Cahyo Darujati, profile picture
Uploaded byCahyo Darujati
1,756 views

Pen test methodology

This document outlines the methodology for performing a penetration test in three phases: planning and preparation, assessment, and reporting. The planning phase involves setting scope and contacts. The assessment phase consists of information gathering, network mapping, vulnerability identification, penetration testing, privilege escalation, and maintaining access. The final phase covers reporting findings, cleanup, and destroying artifacts. The goal is to find security vulnerabilities before attackers do.

Embed presentation

PENETRATION TESTING METHODOLOGY Ver. 1.0 Cahyo Darujati, MT. Open Information Systems Security Group
REQUEST A PENETRATION TEST QUOTE ● Find Holes Now Before Somebody Else Does :-p ● FREE Consultation. ● +62-8123-594969 (SMS ONLY) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 2
Quote ● Security is a process not a product (Bruce Schneier) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 3
CONTENTS What is Pen-Testing? Why perfoms Pen-testing? PHASE – I: PLANNING AND PREPARATION PHASE – II: ASSESSMENT PHASE – III: REPORTING, CLEAN UP & DESTROY ARTIFACTS Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 4
What is Pen-Testing? ● Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, pricelists, databases and other protected information. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 5
Why perfoms Pen-testing? ● There are a variety of reasons for performing a penetration test. One of the main reasons is to find vulnerabilities and fix them before an attacker does. Sometimes, the IT department is aware of reported vulnerabilities but they need an outside expert to officially report them so that management will approve the resources necessary to fix them. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 6
PHASE – I PLANNING AND PREPARATION Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 7
PLANNING AND PREPARATION (a) Identification of contact individuals from both side, (b) Opening meting to confirm the scope, approach and methodology, and (c) Agree to specific test cases and escalation paths Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 8
PHASE – II ASSESSMENT Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 9
ASSESSMENT 1.Information Gathering 2.Network Mapping 3.Vulnerability Identification 4.Penetration 5.Gaining Access & Privilege Escalation 6.Enumerating Further 7.Compromise Remote Users/Sites 8.Maintaining Access 9.Covering Tracks Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 10
1.Information Gathering Essentially using the Internet to find all the information you can about the target (company and/or person) using both technical (DNS/WHOIS) and non-technical (search engines, news groups, mailing lists etc) methods. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 11
2.Network Mapping Many tools and applications can be used in this stage to aid the discovery of technical information about the hosts and networks involved in the test. ·Find live hosts ·Port and service scanning ·Perimeter network mapping (router, firewalls) ·Identifying critical services ·Operating System fingerprinting ·Identifying routes using Management Information Base (MIB) ·Service fingerprinting Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 12
3.Vulnerability Identification The assessor will perform several activities to detect exploitable weak points. These activities include: 1. Identify vulnerable services using service banners 2. Perform vulnerability scan to search for known vulnerabilities. 3. Perform false positive and false negative verification 4. Enumerate discovered vulnerabilities 5. Estimate probable impact (classify vulnerabilities found) 6. Identify attack paths and scenarios for exploitation Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 13
4.Penetration 1.Find proof of concept code/tool 2.Develop tools/scripts 3.Test proof of concept code/tool 4.Customize proof of concept code/tool 5.Test proof of concept code/tool in an isolated environment 6.Use proof of concept code against target 7.The proof of concept code/tool is used against the target to gain as many points of unauthorized access as possible. 8.Verify or disprove the existence of vulnerabilities Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 14
5.Gaining Access & Privilege Escalation 5.1 Gaining Access 5.1.1 Gain Least Privilege 5.1.2 Compromise 5.1.3 Final Compromise on Target 5.2 Privilege Escalation Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 15
6.Enumerating Further 1.Obtain encrypted passwords for offline cracking 2.Obtain password (plaintext or encrypted) by using sniffing or other techniques 3.Sniff traffic and analyze it 4.Gather cookies and use them to exploit sessions and for password attacks 5.E-mail address gathering 6.Identifying routes and networks 7.Mapping internal networks Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 16
7.Compromise Remote Users/Sites A single hole is sufficient to expose an entire network, regardless of how secure the perimeter network may be. Any system is as strong (in this case, as secure) as the weakest of its parts. Communications between remote users/sites and enterprise networks may be provided with authentication and encryption by using technologies such as VPN, to ensure that the data in transit over the network cannot be faked nor eavesdropped. In such scenarios the assessor should try to compromise remote users, telecommuter and/or remote sites of an enterprise. Those can give privileged access to internal network. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 17
8.Maintaining Access 8.1 Covert Channels 8.2 Backdoors 8.3 Root-kits Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 18
9.Covering Tracks 9.1 Hide Files 9.2 Clear Logs 9.3 Defeat integrity checking 9.4 Defeat Anti-virus 9.5 Implement Root-kits Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 19
PHASE – III REPORTING, CLEAN UP & DESTROY ARTIFACTS Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 20
REPORTING, CLEAN UP & DESTROY ARTIFACTS 3.1 Reporting 3.1.1 Verbal Reporting 3.1.2 Final Reporting 3.2 Clean Up and Destroy Artifacts Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 21
REQUEST A PENETRATION TEST QUOTE ● Find Holes Now Before Somebody Else Does :-p ● FREE Consultation. ● +62-8123-594969 (SMS ONLY) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 22
References http://www.oissg.org/ http://www.schneier.com/ http://www.sans.org/ Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 23
History Ver 1.0 : Nov 13, 2012. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 24

