into domain controller to find and access everything else
  • 4. Overview • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
  • 5. What is a Penetration Test?
  • 6. What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities usually from the perspective of an unprivileged or anonymous user to determine potential real world impacts…” “…legally and under contract”
  • 7. What is Penetration Testing? In short…
  • 8. What is Penetration Testing? …we try to break into stuff before the bad guys do
  • 9. Why do companies buy Penetration Tests?
  • 10. Why do companies buy pentests? • Meet compliance requirements • Evaluate risks associated with an acquisition or partnership • Validate preventative controls • Validate detective controls • Prioritize internal security initiatives • Proactively prevent breaches
  • 11. Why do Companies Pen Test?
  • 12. Why do Companies Pen Test?
  • 13.
  • 14.
  • 15. What types of Penetration Tests are there?
  • 17. Types of Penetration Testers Black Hat Independent research and exploitation with no collaboration with vendor. Gray Hat Independent research and exploitation with some collaboration with vendor. White Hat Collaborative research, assessment, and exploitation with vendor.
  • 18. Types of Penetration Tests Black Box Zero knowledge of target. Gray Box User knowledge of target. Sometimes as an anonymous user. White Box Administrative or development knowledge of target.
  • 19. Types of Penetration Tests Information Black Box Gray Box White Box Network Ranges x x IP Addresses x x Domains x x Network Documentation x x Application Documentation x x API Documentation x x Application Credentials x Database Credentials x Server Credentials x
  • 20. Types of Penetration Tests • Technical Control Layer ‒ Network ‒ Application (mobile, web, desktop etc) ‒ Server ‒ Wireless ‒ Embedded Device • Physical Control Layer ‒Client specific site ‒Data centers • Administrative Control Layer ‒Email phishing ‒Phone and onsite social engineering
  • 21. What are the Rules of Engagement?
  • 22. Rules of Engagement • • • • • • • • • Hack Responsibly! Written permission Clear communication Stay in scope No Denial-of-Service Don’t change major state Restore state Use native technologies Stay off disk
  • 23. Are there any Penetration Testing methodologies?
  • 24. Common Approach • • • • • • • • • Kickoff: Scope, test windows, risks, contacts Information Gathering Vulnerability Enumeration Penetration Escalation Evidence Gathering Clean up Report Creation Report Delivery and Review
  • 25. Common Approach: Standards Methodologies • Ptes • OSSTM • ISSAF • NIST • OWASP Certifications • SANS • OSCP • CREST
  • 27. Assessment VS. Penetration What can both an assessment or pentest answer? • • • • • What are my system layer vulnerabilities? Where are my system layer vulnerabilities? Will we know if we are being scanned? How do I fix my vulnerabilities? Are we fixing things over time?
  • 28. Assessment VS. Penetration What else can a pentest answer? • What vulnerabilities represent the most risk? • What are my high impact system, network, and application layer issues? • Can an attacker gain unauthorized access to critical infrastructure, application functionality, and sensitive data • Can attackers bypass multiple layers of detective and preventative controls? • Can attackers pivot between environments? • Are procedures being enforced
  • 30. Who Conducts Penetration Testing? People that can pass a background check
  • 31. Who Conducts Penetration Testing? • Internal Employees ‒ Security analysts ‒ Security consultants • Third Parties ‒ Audit Firms ‒ Value-Added Reseller (VAR) ‒ Manage Services ‒ Software as a Service (SaaS) ‒ Software Vendors ‒ Security Consultants
  • 32. What skills are required?
  • 33. What Skills are Needed? • • • • Non Technical Basic Technical Offensive Defensive
  • 34. Non Technical Skillsets • Written and Verbal Communications ‒ Emails/phone calls ‒ Report development ‒ Small and large group presentations • Professionalism ‒ Respecting others, setting, and meeting expectations
  • 35. Non Technical Skillsets • Troubleshooting Mindset ‒ Never give up, never surrender! ‒ Where there is a will, there is a way • Ethics ‒ Don’t do bad things ‒ Pros (career) vs. Cons (jail) ‒ Hack responsibly
  • 36. Basic Technical Skillsets • • • • • Windows Desktop Administration Windows Domain Administration Linux and Unix Administration Network Infrastructure Administration Application Development ‒ Scripting (Ruby, Python, PHP, Bash, PS, Batch) ‒ Managed languages (.Net, Java, Davlik) ‒ Unmanaged languages (C, C++)
  • 37. Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation • Reverse engineering • Anti-virus Evasion • Social engineering techniques
  • 38. What are some of the common tools?
