This document outlines the phases of a penetration testing execution, with a focus on the reconnaissance phase. It discusses the reconnaissance phase in depth, including levels of information gathering, goals of information gathering through open source intelligence (OSINT), and types of corporate and target details that should be collected. The key aspects covered are the importance of gathering information before launching attacks, doing so in a legal and ethical manner according to the rules of engagement, and focusing reconnaissance efforts on information directly relevant to the goals of the penetration test. The overall goal of the reconnaissance phase is to safely and effectively collect intelligence on the target to inform subsequent phases of testing.
Penetration testing is used to test the security of a website by simulating real attacks from outside. It identifies potential vulnerabilities to prevent harmful attacks. By understanding how attacks work, the IT team can fix issues and prevent larger attacks in the future. The presentation will demonstrate a penetration testing tool that checks the login page for security issues like authentication, redirects, and hidden code. Contact information is provided for any additional questions.
This document discusses vulnerability assessment and penetration testing. It defines them as two types of vulnerability testing that search for known vulnerabilities and attempt to exploit vulnerabilities, respectively. Vulnerability assessment uses automated tools to detect known issues, while penetration testing employs hacking techniques to demonstrate how deeply vulnerabilities could be exploited like an actual attacker. Both are important security practices for identifying weaknesses and reducing risks, but require different skills and have different strengths, weaknesses, frequencies, and report outputs. Reasons for vulnerabilities include insecure coding, limited testing, and misconfigurations. The document outlines common vulnerability and attack types as well as how vulnerability assessment and penetration testing are typically conducted.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
A vulnerability assessment identifies vulnerabilities in systems and networks to understand threats and risks. Penetration testing simulates cyber attacks to detect exploitable vulnerabilities. There are three types of penetration testing: black box with no system info; white box with full system info; and grey box with some system info. Common vulnerabilities include SQL injection, XSS, weak authentication, insecure storage, and unvalidated redirects. Tools like Nexpose, QualysGuard, and OpenVAS can automate vulnerability assessments.
VAPT defines a wide range of security testing services to ascertain and address cyber security exposures. It includes vulnerability testing through perimeter scans for missing patches or custom exploits to bypass perimeters, as well as penetration testing by simulating real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to a network infrastructure. Customers can inquire more about these security testing and analysis services by contacting the company.
This document discusses penetration testing and ethical hacking. It provides an overview of penetration testing methodology and the services offered by Endava, including regular vulnerability scans, penetration tests, PCI assessments, security trainings, audits, and intrusion monitoring solutions. The presenter, Maxim Catanoi, is an IT security consultant at Endava with over 9 years of experience and multiple security certifications.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Penetration testing is used to test the security of a website by simulating real attacks from outside. It identifies potential vulnerabilities to prevent harmful attacks. By understanding how attacks work, the IT team can fix issues and prevent larger attacks in the future. The presentation will demonstrate a penetration testing tool that checks the login page for security issues like authentication, redirects, and hidden code. Contact information is provided for any additional questions.
This document discusses vulnerability assessment and penetration testing. It defines them as two types of vulnerability testing that search for known vulnerabilities and attempt to exploit vulnerabilities, respectively. Vulnerability assessment uses automated tools to detect known issues, while penetration testing employs hacking techniques to demonstrate how deeply vulnerabilities could be exploited like an actual attacker. Both are important security practices for identifying weaknesses and reducing risks, but require different skills and have different strengths, weaknesses, frequencies, and report outputs. Reasons for vulnerabilities include insecure coding, limited testing, and misconfigurations. The document outlines common vulnerability and attack types as well as how vulnerability assessment and penetration testing are typically conducted.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
A vulnerability assessment identifies vulnerabilities in systems and networks to understand threats and risks. Penetration testing simulates cyber attacks to detect exploitable vulnerabilities. There are three types of penetration testing: black box with no system info; white box with full system info; and grey box with some system info. Common vulnerabilities include SQL injection, XSS, weak authentication, insecure storage, and unvalidated redirects. Tools like Nexpose, QualysGuard, and OpenVAS can automate vulnerability assessments.
VAPT defines a wide range of security testing services to ascertain and address cyber security exposures. It includes vulnerability testing through perimeter scans for missing patches or custom exploits to bypass perimeters, as well as penetration testing by simulating real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to a network infrastructure. Customers can inquire more about these security testing and analysis services by contacting the company.
This document discusses penetration testing and ethical hacking. It provides an overview of penetration testing methodology and the services offered by Endava, including regular vulnerability scans, penetration tests, PCI assessments, security trainings, audits, and intrusion monitoring solutions. The presenter, Maxim Catanoi, is an IT security consultant at Endava with over 9 years of experience and multiple security certifications.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
VAPT (Vulnerability Assessment and Penetration Testing) involves evaluating systems and networks to identify vulnerabilities, configuration issues, and potential routes of unauthorized access. It is recommended for SMEs due to common security issues like phishing and ransomware attacks targeting them. The document outlines the types of VAPT testing, why SMEs need it, example data breaches, and estimated costs of common cyber attacks and security services.
