SlideShare a Scribd company logo

Itis pentest slides hyd

Rama krishna
Rama krishna

This document outlines a presentation on penetration testing. It discusses what penetration testing is, the need for it, and common methods and techniques used. The methodology typically involves 7 stages: scope definition, information gathering, vulnerability detection, analysis and planning, attack and privilege escalation, results analysis and reporting, and cleanup. Various tools used for penetration testing are also listed, including Nmap, Metasploit, ExploitTree, and Whopix. The document concludes with questions from the audience.

Technology
1 of 23
Penetration Testing Akhil, CEH,CCSP ITIS Solutions Pvt Ltd, India
Before We Start  My Introduction.  Audience Type.  Expectations from this presentation.  Disclaimer.  Not a professional Tester  Based on my learning, Understanding.
Agenda  Background.  What is Penetration Testing.  Need for Penetration Testing.  Methods and Techniques of Pen Test.  Demo.  Tiger tools.  MetaSploit.  ExploitTree  Whopix.  ERD Commander(local Password Craking).  Questions.  Resources.
Background What is Penetration Testing  A form of stress testing, which exposes weaknesses or flaws in a computer system.  Art of finding an open door.  A valued assurance assessment tool.  PT can be used to find Flaws in  Policies  Specifications  Architecture,  Implementation,  Software,  Hardware,  And many more………………
Background Need for Penetration Testing  To find poorly configured machines.  Verify that security mechanisms are working.  Help organizations to tighten the Security system. FACT!!!! 99.9% secure = 100%vulnerable!
Methods and Techniques of Pen Test.  Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies
Methods and Techniques of Pen Test. White Box  complete-knowledge testing  Testers are given full information about the target system they are supposed to attack .  Information includes ,  Technology overviews,  Data flow diagrams  Code snippets  More….. Benefits:  reveals more vulnerabilities and may be faster.  compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack
Methods and Techniques of Pen Test. Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company.
Methodology of Penetration Testing. There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. REPEAT
Methodology of Penetration Testing. STAGE 1: Scope/Goal Definition  Which attacker profile the tester will use  Hacker with no knowledge about the target.  Hacker with knowledge about the target.  Internal user with access.  Which systems or networks the test will be conducted.  How long will the test last.
Methodology of Penetration Testing. STAGE 2: Information Gathering.  Information about the Targets.  Publicly available information( WWW.Arin.net, nslookup)  Technical Information provided by organisation.
Methodology of Penetration Testing. STAGE 3: Vulnerability Detection.  Manual Detection  manually probe the target host for common misconfigurations or flaws because a vulnerability scanner can fail to identify certain vulnerabilities.  Ex: database configurations etc….  Using Software.  Use of commercial or Freeware Scanners to enumerate known flaws or vulnerabilities , Ex: Retina ,Hfnectcheck, GFI Languard, Nikito, nmap so on. PLENTY TOOLS available in Market/Internet.
Methodology of Penetration Testing. STAGE 4: Information Analysis and Planning.  Collating the information gathered in previous stages.  Preparation of High level attack planning  Overall Approach  Target identification.
Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation. Has Two Sub Stages  I. Attack & Penetration  Known/available exploit selection  Tester acquires publicly available s/w for exploiting.  Exploit customization  Customize exploit s/w program to work as desired.  Exploit development  Develop own exploit if no exploit program available.  Exploit testing  Exploit must be tested before formal Test to avoid damage.  Attack.  Use of exploit to again unauthorized access to target
Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation.  II. Privilege Escalation  What can be done with acquired access/privileges.  Alter.  Damage.  What not …… Repeat the Stages (2 to 5)
Methodology of Penetration Testing. STAGE 6:Result Analysis & Reporting Organize Data/related results for Management Reporting.  Consolidation of Information gathered.  Analysis and Extraction of General conclusions.  Recommendations.
Methodology of Penetration Testing. STAGE 7:Cleanup Cleaning of all that has been done during the testing  Any System alterations  Exploits
Resources.  Guidelines  OSSTMM :The Open Source Security Testing Methodology Manual.  OWASP :Open Web Application Security Project.  Tools  NMAP,Nikito,John,CAIN&able and many more………….  Whopix  Tigertools (Commercial Tool)  Metasploit.  ExploitTree.  Core Impact (Commercial Tool)
Metasploit Framework
ExploitTree Framework
MilWorm
Demos  DCOM vulnerability using ExploitTree.  Password Cracker –Tiger Tools.  WHOPIX.  Security Auditor.  Pasword Craking (Raptor Chown-Recorded Demo).  ExploitTree.  MetaSploit.
Questions Questions?.