More Related Content

PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
PDF
Vulnerability Assessment Report
byHarshit Singh Bhatia
 
PPTX
What is security testing and why it is so important?
byONE BCG
 
PPT
Computer forensics
byShreya Singireddy
 
PPT
Security and information assurance
bybdemchak
 
PPT
Penetration Testing Basics
byRick Wanner
 
PPT
Networking and penetration testing
byMohit Belwal
 
PDF
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 
Penetration testing reporting and methodology
byRashad Aliyev
 
Vulnerability Assessment Report
byHarshit Singh Bhatia
 
What is security testing and why it is so important?
byONE BCG
 
Computer forensics
byShreya Singireddy
 
Security and information assurance
bybdemchak
 
Penetration Testing Basics
byRick Wanner
 
Networking and penetration testing
byMohit Belwal
 
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 

What's hot

PPTX
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
PDF
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
byMITRE - ATT&CKcon
 
PDF
Secure Systems Security and ISA99- IEC62443
byYokogawa1
 
PPT
Physical Security
byKriscila Yumul
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PPTX
Threat Hunting on AWS using Azure Sentinel
byAshwin Patil, GCIH, GCIA, GCFE
 
PPTX
SEC599 - Breaking The Kill Chain
byErik Van Buggenhout
 
PPTX
What is Threat Hunting? - Panda Security
byPanda Security
 
PPTX
Facebook Forensics Toolkit(FFT)
byShuvo Sarker
 
PDF
Cyber forensics and auditing
bySweta Kumari Barnwal
 
PDF
OWASP-Web-Security-testing-4.2
byICTperspectives
 
PPTX
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
byRaffael Marty
 
PDF
OSINT y hacking con buscadores #Palabradehacker
byYolanda Corral
 
PPTX
CyberSecurity Best Practices for the IIoT
byCreekside Marketing Group, LLC
 
PPTX
CyberOps.pptx
byAhmedRobaid1
 
PDF
Guide to Risk Management Framework (RMF)
byMetroStar
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PPTX
Introduction to Snort
byHossein Yavari
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
byMITRE - ATT&CKcon
 
Secure Systems Security and ISA99- IEC62443
byYokogawa1
 
Physical Security
byKriscila Yumul
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Threat Hunting on AWS using Azure Sentinel
byAshwin Patil, GCIH, GCIA, GCFE
 