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
This document provides an overview of the OWASP Top 10 Risk Rating Methodology. It explains how risks are rated based on four factors: threat agent, attack vector, technical impact, and business impact. Each factor is given a rating of 1-3 (easy to difficult) and these ratings are multiplied together to calculate an overall weighted risk rating. An example of how this methodology would be applied to an SQL injection vulnerability is also provided.
This 1-day course introduces network penetration testing concepts and provides an overview of the penetration testing process. It covers prerequisites, objectives, benefits, definitions, types of penetration testing and phases including reconnaissance, scanning, exploitation, and reporting. The goal is to prepare students to understand and assist with penetration tests, though they will not be able to independently conduct professional tests after this introductory course.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
Security testing is performed to identify vulnerabilities in a system and ensure confidentiality, integrity, authentication, authorization, availability and non-repudiation. The main techniques are vulnerability scanning, security scanning, penetration testing, ethical hacking, risk assessment, security auditing, and password cracking. Security testing helps improve security, find loopholes, and ensure systems work properly and protect information.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
This document discusses techniques for system enumeration, including establishing null sessions, enumerating user accounts, SNMP scanning, and Active Directory enumeration. It provides an overview of the system hacking cycle and covers various tools that can be used to extract information like user names, machine names, shares, and services through techniques like null sessions, SNMP probing, and using default credentials. The document also discusses countermeasures for these enumeration methods.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Dennis Chaupis presented on vulnerability management programs. He explained that a VMP involves more than just vulnerability assessments and penetration testing, including asset management, patch management, infrastructure builds, technology intake processes, secure software development, threat intelligence, endpoint security, and defining an organization's risk appetite. A VMP relies on other security processes and aims to formalize how they work together. Key roles in a VMP include the CISO overseeing the program while working with the CIO, CRO, and chief auditor. Important outputs of a VMP are security metrics and reporting that show an organization's vulnerability status.
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
The document provides information about the OWASP Top 10 2021 list of web application security risks. It describes the top risk, A01: Broken Access Control, giving its definition, examples of vulnerabilities it can enable, prevention methods, and examples. It also summarizes the second and third top risks, A02: Cryptographic Failures and A03: Injection, in a similar manner.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks.
Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organization’s applications susceptible to attack.
The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running.
Let us guide you through your application security testing journey with more key differences between SAST and DAST:
This document outlines an infrastructure penetration testing training workshop. It discusses the typical phases of a penetration test including reconnaissance, scanning, exploitation, post-exploitation, and reporting. During the reconnaissance phase, tools like ping, whois, and host are demonstrated to find the IP address and domain information of the target machine. Nmap and Nessus are shown for port scanning and vulnerability scanning. Exploitation involves using tools like telnet and rlogin to exploit known vulnerabilities like rlogin and gaining access. Netcat is demonstrated for maintaining backdoor access. The document emphasizes learning additional tools and techniques for deeper understanding.
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsDavid Sweigert
This document outlines evaluation criteria for four cybersecurity services: penetration testing, incident response, cyber hunt, and risk/vulnerability assessments. It describes the expected tasks and minimum knowledge areas for each service. It also provides sample pre-scenario and scenario-based questions that will be used to evaluate offerors' expertise in each service area during oral technical evaluations. The evaluations will assess offerors' processes, capabilities, tools, and procedures for performing tasks like reconnaissance, vulnerability discovery and exploitation, intrusion detection, malware analysis, and remediation of security issues.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
VAPT (Vulnerability Assessment and Penetration Testing) involves evaluating systems and networks to identify vulnerabilities, configuration issues, and potential routes of unauthorized access. It is recommended for SMEs due to common security issues like phishing and ransomware attacks targeting them. The document outlines the types of VAPT testing, why SMEs need it, example data breaches, and estimated costs of common cyber attacks and security services.
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
This document provides an overview of the OWASP Top 10 Risk Rating Methodology. It explains how risks are rated based on four factors: threat agent, attack vector, technical impact, and business impact. Each factor is given a rating of 1-3 (easy to difficult) and these ratings are multiplied together to calculate an overall weighted risk rating. An example of how this methodology would be applied to an SQL injection vulnerability is also provided.
This 1-day course introduces network penetration testing concepts and provides an overview of the penetration testing process. It covers prerequisites, objectives, benefits, definitions, types of penetration testing and phases including reconnaissance, scanning, exploitation, and reporting. The goal is to prepare students to understand and assist with penetration tests, though they will not be able to independently conduct professional tests after this introductory course.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
Security testing is performed to identify vulnerabilities in a system and ensure confidentiality, integrity, authentication, authorization, availability and non-repudiation. The main techniques are vulnerability scanning, security scanning, penetration testing, ethical hacking, risk assessment, security auditing, and password cracking. Security testing helps improve security, find loopholes, and ensure systems work properly and protect information.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
This document discusses techniques for system enumeration, including establishing null sessions, enumerating user accounts, SNMP scanning, and Active Directory enumeration. It provides an overview of the system hacking cycle and covers various tools that can be used to extract information like user names, machine names, shares, and services through techniques like null sessions, SNMP probing, and using default credentials. The document also discusses countermeasures for these enumeration methods.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Dennis Chaupis presented on vulnerability management programs. He explained that a VMP involves more than just vulnerability assessments and penetration testing, including asset management, patch management, infrastructure builds, technology intake processes, secure software development, threat intelligence, endpoint security, and defining an organization's risk appetite. A VMP relies on other security processes and aims to formalize how they work together. Key roles in a VMP include the CISO overseeing the program while working with the CIO, CRO, and chief auditor. Important outputs of a VMP are security metrics and reporting that show an organization's vulnerability status.