Recommended

Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 

Recommended

Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
FFRI, Inc.
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
EC-Council
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
Jinnah University for Women
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NC
Mahdi Shabani
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
tahreemsaleem
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
Mohit Dholakiya
 
Software security testing
Software security testingSoftware security testing
Software security testing
nehabsairam
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
Ashwini Almad
 
Approach AI assurance
Approach AI assuranceApproach AI assurance
Approach AI assurance
Aviral Srivastava
 
Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
JANGID_ML
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
Đàm Tư
 

More Related Content

What's hot

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
FFRI, Inc.
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
EC-Council
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
Jinnah University for Women
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NC
Mahdi Shabani
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
tahreemsaleem
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
Mohit Dholakiya
 
Software security testing
Software security testingSoftware security testing
Software security testing
nehabsairam
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
Ashwini Almad
 
Approach AI assurance
Approach AI assuranceApproach AI assurance
Approach AI assurance
Aviral Srivastava
 

What's hot (20)

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NC
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
 
Software security testing
Software security testingSoftware security testing
Software security testing
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Approach AI assurance
Approach AI assuranceApproach AI assurance
Approach AI assurance
 

Viewers also liked

Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
JANGID_ML
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
Đàm Tư
 
Munduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshareMunduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slidesharelauroteknologia
 
Nola marraztu seinale bat geometria
Nola marraztu seinale bat geometriaNola marraztu seinale bat geometria
Nola marraztu seinale bat geometrialauroteknologia
 
Computer basics
Computer basicsComputer basics
Computer basics
JANGID_ML
 
Computer virus
Computer virusComputer virus
Computer virus
JANGID_ML
 
Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013
Rich Carr
 
Computer basics
Computer basicsComputer basics
Computer basics
JANGID_ML
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Adam Dunford
 
Computer basics for all . jangid ml
Computer basics for all . jangid mlComputer basics for all . jangid ml
Computer basics for all . jangid ml
JANGID_ML
 
Kat.ppt
Kat.pptKat.ppt
Kat.ppt
Dith Jose
 
Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01
Axu Batax
 
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Adam Dunford
 
Softwares . jangid ml
Softwares . jangid mlSoftwares . jangid ml
Softwares . jangid ml
JANGID_ML
 
Html tags
Html tagsHtml tags
Html tags
Gaurav Jaiswal
 
Apple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling mothsApple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling moths
Dith Jose
 
2011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 20112011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 2011
Jo van den Berg
 
E learning ..jangid ml
E learning ..jangid mlE learning ..jangid ml
E learning ..jangid ml
JANGID_ML
 
The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970
JANGID_ML
 

Viewers also liked (20)

Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
Munduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshareMunduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshare
 
Nola marraztu seinale bat geometria
Nola marraztu seinale bat geometriaNola marraztu seinale bat geometria
Nola marraztu seinale bat geometria
 
Computer basics
Computer basicsComputer basics
Computer basics
 
Scs5export
Scs5exportScs5export
Scs5export
 
Computer virus
Computer virusComputer virus
Computer virus
 
Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013
 
Computer basics
Computer basicsComputer basics
Computer basics
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
 
Computer basics for all . jangid ml
Computer basics for all . jangid mlComputer basics for all . jangid ml
Computer basics for all . jangid ml
 
Kat.ppt
Kat.pptKat.ppt
Kat.ppt
 
Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01
 
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
 
Softwares . jangid ml
Softwares . jangid mlSoftwares . jangid ml
Softwares . jangid ml
 
Html tags
Html tagsHtml tags
Html tags
 
Apple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling mothsApple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling moths
 
2011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 20112011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 2011
 
E learning ..jangid ml
E learning ..jangid mlE learning ..jangid ml
E learning ..jangid ml
 
The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970
 

Similar to Itis pentest slides hyd

Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
cyberprosocial
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
Expeed Software
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
Ramya Nellutla
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
What are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdfWhat are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdf
Bytecode Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
BugRaptors
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
eSAT Publishing House
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
Sense Learner Technologies Pvt Ltd
 
smpef
smpefsmpef
smpef
rsharmam
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
Sense Learner Technologies Pvt Ltd
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
J1803067477
J1803067477J1803067477
J1803067477
IOSR Journals
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
Cyber security professional services- Detox techno
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
Cyber security professional services- Detox techno
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
Chris Nickerson
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 

Similar to Itis pentest slides hyd (20)

Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
What are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdfWhat are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdf
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
 
smpef
smpefsmpef
smpef
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
J1803067477
J1803067477J1803067477
J1803067477
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 

Recently uploaded

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 

Recently uploaded (20)

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 

Itis pentest slides hyd

  • 1. Penetration Testing Akhil, CEH,CCSP ITIS Solutions Pvt Ltd, India
  • 2. Before We Start  My Introduction.  Audience Type.  Expectations from this presentation.  Disclaimer.  Not a professional Tester  Based on my learning, Understanding.
  • 3. Agenda  Background.  What is Penetration Testing.  Need for Penetration Testing.  Methods and Techniques of Pen Test.  Demo.  Tiger tools.  MetaSploit.  ExploitTree  Whopix.  ERD Commander(local Password Craking).  Questions.  Resources.
  • 4. Background What is Penetration Testing  A form of stress testing, which exposes weaknesses or flaws in a computer system.  Art of finding an open door.  A valued assurance assessment tool.  PT can be used to find Flaws in  Policies  Specifications  Architecture,  Implementation,  Software,  Hardware,  And many more………………
  • 5. Background Need for Penetration Testing  To find poorly configured machines.  Verify that security mechanisms are working.  Help organizations to tighten the Security system. FACT!!!! 99.9% secure = 100%vulnerable!
  • 6. Methods and Techniques of Pen Test.  Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies
  • 7. Methods and Techniques of Pen Test. White Box  complete-knowledge testing  Testers are given full information about the target system they are supposed to attack .  Information includes ,  Technology overviews,  Data flow diagrams  Code snippets  More….. Benefits:  reveals more vulnerabilities and may be faster.  compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack
  • 8. Methods and Techniques of Pen Test. Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company.
  • 9. Methodology of Penetration Testing. There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. REPEAT
  • 10. Methodology of Penetration Testing. STAGE 1: Scope/Goal Definition  Which attacker profile the tester will use  Hacker with no knowledge about the target.  Hacker with knowledge about the target.  Internal user with access.  Which systems or networks the test will be conducted.  How long will the test last.
  • 11. Methodology of Penetration Testing. STAGE 2: Information Gathering.  Information about the Targets.  Publicly available information( WWW.Arin.net, nslookup)  Technical Information provided by organisation.
  • 12. Methodology of Penetration Testing. STAGE 3: Vulnerability Detection.  Manual Detection  manually probe the target host for common misconfigurations or flaws because a vulnerability scanner can fail to identify certain vulnerabilities.  Ex: database configurations etc….  Using Software.  Use of commercial or Freeware Scanners to enumerate known flaws or vulnerabilities , Ex: Retina ,Hfnectcheck, GFI Languard, Nikito, nmap so on. PLENTY TOOLS available in Market/Internet.
  • 13. Methodology of Penetration Testing. STAGE 4: Information Analysis and Planning.  Collating the information gathered in previous stages.  Preparation of High level attack planning  Overall Approach  Target identification.
  • 14. Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation. Has Two Sub Stages  I. Attack & Penetration  Known/available exploit selection  Tester acquires publicly available s/w for exploiting.  Exploit customization  Customize exploit s/w program to work as desired.  Exploit development  Develop own exploit if no exploit program available.  Exploit testing  Exploit must be tested before formal Test to avoid damage.  Attack.  Use of exploit to again unauthorized access to target
  • 15. Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation.  II. Privilege Escalation  What can be done with acquired access/privileges.  Alter.  Damage.  What not …… Repeat the Stages (2 to 5)
  • 16. Methodology of Penetration Testing. STAGE 6:Result Analysis & Reporting Organize Data/related results for Management Reporting.  Consolidation of Information gathered.  Analysis and Extraction of General conclusions.  Recommendations.
  • 17. Methodology of Penetration Testing. STAGE 7:Cleanup Cleaning of all that has been done during the testing  Any System alterations  Exploits
  • 18. Resources.  Guidelines  OSSTMM :The Open Source Security Testing Methodology Manual.  OWASP :Open Web Application Security Project.  Tools  NMAP,Nikito,John,CAIN&able and many more………….  Whopix  Tigertools (Commercial Tool)  Metasploit.  ExploitTree.  Core Impact (Commercial Tool)
  • 22. Demos  DCOM vulnerability using ExploitTree.  Password Cracker –Tiger Tools.  WHOPIX.  Security Auditor.  Pasword Craking (Raptor Chown-Recorded Demo).  ExploitTree.  MetaSploit.