SEC599 - Breaking The Kill Chain
byErik Van Buggenhout
 
What is Threat Hunting? - Panda Security
byPanda Security
 
Facebook Forensics Toolkit(FFT)
byShuvo Sarker
 
Cyber forensics and auditing
bySweta Kumari Barnwal
 
OWASP-Web-Security-testing-4.2
byICTperspectives
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
byRaffael Marty
 
OSINT y hacking con buscadores #Palabradehacker
byYolanda Corral
 
CyberSecurity Best Practices for the IIoT
byCreekside Marketing Group, LLC
 
CyberOps.pptx
byAhmedRobaid1
 
Guide to Risk Management Framework (RMF)
byMetroStar
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Introduction to Snort
byHossein Yavari
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 

Viewers also liked

ODP
Mengatur referensi penelitian
byCahyo Darujati
 
PPT
01.welcome.ppt.sosialisasi.skkni.surabaya
byCahyo Darujati
 
PPTX
Tatakelola Teknologi Informasi
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture01
byCahyo Darujati
 
PPT
pengenalan ipv6
byCahyo Darujati
 
PDF
Kbk436 Sistem Operasi Lanjut Lecture02
byCahyo Darujati
 
PPTX
Stateofthecio2008 1210987739793979 8
byBalaji Balasubramanian
 
PPT
Walsham 2006 Summary (Team 6) V0.2[1]
byBalaji Balasubramanian
 
PPTX
Ibm Cio 2010 Outlook
byBalaji Balasubramanian
 
PPTX
Child Wear Ea Blueprint V0.7
byBalaji Balasubramanian
 
PPT
Strategy Execution Officer
byBalaji Balasubramanian
 
PPT
Stateofthecio2008 1210987739793979 8
byBalaji Balasubramanian
 
PPTX
IT Governance Presentation
byjmcarden
 
PPT
Journeys in it governance v2
byBen Perry
 
PPT
Isrc Architectingfor Agility J.Ross
byBalaji Balasubramanian
 
PDF
Penetration Security Testing
bySanjulika Rastogi
 
PPTX
Emerging Role Of Cio As A Strategy Execution Officer
byBalaji Balasubramanian
 
PDF
Penetration testing the cloud - vlad gostom
byHardway Hou
 
PPTX
Vapt pci dss methodology ppt v1.0
byNetwork Intelligence India
 
PDF
Running a Software Security Program with Open Source Tools (Course)
byDenim Group
 
Mengatur referensi penelitian
byCahyo Darujati
 
01.welcome.ppt.sosialisasi.skkni.surabaya
byCahyo Darujati
 
Tatakelola Teknologi Informasi
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture01
byCahyo Darujati
 
pengenalan ipv6
byCahyo Darujati
 
Kbk436 Sistem Operasi Lanjut Lecture02
byCahyo Darujati
 
Stateofthecio2008 1210987739793979 8
byBalaji Balasubramanian
 
Walsham 2006 Summary (Team 6) V0.2[1]
byBalaji Balasubramanian
 
Ibm Cio 2010 Outlook
byBalaji Balasubramanian
 
Child Wear Ea Blueprint V0.7
byBalaji Balasubramanian
 
Strategy Execution Officer
byBalaji Balasubramanian
 
Stateofthecio2008 1210987739793979 8
byBalaji Balasubramanian
 
IT Governance Presentation
byjmcarden
 
Journeys in it governance v2
byBen Perry
 
Isrc Architectingfor Agility J.Ross
byBalaji Balasubramanian
 
Penetration Security Testing
bySanjulika Rastogi
 
Emerging Role Of Cio As A Strategy Execution Officer
byBalaji Balasubramanian
 
Penetration testing the cloud - vlad gostom
byHardway Hou
 
Vapt pci dss methodology ppt v1.0
byNetwork Intelligence India
 
Running a Software Security Program with Open Source Tools (Course)
byDenim Group
 