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
The document provides information about the OWASP Top 10 2021 list of web application security risks. It describes the top risk, A01: Broken Access Control, giving its definition, examples of vulnerabilities it can enable, prevention methods, and examples. It also summarizes the second and third top risks, A02: Cryptographic Failures and A03: Injection, in a similar manner.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks.
Two ways to go about this are static application security testing (SAST) and dynamic application security testing (DAST). These application security testing methodologies are used to find the security vulnerabilities that make your organization’s applications susceptible to attack.
The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS), SQL injection, and buffer overflow earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while web applications are running.
Let us guide you through your application security testing journey with more key differences between SAST and DAST:
This document outlines an infrastructure penetration testing training workshop. It discusses the typical phases of a penetration test including reconnaissance, scanning, exploitation, post-exploitation, and reporting. During the reconnaissance phase, tools like ping, whois, and host are demonstrated to find the IP address and domain information of the target machine. Nmap and Nessus are shown for port scanning and vulnerability scanning. Exploitation involves using tools like telnet and rlogin to exploit known vulnerabilities like rlogin and gaining access. Netcat is demonstrated for maintaining backdoor access. The document emphasizes learning additional tools and techniques for deeper understanding.
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsDavid Sweigert
This document outlines evaluation criteria for four cybersecurity services: penetration testing, incident response, cyber hunt, and risk/vulnerability assessments. It describes the expected tasks and minimum knowledge areas for each service. It also provides sample pre-scenario and scenario-based questions that will be used to evaluate offerors' expertise in each service area during oral technical evaluations. The evaluations will assess offerors' processes, capabilities, tools, and procedures for performing tasks like reconnaissance, vulnerability discovery and exploitation, intrusion detection, malware analysis, and remediation of security issues.
This document provides an overview of penetration testing, including its definition, purpose, types, methodology, tools, challenges, and takeaways. Penetration testing involves modeling real-world attacks to find vulnerabilities in a system and determine the business risk if those vulnerabilities were exploited. It is important for identifying security flaws so they can be remediated, assessing an organization's risk profile, and meeting regulatory requirements like PCI DSS. A successful penetration test will express findings in both business and technical terms and provide recommendations to effectively address vulnerabilities.
This document provides an overview of penetration testing, including its definition, purpose, types, methodology, tools, challenges, and takeaways. Penetration testing involves modeling real-world attacks to find vulnerabilities in a system and then attempting to exploit those vulnerabilities to determine security risks. It is important for identifying flaws that need remediation and assessing an organization's security posture and risk profile. The methodology generally involves planning, reconnaissance, scanning, exploitation, and reporting phases. Challenges include performing comprehensive testing within time and budget constraints and addressing business impact.
The Art of Penetration Testing in Cybersecurity.Expeed Software
It is important to detect vulnerabilities in a system to safeguard it from cyber attacks. This is where penetration testing comes into the picture. In this presentation, explore everything there is to know about penetration testing, why it is important and how it helps you to detect vulnerabilities through various techniques. At Expeed software, we prioritize security, being a web development company at the forefront. Connect to Expeed Software for secure and robust solutions with privacy being an assurance. https://expeed.com/
This document discusses penetration testing (pentesting) services provided by BTPRO Bilgi Teknolojileri A.S. It defines a pentest as a set of authorized cyber attacks to discover and verify vulnerabilities. The benefits of pentesting include exposing vulnerabilities, facilitating risk analysis, protecting business continuity, and complying with security standards. Pentests are performed by targeting various systems and using different attacker profiles to simulate real-world threats. Reports detail all findings categorized by risk level and include recommendations for remediation. Verification tests are conducted after issues are resolved to confirm vulnerabilities were addressed.
5. Experience from recent national & international cyber exercisesisc2-hellenic
This document discusses cyber exercises and the speaker's experience participating in them. It provides definitions of cyber exercises, categories of exercises (real-time and offline), typical training incidents covered, and objectives. The speaker's organization has participated in the Panoptis national Greek cyber defense exercises from 2010-2014 and the NATO Cyber Coalition 2014 exercise. These exercises train participants in skills like forensic investigation, malware analysis, and incident response through scenarios. The objectives are to evaluate security controls and identify gaps, train blue teams, and provide lessons learned.
1. Vulnerability assessment and penetration testing (VAPT) involves identifying security vulnerabilities in an organization's network and systems through scanning and manual exploitation techniques.
2. The process includes information gathering, scanning to detect vulnerabilities, analysis of vulnerabilities found, and penetration testing to manually exploit vulnerabilities.
3. The final report documents the findings by risk level, technical details of vulnerabilities discovered, and recommendations for remediation.
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
Jim Girouard, Sr. Product Development Manager at Worcester Polytechnic Institute, outlines the growing menace of cyber attacks on utility companies and how to educate yourself to reduce risk.
