SlideShare a Scribd company logo

Pen test for sys admin

S
sussurro

The document is a slide presentation on penetration testing for system administrators. It includes an agenda that covers an introduction to the presenter, a description of penetration testing, an overview of the penetration testing process including recon, discovery/scanning, enumeration, and exploitation. It also includes slides walking through common tasks like scanning and exploitation and concludes with information on documentation and training resources.

1 of 14
Download to read offline
Penetration Testing for System Administrators Sept 13, 2010 ryan Linn NCSA Meeting Thursday, September 23, 2010
Agenda • Introduction • Description of Penetration Testing • Overview of Process • Walkthrough of Common Tasks • Questions/Closing Thursday, September 23, 2010
Introduction • Information Security Engineer at SAS • Columnist at EthicalHacker.net • Contributed code to Metasploit, Browser Exploitation Framework (BeEF), and Nikto • Spoken at numerous regional and national security conferences Thursday, September 23, 2010
Description of Pen Testing • Means different things to different people • Find vulnerabilities and stop • Find vulnerabilities and verify • Find vulnerabilities and see how far you can get • For today: Find vulnerabilities and verify Thursday, September 23, 2010
Overview of Process • Recon • Discovery/Scanning • Enumeration • Exploitation Thursday, September 23, 2010
Recon • Non Invasive • Whois • Google • Basic DNS Queries Thursday, September 23, 2010
Discovery/Scanning • Port Scans • In-depth DNS queries • Vulnerability Scanning • OS Identification Thursday, September 23, 2010
Enumeration • SMB enumeration • Oracle DB Enumeration • User enumeration Thursday, September 23, 2010
Exploitation • Leverage information gathered • Verify vulnerability information • Possibly go back to gather more information if successful Thursday, September 23, 2010
Walkthroughs • Recon • Scanning • Exploitation Thursday, September 23, 2010
Scanning • Nmap Scans • Port/Service/OS Identification • Nessus/OpenVAS • Vulnerability Scanner • Safe Checks/Unsafe Checks Thursday, September 23, 2010
Exploitation/ Verification • Metasploit • Penetration Testing Framework • Aids in Exploit Development • Exploitation of Vulnerability • Also has scanning capability Thursday, September 23, 2010
Docs/Training • SANS Sec504 : Incident Handling • SANS Sec580: Metasploit Kung Fu for Enterprise Pen Testing • http://www.offensive-security.com/ metasploit-unleashed • http://www.EthicalHacker.net Thursday, September 23, 2010
Questions? • Contact Info: • Twitter: @sussurro • Blog: blog.happypacket.net • http://www.ethicalhacker.net Thursday, September 23, 2010

Recommended

OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发leneli
 
SLT Times Single Stock Futures
SLT Times Single Stock FuturesSLT Times Single Stock Futures
SLT Times Single Stock Futures
nico9111
 
Ravi project
Ravi projectRavi project
Ravi projectgary6h
 
广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
Water molecules2
Water molecules2Water molecules2
Water molecules2gary6h
 
D2-ETao-show
D2-ETao-showD2-ETao-show
D2-ETao-showleneli
 
Conflict Management Style
Conflict Management StyleConflict Management Style
Conflict Management Style
Yvette Mong-Batar
 

Recommended

OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发leneli
 
SLT Times Single Stock Futures
SLT Times Single Stock FuturesSLT Times Single Stock Futures
SLT Times Single Stock Futures
nico9111
 
Ravi project
Ravi projectRavi project
Ravi projectgary6h
 
广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
Water molecules2
Water molecules2Water molecules2
Water molecules2gary6h
 
D2-ETao-show
D2-ETao-showD2-ETao-show
D2-ETao-showleneli
 
Conflict Management Style
Conflict Management StyleConflict Management Style
Conflict Management Style
Yvette Mong-Batar
 
Zs social media
Zs social mediaZs social media
Zs social mediaWael Albassam
 
Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcementcltipton
 
TBAD F2E 2010 review
TBAD F2E 2010 reviewTBAD F2E 2010 review
TBAD F2E 2010 review
leneli
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
How ZI Created a Successful HR Framework
How ZI Created a Successful HR FrameworkHow ZI Created a Successful HR Framework
How ZI Created a Successful HR Framework
Wael Albassam
 
After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展
leneli
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发leneli
 
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and ReportingMulti-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
sussurro
 
Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and process
Gábor Hojtsy
 
Oc Cloud Obscurity
Oc Cloud ObscurityOc Cloud Obscurity
Oc Cloud ObscuritySkills Matter
 
Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everythinglogicalstack
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & TouchTim Wright
 
Yet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRepYet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRep
Denish Patel
 
Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:
Development Seed
 
ScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs XboxScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs Xbox
davidsingleton
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
MongoDB is the new MySQL
MongoDB is the new MySQLMongoDB is the new MySQL
MongoDB is the new MySQL
radamanthus
 