Similar to Pen test methodology

PDF
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
PDF
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
byPratum
 
PPT
Software Security Testing
bysrivinayak
 
PDF
WTF is Penetration Testing
byScott Sutherland
 
PDF
Web app penetration testing best methods tools used
byZoe Gilbert
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PDF
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
PDF
Penetration testing using metasploit framework
byPawanKesharwani
 
PDF
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
PDF
Web Application Penetration Test
bymartinvoelk
 
PDF
Super1
byneelakanteswarreddy
 
PDF
What is pentest
byitissolutions
 
DOCX
Analysis of web application penetration testing
byEngr Md Yusuf Miah
 
PPTX
WTF is Penetration Testing v.2
byScott Sutherland
 
PPTX
Web application vulnerability assessment
byRavikumar Paghdal
 
PDF
Application Lecurity Lectures by professor
byOmarKhattab41
 
PDF
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
byTruShield Security Solutions
 
PDF
NSA and PT
byRahmat Suhatman
 
DOCX
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx
bykarlhennesey
 
DOCX
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx
bydanhaley45372
 
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
byPratum
 
Software Security Testing
bysrivinayak
 
WTF is Penetration Testing
byScott Sutherland
 
Web app penetration testing best methods tools used
byZoe Gilbert
 
Introduction to penetration testing
byNezar Alazzabi
 
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
Penetration testing using metasploit framework
byPawanKesharwani
 
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
Web Application Penetration Test
bymartinvoelk
 
Super1
byneelakanteswarreddy
 
What is pentest
byitissolutions
 
Analysis of web application penetration testing
byEngr Md Yusuf Miah
 
WTF is Penetration Testing v.2
byScott Sutherland
 
Web application vulnerability assessment
byRavikumar Paghdal
 
Application Lecurity Lectures by professor
byOmarKhattab41
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
byTruShield Security Solutions
 
NSA and PT
byRahmat Suhatman
 
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx
bykarlhennesey
 
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx
bydanhaley45372
 

More from Cahyo Darujati

PPTX
Presentasi jaring pengaman sandi untuk mendukung spbe 29042019 rev2
byCahyo Darujati
 
PDF
Melindungi, Mengamankan, Menanggulangi, dan Memulihkan Keamanan Informasi Pen...
byCahyo Darujati
 
PDF
Melawan penyebaran hoax di media sosial dengan teknologi
byCahyo Darujati
 
PDF
Security is a process not a magic
byCahyo Darujati
 
PDF
Kbk436 Sistem Operasi Lanjut Lecture01
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture01
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture06
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture05
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture04
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture03
byCahyo Darujati
 
PDF
Kcd226 Sistem Operasi Lecture02
byCahyo Darujati
 
PDF
Kbk436 Sistem Operasi Lanjut Lecture01
byCahyo Darujati
 
Presentasi jaring pengaman sandi untuk mendukung spbe 29042019 rev2
byCahyo Darujati
 
Melindungi, Mengamankan, Menanggulangi, dan Memulihkan Keamanan Informasi Pen...
byCahyo Darujati
 
Melawan penyebaran hoax di media sosial dengan teknologi
byCahyo Darujati
 
Security is a process not a magic
byCahyo Darujati
 
Kbk436 Sistem Operasi Lanjut Lecture01
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture01
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture06
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture05
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture04
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture03
byCahyo Darujati
 
Kcd226 Sistem Operasi Lecture02
byCahyo Darujati
 
Kbk436 Sistem Operasi Lanjut Lecture01
byCahyo Darujati
 

Recently uploaded

PPTX
All Things 2025 - A Year in Review Quiz!
byShashank Jogani
 
PDF
GDGoC TAE Orientation presentation for WOW-Verse hackathon
bymayurpatiltae
 
PDF
Plant Respiration.pdf Remedial Biology Unit-5 B.Pharm 1st Year
bySaurabh Dubey
 