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
The document summarizes a CISSP mentor program session that included:
- An instructor-led class discussing questions from chapters 1-7 and covering 115 slides.
- A quiz with 6 multiple choice questions about penetration testing procedures and types of security tests.
- A lecture on incident response methodology, operational preventative and detective controls like IDS/IPS, continuous monitoring, DLP, and honeypots. Asset management and configuration management were also discussed.
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
In today’s digital world, where cyber threats are everywhere you go, protecting your online assets is important. One way businesses do this is through penetration testing. This proactive approach helps identify weaknesses in their systems before bad guys can take advantage of them. In this article, we’ll take a closer look at penetration testing, why it’s important, how it’s done, and the benefits it brings.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
This document discusses penetration testing using the Metasploit framework. It begins with an introduction to penetration testing and why it is important for ensuring system and network security. It then describes the phases of penetration testing: information gathering, vulnerability analysis, vulnerability exploitation, post exploitation, and report generation. Finally, it discusses using tools in the Metasploit framework like exploits and payloads to conduct penetration testing according to these phases and ethical approaches. The goal is to identify vulnerabilities before attackers can exploit them.
A Brief Introduction to Penetration TestingEC-Council
The document discusses penetration testing and provides details on:
1. The 5 stages of a penetration test: planning and reconnaissance, scanning, gaining access, maintaining access, and analysis and WAF configuration.
2. Penetration testing methods like external testing, internal testing, blind testing, and double-blind testing.
3. How penetration testing and web application firewalls (WAFs) work together, with testers using WAF data to find vulnerabilities and WAFs then being updated based on test results.
Cloud computing allows users to access computing resources over the internet rather than using local hardware. It provides capabilities for organizations to access data from anywhere on any device in a scalable and cost-effective manner. There are different types of cloud services (IaaS, PaaS, SaaS) and deployment models (private, public, hybrid, community). Security managers must ensure compliance with relevant laws and privacy standards when using cloud computing.
This is a Brief overview of what Vulnerability and Penetration Testing are in the Information Technology Security. The focus is on the issues that always arise within a Security Network. How you as an IT can identify or notice activity of any the Attacks from Hackers or unknown Individual that are a Client.
This lecture includes detail about ethical hacking profession, there jobs description, responsibilities duties and skills required to excel in their field.
Penetration testing involves attempting to exploit vulnerabilities in a system to evaluate security. It can be used to test network, application, and endpoint security as well as user awareness. There are different types including targeted, external, internal, and blind testing. The objective is to determine vulnerabilities by simulating attacks from both inside and outside the system to identify security weaknesses and validate defensive measures. It helps prioritize risks and assess potential impacts of attacks.
The document is an internship report that includes:
- Details about the internship organization and the internship period.
- An overview of ethical hacking and the internship project involving identifying vulnerabilities.
- A description of tasks completed including Portswigger labs, detecting vulnerabilities on a banking website, and executing a payload on a vulnerable website.
- Results from ethical hacking quizzes and a generated vulnerability report using OWASP-ZAP.
- Conclusions about gaining technical security knowledge around hacking techniques and prevention.
Similar to Penetration Testing Execution Phases (20)
This document provides an overview of blockchain technology including its evolution, characteristics, architecture and types. It discusses how blockchain evolved from enabling bitcoin transactions to developing smart contracts and more generalized applications. The key characteristics that enable blockchain to transform industries are described as decentralization, pseudonymity, transparency, immutability and security. The architecture of blockchain is explained involving blocks chained together using cryptographic hashes and consensus-based verification of new blocks. Different types of blockchains like public, private and consortium are also outlined. Open research directions for applying blockchain in IoT domains are briefly mentioned.
This document provides an overview of an introduction to ethical hacking presentation given by Dr. Muhammad Nasir Mumtaz Bhutta at King Faisal University. The presentation covered hacking overview, top cyber attacks in history, motivations for black hat hackers, types of hackers, basic skills needed to learn hacking, and plans for a "CCSIT Cyberlympics 2017" competition. An assignment was given to students to set up virtual machines for an attacking machine with Kali Linux and victim machine with Metasploitable II on their laptops. Future security-related activities at the university such as establishing a cybersecurity lab and research group were also mentioned.
This document discusses cyber security laws and their importance. It provides an overview of key cyber security laws in the US and Pakistan, including the Computer Fraud and Abuse Act, HIPAA, Electronic Transaction Ordinance 2002, and Electronic/Cyber Crime Bill 2007. It also discusses cyber crimes like hacking and malware, as well as technologies used to combat cyber crimes and improve security, such as penetration testing and malware analysis. Recent developments in Pakistan's cyber laws and efforts like the Pakistan Cyber Security Task Force are also outlined.
This document discusses various topics related to network security including Secure Socket Layer/Transport Layer Security (SSL/TLS), Virtual Private Network (VPN), firewall, malware analysis, penetration testing, and digital forensics. SSL/TLS provides security at the transport and session layers. A VPN extends private networks across public networks like the internet. Firewalls control incoming and outgoing network traffic based on rules. Malware analysis involves reverse engineering malware to understand its capabilities and behavior. Penetration testing involves authorized hacking to test security. Digital forensics applies scientific principles to the collection, examination, and analysis of digital evidence.