20100423sage
20100423sage20100423sage
20100423sageJeff Hammerbacher
 
No sql findings
No sql findingsNo sql findings
No sql findingsChristian van der Leeden
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

More Related Content

Viewers also liked

Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcementcltipton
 
TBAD F2E 2010 review
TBAD F2E 2010 reviewTBAD F2E 2010 review
TBAD F2E 2010 review
leneli
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
How ZI Created a Successful HR Framework
How ZI Created a Successful HR FrameworkHow ZI Created a Successful HR Framework
How ZI Created a Successful HR Framework
Wael Albassam
 
After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展
leneli
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发leneli
 
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and ReportingMulti-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
sussurro
 

Viewers also liked (9)

Zs social media
Zs social mediaZs social media
Zs social media
 
Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcement
 
TBAD F2E 2010 review
TBAD F2E 2010 reviewTBAD F2E 2010 review
TBAD F2E 2010 review
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战
 
Zs social media
Zs social mediaZs social media
Zs social media
 
How ZI Created a Successful HR Framework
How ZI Created a Successful HR FrameworkHow ZI Created a Successful HR Framework
How ZI Created a Successful HR Framework
 
After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发
 
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and ReportingMulti-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
 

Similar to Pen test for sys admin

Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and process
Gábor Hojtsy
 
Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everythinglogicalstack
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & TouchTim Wright
 
Yet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRepYet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRep
Denish Patel
 
Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:
Development Seed
 
ScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs XboxScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs Xbox
davidsingleton
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
MongoDB is the new MySQL
MongoDB is the new MySQLMongoDB is the new MySQL
MongoDB is the new MySQL
radamanthus
 

Similar to Pen test for sys admin (11)

Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and process
 
Oc Cloud Obscurity
Oc Cloud ObscurityOc Cloud Obscurity
Oc Cloud Obscurity
 
Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everything
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & Touch
 
Yet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRepYet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRep
 
Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:
 
ScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs XboxScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs Xbox
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
MongoDB is the new MySQL
MongoDB is the new MySQLMongoDB is the new MySQL
MongoDB is the new MySQL
 
20100423sage
20100423sage20100423sage
20100423sage
 
No sql findings
No sql findingsNo sql findings
No sql findings
 

Recently uploaded

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

Pen test for sys admin

  • 1. Penetration Testing for System Administrators Sept 13, 2010 ryan Linn NCSA Meeting Thursday, September 23, 2010
  • 2. Agenda • Introduction • Description of Penetration Testing • Overview of Process • Walkthrough of Common Tasks • Questions/Closing Thursday, September 23, 2010
  • 3. Introduction • Information Security Engineer at SAS • Columnist at EthicalHacker.net • Contributed code to Metasploit, Browser Exploitation Framework (BeEF), and Nikto • Spoken at numerous regional and national security conferences Thursday, September 23, 2010
  • 4. Description of Pen Testing • Means different things to different people • Find vulnerabilities and stop • Find vulnerabilities and verify • Find vulnerabilities and see how far you can get • For today: Find vulnerabilities and verify Thursday, September 23, 2010
  • 5. Overview of Process • Recon • Discovery/Scanning • Enumeration • Exploitation Thursday, September 23, 2010
  • 6. Recon • Non Invasive • Whois • Google • Basic DNS Queries Thursday, September 23, 2010
  • 7. Discovery/Scanning • Port Scans • In-depth DNS queries • Vulnerability Scanning • OS Identification Thursday, September 23, 2010
  • 8. Enumeration • SMB enumeration • Oracle DB Enumeration • User enumeration Thursday, September 23, 2010
  • 9. Exploitation • Leverage information gathered • Verify vulnerability information • Possibly go back to gather more information if successful Thursday, September 23, 2010
  • 10. Walkthroughs • Recon • Scanning • Exploitation Thursday, September 23, 2010
  • 11. Scanning • Nmap Scans • Port/Service/OS Identification • Nessus/OpenVAS • Vulnerability Scanner • Safe Checks/Unsafe Checks Thursday, September 23, 2010
  • 12. Exploitation/ Verification • Metasploit • Penetration Testing Framework • Aids in Exploit Development • Exploitation of Vulnerability • Also has scanning capability Thursday, September 23, 2010
  • 13. Docs/Training • SANS Sec504 : Incident Handling • SANS Sec580: Metasploit Kung Fu for Enterprise Pen Testing • http://www.offensive-security.com/ metasploit-unleashed • http://www.EthicalHacker.net Thursday, September 23, 2010
  • 14. Questions? • Contact Info: • Twitter: @sussurro • Blog: blog.happypacket.net • http://www.ethicalhacker.net Thursday, September 23, 2010