PDF
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
PPTX
Cultivation practice of Cucumber, Pumpkin and summer squash in Nepal.pptx
byUmeshTimilsina1
 
PPT
Clotting time - Practical - Hematology Physiology
bykishorkumar396
 
PPTX
4. Nursery raising of vegetable crops.pptx
byUmeshTimilsina1
 
PDF
ADIEU, BRIGITTE BARDOT - THE ACTRESS WHO CHANGED THE WORLD.pdf
byMilanStankovic19
 
PPTX
Haemolytic_Anaemia_UG_MBBS_Haemolysis_haemolysis
byDibyajyoti Prusty
 
PPTX
What are the Custom lot_serial number in Odoo 19
byCeline George
 
PPTX
2. Classification of vegetable and spice crops.pptx
byUmeshTimilsina1
 
PDF
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
PPTX
Introduction to Mendelian inheritance.pptx
bypramodphirke1
 
PPTX
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
PPTX
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
PPT
Blood Grouping.ppt - Hematology -Physiology
bykishorkumar396
 
PDF
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
PPTX
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
PPTX
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
PDF
DNA.CEO: DNA-Computing For Kids, Teens, & Dummies (Like Me)
byVladislav Solodkiy
 
All Things 2025 - A Year in Review Quiz!
byShashank Jogani
 
GDGoC TAE Orientation presentation for WOW-Verse hackathon
bymayurpatiltae
 
Plant Respiration.pdf Remedial Biology Unit-5 B.Pharm 1st Year
bySaurabh Dubey
 
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
Cultivation practice of Cucumber, Pumpkin and summer squash in Nepal.pptx
byUmeshTimilsina1
 
Clotting time - Practical - Hematology Physiology
bykishorkumar396
 
4. Nursery raising of vegetable crops.pptx
byUmeshTimilsina1
 
ADIEU, BRIGITTE BARDOT - THE ACTRESS WHO CHANGED THE WORLD.pdf
byMilanStankovic19
 
Haemolytic_Anaemia_UG_MBBS_Haemolysis_haemolysis
byDibyajyoti Prusty
 
What are the Custom lot_serial number in Odoo 19
byCeline George
 
2. Classification of vegetable and spice crops.pptx
byUmeshTimilsina1
 
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
Introduction to Mendelian inheritance.pptx
bypramodphirke1
 
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
Blood Grouping.ppt - Hematology -Physiology
bykishorkumar396
 
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
DNA.CEO: DNA-Computing For Kids, Teens, & Dummies (Like Me)
byVladislav Solodkiy
 