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Nasir Bhutta
This document introduces delay/disruption tolerant networks (DTNs) and their security architecture. It discusses how DTNs can better handle high and variable delays and disruptions compared to TCP/IP networks by introducing a bundle layer above the transport layer. The security goals of DTNs include hop-by-hop integrity and authentication as well as end-to-end integrity, authentication, and confidentiality. Key management in DTNs requires an efficient and communication-friendly approach to support public key cryptography and the overall DTN security architecture.
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
The document proposes a multilayer security architecture called ML-IPSec to address limitations in the existing IPSec architecture. It begins by outlining the objectives and introducing IPSec, describing how it provides security services at the IP layer. It then explains how IPSec operates in tunnel and transport modes to secure communication paths between nodes. The document discusses IPSec components like security policies, protocols, and key management. It also describes how IPSec aims to achieve security goals but has limitations due to its strict layering. ML-IPSec is proposed to address limitations through cross-layer optimizations informed by wireless network characteristics.
The document discusses trends in cyber security and the global cyber security landscape. It begins with a brief history of cyber security, then discusses current areas of cyber security including vulnerabilities, malware, and classifications. The presentation also covers future trends, policies of different regions, and top roles in cyber security. It aims to provide an overview of the cyber security domain and issues nations face in global cyber warfare.
Introduction to Delay/Disruption Tolerant Networking and ApplicationsNasir Bhutta
DTN2 is a reference implementation of the Delay Tolerant Networking (DTN) architecture designed to validate DTN protocols. It can run on both Linux and Windows (through Cygwin) and includes a server component that provides DTN functionality through convergence layer adapters. To compile DTN2, the source code must be uncompressed, configured, and built. Configuration involves setting file paths, interfaces, links, and routes. Example applications include initializing the database, starting the server daemon, and sending/receiving bundles between nodes. More information and downloads are available on the DTN2 website.
Cloud computing overview & current researchNasir Bhutta
The document summarizes a discussion session on cloud computing held on March 4th, 2011. It outlines that cloud computing has been a major commercial success by reducing management overhead and allowing businesses to sell services globally at low cost. It then discusses technical aspects of cloud computing like virtualization, security, and data management. Lastly, it notes there are opportunities and threats associated with cloud computing that were likely discussed.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
1. Muhammad Nasir Mumtaz Bhutta
College of Computer Science and Information Systems
King Faisal University, Saudi Arabia
Email: mmbhutta@kfu.edu.sa,
Tel: +966 – 13589-9207
Office: 2088, first floor, CCSIT Building
www.kfu.edu.sa
CCSIT Cyberlympics 2017
Penetration Testing Execution
Phases
28 February 2017
2. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Presentation Overview
• Ethical Hacking Definition
• Pre-Engagement Discussions for Penetration Test
• Penetration Testing Phases
– Reconnaissance
– Vulnerability Analysis (Scanning)
– Exploitation
– Post Exploitation
– Reporting
• Threat Modeling (during Testing Phases)
• Assignment 2 Description
2
3. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Ethical Hacking Term and
Definition
• Ethical Hacking (Penetration Testing)
– Penetration Testing or Ethical Hacking is to execute a simulated
attack on a computer system with permission of owner to:
• Gain access to system’s features and data.
• Find out weakness in the system.
– The target systems or particular goals are identified to attack and
to find out weakness.
• Black Box Penetration Testing (focus of this
training)
– Ethical hacker is provided no information except company name.
• White Box Penetration Testing
– Ethical hacker is provided with background and system
information.
3
4. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Testing Organization’s Security
• Penetration Testers (PTs) are hired by
organizations to test their security.
– PT identifies the important cyber resources of
organization e.g. Payroll System, Organizational
secret document’s storage etc.
– Threats (events, processes, people who can harm
organization) are identified.
– Attacks are planned and are launched on selected
assets.
– Found vulnerabilities are reported to the organization.
– All Pen tests are different and are executed
differently.4
5. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Today’s workshop Scope
• Today’s workshop is not focusing on risk management
and wide aspect of planning of organization’s security
evaluation e.g.
– Threats modeling for whole organization.
– Planning and Budgeting for all attacks.
• Rather, the focus is to learn technical aspects of
planning and launching attack for an assigned task.
– The managers have already identified the risks associated with
all the systems of organization.
– Managers assign a task to Penetration Tester (you):
• For example, “Try to hack the Linux based File server where trade secret’s
documents of an organization are stored.”
• Penetration tester will gather information about this assigned task and
execute attack.
5
6. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Can Hacking be learned in a
systematic way?
• Yes, Hacking has been organized as a discipline over a
period of time and it can be learnt and practiced to
become successful ‘Ethical Hacker’.
– Many different phases proposed by different books, authors,
organizations
– All have same theory but different scopes to describe
‘Penetration Testing’.
• Today’s Training is focusing on technical aspects of
Penetration Testing.
– So, hacking phases described will be from technical aspect of an
assigned task as discussed before.
– It will focus on ‘Black Box Penetration Testing’.
6
7. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Penetration Testing Phases
• These phases are to plan and execute a test technically.