  • 39. Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
  • 41. Common Tools Knowledge > Tools = Train your brain! Understand the core technologies Understand basic offensive techniques Understand basic defensive techniques
  • 42. Common Tools: Info Gathering Find online resources owned by target including: • Subsidiaries (companies) • Systems (live IP addresses) • Services • Domains • Web applications • Email addresses Tool Examples: • Public registries: IP, DNS, SEC Filings, etc. • Nmap • Recon-ng • Google • BackTrack / Kali tool sets (many discovery tools)
  • 43. Common Tools: Identify Vulnerabilities Find vulnerabilities: • Missing patches • Weak configurations ‒ system, application, network • Application issues Tool Examples: • Patches/Configurations: OpenVAS, Nessus, NeXpose, Qualys, IP360 etc • Applications: Burp, Zap, w3af, Nikto, DirBuster, SQLMap, Web Inspect, Appscan etc
  • 44. Common Tools: Penetration Common penetration methods: • Buffer overflows • Default and weak passwords • SQL Injection • Insecure Protocols Tool Examples: • Patches: Metasploit, Canvas, Core Impact • Configurations: Native tools, Responder, Metasploit, Yersinia, Cain, Loki, Medusa • Applications: SQLMap, Metasploit, Burp, Zap etc
  • 45. Common Tools: Privilege Escalation Exploit trust relationships to access to everything! Tool Examples: • Local Exploits & Weak Configurations ‒ Metasploit, Core Impact, Canvas, ‒ exploit-db.com • Password Hash Cracking ‒ John the ripper, Hashcat, Rainbow Tables • Pass-the-Hash ‒ Metasploit, PTH toolkits, WCE • Token stealing ‒ Metasploit and Incognito • Credential dumping ‒ Mimikatz, LSA Secrets, Credential Manager, groups.xml, unattend.xml etc
  • 46. Common Tools Tools output a TON of data!
  • 47. How do people manage all that data?
  • 48. Common Pentest CMS Options Managing penetration test data: • Storing files in organized folders • Writing reports from word/excel templates • Storing information in databases and XML • Open source CMS projects • Commercial CMS products • Examples: ‒ Dradis ‒ Threadfix ‒ CorrelatedVM ‒ Risk IO
  • 50. Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and development ‒ Contribute to/start open source projects ‒ Present research at conferences • Training and Certifications ‒ Community: DC612, OWASP, Conferences, etc ‒ Professional ($): SANS, OffSec, CISSP, CREST, etc • Volunteer • Internships
  • 51. Pen Testing as a Career: Common Paths • Internal Paths ‒ Help Desk ‒ IT Support ‒ IT Admin ‒ Security Analyst ‒ IRP Team ‒ Senior Security Analyst ‒ Internal Consultant ‒ CISO • Security Consulting Paths ‒ Internship ‒ Consultant ‒ Senior Consultant ‒ Principal Consultant ‒ Team Lead ‒ Director Corporate employees tend to stay corporate. Security consultants often end up in malware research and exploit development.
  • 52. What we covered… • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
  • 54. BE SAFE and HACK RESPONSIBLY

Editor's Notes

  1. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teams – also help to maintain compliance status and deal with actual breaches when no response team existsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasonsNote: Touch briefly on crowd source of exploit development and the difference.Audit = often sold at loss as part of larger projects – example include deloit, larsonallen, and Value-Added Reseller – often part of goal to sell software, hardware, or applianceManaged services - Deploy appliances managed by third partySaas - Provide services through online application such as white hat, or qualysSoftware Vendors - Hp web inspect, cigitial with blah, rapid7 with metasploit, core with core impact – they makes, sell and use the product during the pentestSecurity consultants – focus just on services – often in advisory role
  2. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teams – also help to maintain compliance status and deal with actual breaches when no response team existsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasonsNote: Touch briefly on crowd source of exploit development and the difference.Audit = often sold at loss as part of larger projects – example include deloit, larsonallen, and Value-Added Reseller – often part of goal to sell software, hardware, or applianceManaged services - Deploy appliances managed by third partySaas - Provide services through online application such as white hat, or qualysSoftware Vendors - Hp web inspect, cigitial with blah, rapid7 with metasploit, core with core impact – they makes, sell and use the product during the pentestSecurity consultants – focus just on services – often in advisory role
  3. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teamsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasons
  4. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.
  5. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.
  6. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.