Pen test methodology

  • 1.
    PENETRATION TESTING METHODOLOGY Ver. 1.0 Cahyo Darujati, MT. Open Information Systems Security Group
  • 2.
    REQUEST A PENETRATION TEST QUOTE ● Find Holes Now Before Somebody Else Does :-p ● FREE Consultation. ● +62-8123-594969 (SMS ONLY) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 2
  • 3.
    Quote ● Security is a process not a product (Bruce Schneier) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 3
  • 4.
    CONTENTS What is Pen-Testing? Whyperfoms Pen-testing? PHASE – I: PLANNING AND PREPARATION PHASE – II: ASSESSMENT PHASE – III: REPORTING, CLEAN UP & DESTROY ARTIFACTS Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 4
  • 5.
    What is Pen-Testing? ● Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, pricelists, databases and other protected information. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 5
  • 6.
    Why perfoms Pen-testing? ● There are a variety of reasons for performing a penetration test. One of the main reasons is to find vulnerabilities and fix them before an attacker does. Sometimes, the IT department is aware of reported vulnerabilities but they need an outside expert to officially report them so that management will approve the resources necessary to fix them. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 6
  • 7.
    PHASE – I PLANNINGAND PREPARATION Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 7
  • 8.
    PLANNING AND PREPARATION (a) Identification of contact individuals from both side, (b) Opening meting to confirm the scope, approach and methodology, and (c) Agree to specific test cases and escalation paths Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 8
  • 9.
    PHASE – II ASSESSMENT Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 9
  • 10.
    ASSESSMENT 1.Information Gathering 2.Network Mapping 3.VulnerabilityIdentification 4.Penetration 5.Gaining Access & Privilege Escalation 6.Enumerating Further 7.Compromise Remote Users/Sites 8.Maintaining Access 9.Covering Tracks Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 10
  • 11.
    1.Information Gathering Essentially usingthe Internet to find all the information you can about the target (company and/or person) using both technical (DNS/WHOIS) and non-technical (search engines, news groups, mailing lists etc) methods. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 11
  • 12.
    2.Network Mapping Many toolsand applications can be used in this stage to aid the discovery of technical information about the hosts and networks involved in the test. ·Find live hosts ·Port and service scanning ·Perimeter network mapping (router, firewalls) ·Identifying critical services ·Operating System fingerprinting ·Identifying routes using Management Information Base (MIB) ·Service fingerprinting Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 12
  • 13.
    3.Vulnerability Identification The assessor will perform several activities to detect exploitable weak points. These activities include: 1. Identify vulnerable services using service banners 2. Perform vulnerability scan to search for known vulnerabilities. 3. Perform false positive and false negative verification 4. Enumerate discovered vulnerabilities 5. Estimate probable impact (classify vulnerabilities found) 6. Identify attack paths and scenarios for exploitation Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 13
  • 14.
    4.Penetration 1.Find proof ofconcept code/tool 2.Develop tools/scripts 3.Test proof of concept code/tool 4.Customize proof of concept code/tool 5.Test proof of concept code/tool in an isolated environment 6.Use proof of concept code against target 7.The proof of concept code/tool is used against the target to gain as many points of unauthorized access as possible. 8.Verify or disprove the existence of vulnerabilities Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 14
  • 15.
    5.Gaining Access & Privilege Escalation 5.1 Gaining Access 5.1.1 Gain Least Privilege 5.1.2 Compromise 5.1.3 Final Compromise on Target 5.2 Privilege Escalation Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 15
  • 16.
    6.Enumerating Further 1.Obtain encryptedpasswords for offline cracking 2.Obtain password (plaintext or encrypted) by using sniffing or other techniques 3.Sniff traffic and analyze it 4.Gather cookies and use them to exploit sessions and for password attacks 5.E-mail address gathering 6.Identifying routes and networks 7.Mapping internal networks Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 16
  • 17.
    7.Compromise Remote Users/Sites A single hole is sufficient to expose an entire network, regardless of how secure the perimeter network may be. Any system is as strong (in this case, as secure) as the weakest of its parts. Communications between remote users/sites and enterprise networks may be provided with authentication and encryption by using technologies such as VPN, to ensure that the data in transit over the network cannot be faked nor eavesdropped. In such scenarios the assessor should try to compromise remote users, telecommuter and/or remote sites of an enterprise. Those can give privileged access to internal network. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 17
  • 18.
    8.Maintaining Access 8.1 CovertChannels 8.2 Backdoors 8.3 Root-kits Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 18
  • 19.
    9.Covering Tracks 9.1 HideFiles 9.2 Clear Logs 9.3 Defeat integrity checking 9.4 Defeat Anti-virus 9.5 Implement Root-kits Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 19
  • 20.
    PHASE – III REPORTING,CLEAN UP & DESTROY ARTIFACTS Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 20
  • 21.
    REPORTING, CLEAN UP& DESTROY ARTIFACTS 3.1 Reporting 3.1.1 Verbal Reporting 3.1.2 Final Reporting 3.2 Clean Up and Destroy Artifacts Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 21
  • 22.
    REQUEST A PENETRATION TEST QUOTE ● Find Holes Now Before Somebody Else Does :-p ● FREE Consultation. ● +62-8123-594969 (SMS ONLY) Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 22
  • 23.
  • 24.
    History Ver 1.0 :Nov 13, 2012. Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 24