• Reconnaissance:
– Collecting detailed information about system (e.g. all machines IP addresses, usernames,
email addresses of organizations etc. )
• Scanning (Vulnerability Analysis):
– Port Scanning: (finding open ports on systems and services being run).
– Vulnerability Scanning: (finding known vulnerabilities for services / softwares running on the
system).
• Exploitation:
– Attacking the system for found vulnerabilities.
• Maintaining Access (Post Exploitation):
– After exploitation, creating a permanent backdoor for easy access to the system later on.
• Reporting:
– Details about the found issues, detailed procedures and presenting solutions to mitigate the
security issues found.
• However, “Penetration Testing Execution Standard (PTES)” describe these phases
differently. We shall also get some processes (information) from there along with
above described phases to build better understanding about Penetration Testing.
7
8. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Pre-engagement Interaction
8
9. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Pre-Engagement Activities
• Scope: Discuss about number of computers or
software systems to be tested for penetration.
– In this workshop, there is one task given to tester
(Hack a Linux based server or test a website for
hacking).
• Time Estimation: The execution of time depends
on experience of tester.
– If a tester is more experienced in executing a specific
type of task, then less time will be spent on that test.
• Establish line of communications and contact
information before tests.
9
10. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Examples or Possible Scenarios
of Penetration Testing
• Let’s discuss and fill the sheets distributed
to you about:
– Network Penetration Test
– Web Application Penetration Test
– Wireless Network Penetration Test
– Social Engineering Test
• This exercise will give you idea about
different types of Penetration tests.
10
11. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Network Penetration Test
• Why is the customer having the penetration test performed against their environment?
• Is the penetration test required for a specific compliance requirement?
• When does the customer want the active portions (scanning, enumeration, exploitation,
etc...) of the penetration test conducted?
– During business hours?
– After business hours?
– On the weekends?
• How many total IP addresses are being tested?
– How many internal IP addresses, if applicable?
– How many external IP addresses, if applicable?
• Are there any devices in place that may impact the results of a penetration test such as
a firewall, intrusion detection/prevention system, web application firewall, or load
balancer?
• In the case that a system is penetrated, how should the testing team proceed?
– Perform a local vulnerability assessment on the compromised machine?
– Attempt to gain the highest privileges (root on Unix machines, SYSTEM or Administrator on Windows
machines) on the compromised machine?
– Perform no, minimal, dictionary, or exhaustive password attacks against local password hashes
obtained (for example, /etc/shadow on Unix machines)?
11
12. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Web Application Penetration Test
• How many web applications are being assessed?
• How many login systems are being assessed?
• How many static pages are being assessed? (approximate)
• How many dynamic pages are being assessed? (approximate)
• Will the source code be made readily available?
• Will there be any kind of documentation?
– If yes, what kind of documentation?
• Will static analysis be performed on this application?
• Does the client want fuzzing performed against this application?
• Does the client want role-based testing performed against this
application?
• Does the client want credentialed scans of web applications
performed?
12
13. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Wireless Network Penetration Test
• How many wireless networks are in place?
• Is a guest wireless network used? If so:
– Does the guest network require authentication?
– What type of encryption is used on the wireless
networks?
– What is the square footage of coverage?
– Will enumeration of rogue devices be necessary?
– Will the team be assessing wireless attacks against
clients?
– Approximately how many clients will be using the
wireless network?
13
14. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Social Engineering Test
• Does the client have a list of email addresses they would
like a Social Engineering attack to be performed
against?
• Does the client have a list of phone numbers they would
like a Social Engineering attack to be performed
against?
• Is Social Engineering for the purpose of gaining
unauthorized physical access approved? If so:
– How many people will be targeted?
• It should be noted that as part of different levels of testing, the
questions for Business Unit Managers, Systems
Administrators, and Help Desk Personnel may not be
required. Why?
14
15. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Scope of Penetration Test for
CCSIT Cyberlympics 2017
• The above questions have given you insight
about:
– What are important systems to target and how to plan
a test against them.
• The above discussion has not discussed:
– What kind of attacks will be launched?
– What vulnerabilities will be targeted?
• For Cyberlympics 2017, the focus is on:
– Network Penetration Testing
– Web Application Penetration Testing
•
15
16. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Reconnaissance (Intelligence
Gathering)
Penetration Testing Execution Phases
16
17. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Reconnaissance (Intelligence
Gathering) Background
• Reconnaissance is a process to gather
information about selected target.
– It is important to find out the targeted organization
(Military, Corporate or other).
• Basically, there are different levels of maturity of
Penetration Testing “PenTesting”. These levels
define:
– Expected output of test.
– Real world constraints
– Time, Effort and Access to information
17
18. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Levels of Information Gathering - I
• There are three levels of information gathering.
• Level 1
– Compliance Driven: For certain industries, government has laid
down security standards or regulations to follow for secure IT
systems.
– Usually, tests are performed to test whether IT systems have
followed the guidelines of security standard and regulations e.g.
PCI DSS is standard for Card Payment Industry.
– Some automated tools are used to perform these tests specially
designed for specific standard.
• Example: A health organization is required to be
compliant with PCI / FISMA / HIPAA. For this kind of
tests, level 1 information gathering is done.
18
19. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Levels of Information Gathering - II
• Level 2
– This level defines the best practices adapted by
PenTesters. (Most of the time, this level is followed for
information gathering).
– For information gathering at this level, some automated
tools are used as in level 1 + some manual analysis is
performed.
– A good understanding of business under test is developed.
– Important information like physical location, business
relationship, organizational chart are obtained.
• Example for Level2: An organization wants to test their PCI
compliance but also interested in their long term security strategy
evaluation.
19
20. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Levels of Information Gathering - III
• Level 3
– This level of information is usually gathered for very
sensitive tasks like hacking for state (country).
– Level 1, 2 level of information gathering + more deep
manual analysis.
• More deep understanding of business processes, business
relations are gained.
• Example for Level 3:
– An Army intelligence team is tasked to attack on
segment of army in foreign country. The target is to
find out the vulnerabilities in the network so that
foreigners can’t exploit these vulnerabilities.
20
21. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Reconnaissance – I
• What is it?
– Collecting maximum information about the target
according to levels discussed above.
– This information helps in planning the attacks to be
launched on selected targets (as discussed above in
pre-engagement section).
• Why do it?
– Open Source Intelligence (OSINT) is a form of
intelligence collection management:
• To collect information from public sources.
• To analyze the collected information to produce actionable
intelligence.
21
22. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Reconnaissance – II
– OSINT, helps to gather various entrance points to the
targeted organization.
• These entrance points can be physical, electrical or human.
– Weakness:
• Many organizations don’t realize what information is made public
and how hackers can use that information to exploit it.
• For example, usually organizations use same username for
employees as their email addresses. So, you can easily find the
usernames of people to gain access to computers from website of
the organization.
• What is it not?
– Information gathered is not valid for long term.
– Organizations may change the things over period of
time.
22
23. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
OSINT (Three Forms)
• Passive Information Gathering
– This is covert type of gathering. The target is not to be detected.
– Most difficult type of information gathering as no traffic can be sent to
organization.
– This means only stored or archived information is used.
• Semi Passive Information Gathering
– This is also type of semi covert information gathering.
– Companies can trace back to the computer gaining information but there will be
no susceptible activity.
– Only published name servers are targeted to query about some desired
information. No in-depth search is tried in this approach.
• Active Information Gathering
– In this the type, it can be detected easily that some one is trying to gain
information.
– Without worrying about detection or being suspicious, full focus is done on
getting information.
– Unpublished servers, files, directories are searched to get information.
23
24. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Goals of Information Gathering
(OSINT)
• In short, information gathering goals is to
collect information about:
– Target Selection
– Corporate Details
• Physical, Logical Details, organizational chart,
Financial details and information about individuals
are of importance.
– HUMINT (Human Intelligence)
– Footprinting
– Protection Mechanisms
24
25. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Target Selection - I
• Identification and Naming of Target
– In pre-engagement phase, less information is
provided by customer like their top level domain
information e.g. kfu.edu.sa
– In Reconnaissance, more in depth information is tried
to be achieved like hierarchy of domain e.g.
kfu.edu.sa/ccsit etc.
• But, permission should be obtained from owner to explore
these things.
• Remember in white hat hacking, most of the time, active
reconnaissance can be used as allowed by owner
organization.
– So a list of target servers is obtained.
25
26. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Target Selection – II
• Consider any Rules of Engagement Limitations
– Always stick with the rules decided in pre-engagement.
• For example, only launch attacks on allowed IP addresses in the company
or use those IP addresses to launch attacks.
• Usually, tester can deviate from these rules but it can have legal
consequences. So, always remain within rules and limitations set at
engagement.
• Consider Time Length and Goal for Test
– Remain focused on the goal and try to get information only relevant to
goal in mind. Get the relevant, secondary and tertiary elements as well.
But, avoid exploring the 3rd parties information.
– Remaining focused can save time as well. Remember usually,
organizations allow 3 – 6 months only for performing the testing for
whole organization’s critical and important assets.
– So, spend appropriate time on information gathering activity.
26
27. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Corporate Details – I
• Physical Details
– Locations: (Level 1)
• Full listing of all physical addresses including City, full addresses etc., is
obtained.
• Full listing of all physical secure measures for locations (CCTV camera,
sensors, guards, entry controls, gates etc.,) is obtained as well.
– Pervasiveness (Level 1)
• Central office location as well as remote office locations information is
obtained as well.
• Security controls at central office may be good, but remote locations can
have poor security controls.
– Relationships (Level 1)
• Business Partners, customs, suppliers, open corporate web pages, rental
companies information is obtained.
• So, these people can be targeted targeted for social engineering attacks.
27
28. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Corporate Details – II
• Logical Details
– Accumulated information for partners, clients and
competitors is obtained.
• Business Partners (L1)
• Business Clients (L1)
• Competitors (L1)
• Touchgraph (Employees connections inside or outside
organizations) (L1)
• Meetings (L2)
• Job Openings (L1)
• Charity Affiliations (L1)
• Political Donations (L2) etc.
28
29. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Corporate Details – III
• Organizational Chart
– Position Identification (L1)
• Important people in organization
• Individuals to specifically targeted.
– Transactions (L1)
– Affiliates (other organizations tied with business). (L1)
• Electronics Details (L1)
– Document Metadata
– Marketing Communication
• Infrastructure Assets Details
– Network blocks owned by DNS or whois searches. (L1)
– Email addresses (L1)
– Technologies Used (L1)
– Remote Access (L1)
– Purchase Agreements (L1)
29
30. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Corporate Details – IV
• Financial Details
– Market Analysis (L1)
– Published Financial Reports (L1)
• Information about Individuals in Organization
– History (Court Records, Political Donations, Professional
Licenses etc.,) (L2)
– Social Network Profile (L2)
– Social Media Presence and frequency to use or publish
information over there (L2)
– Internet Presence, Email Addresses (L1)
– Mobile Footprints (Phone Number, Device, Use, Installed
Applications etc.,).
30
31. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
More Information Gathering
• HUMINT (Human Intelligence) information is obtained:
– Feelings, History, Relationships between key individuals etc.
– People can be monitored via CCTV Cameras, recording web
activities, webcams etc.
• Footprinting
– It means getting information about target that this activity can be
traced later.
• Identify Protection Mechanisms
– Information about groups/persons/relevant locations security
must be obtained. For example:
• Network Based Protections (Simple Packet Filters, Encryption etc.,).
• Host Based Protections (Anti Viruses, Stack Protections etc.,).
• Application Level protections (Encodings, Bypass Avenues etc.,)
• Storage Protections (Storage Controllers etc.)
31
32. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Threat Modeling
Penetration Testing Execution Phases
32
33. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Threat Modeling
• The standard threat modeling (not a specific
approach) focuses on two key elements:
– Assets
– Attacker (Threat agent)
• As information obtained in Reconnaissance
phase, it can be analyzed here:
– Identify and Categorize primary and secondary assets
– Identify and categorize threats and threat
communities
– Map these threat communities against primary and
secondary assets
33
34. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
High Level Modeling Process
• Identify Assets (Business Assets and Business Processes Analysis) and
Select attack Targets:
– Technical Information
– Employee Data, Customer Data
– Technical Infrastructure Supporting Process
– Human Assets Supporting Process
– 3rd Party Integrations
– Information available from Reconnaissance phase is used here.
• Identify Threats and Threat Communities
– Internal Threats (Employees, Management, Administrators, Developers,
Engineers, Technicians, Remote Support etc.,)
– External Threats (Business Partners, Competitors, Contractors, Suppliers,
Hacktivists, Script Kiddies etc.,).
– Threat Capability Analysis and mapping of threats against assets (Tools in use
by identified threats, access to attack launching sources (exploits) etc., is
performed
34
35. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Scanning (Vulnerability Analysis)
Penetration Testing Execution Phases
35
36. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Scanning (Vulnerability Analysis)
• It is process of discovering flaws in systems
which can be leveraged by attacker.
– From Host and Service misconfigurations to insecure
application design.
• Vulnerability analysis should be scoped
according to goals in mind and desired outcome.
• Vulnerability Analysis Goals:
– Finding out that mitigation is in place and known
vulnerability is not accessible. Or
– Trying everything to find out maximum number of
vulnerabilities.
36
37. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Types of Vulnerability Testing - I
• Active
– Direct interaction with component being tested for security
vulnerabilities.
• This can be low level components like TCP/IP stack or network device.
• Or it can be high level component like web based interface for administrator
etc.
• Passive
– Covertly observe and gather data to perform analysis.
– Examples can include ‘Metadata Analysis’ or ‘Traffic Monitoring’
• Validation
– Finding correlations between findings. Linking found things,
footprints with each other.
37
38. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Active Vulnerability Testing - I
• Active vulnerability testing is usually automated or manual.
• Automated (Active Scanning)
– Tools are used to interact with target, examine responses from target and determine
whether a vulnerability exist or not.
– General Vulnerability Scanners
• Port Based
– In traditional Pentesting, it helps to obtain basic overview of available network targets or
hosts.
– All 65, 535 ports are tested to find out open, filtered or closed ports.
– Protocols like IP, TCP, UDP, ICMP etc., are used as technique to find out information
about ports.
– Open ports can give information about services running on that ports (service is not
checked rather service is identified from designated port no).
• Service Based
– More advanced than Port scan as tools try to communicate with service available on
open ports using relevant protocols and confirm status of service running or not.
• Banner Grabbing
– It is more advanced concept that it analyzes the data returned from communication on a
specific port with service and application and find the version of application or service
running.
38
39. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Active Vulnerability Testing - II
• Automated (Active Scanning)
– Web Application Scanners
• General Application Flaw Scanners
– Most scanners start with the top level address of website.
– Scanners then crawls the site by following links and directory
structures. (This information is usually gathered in Reconnaissance
phase as well).
– The scanner then performs tests against these resulted links obtained.
– Different attack vectors like SQL Injection, croos site scripting etc.
(discussed later).
• Directory Listing Brute Force
– Suppose, directories information is not gathered in Reconnaissance
phase or pre-engagement phase, then general scanners can’t get this
information following links crawling.
» So, either already compiled lists of directory is try to be figured out.
(This list is usually custom and managed by attacker itself).
» Or a brute force kind of approach can be used to find out directories.
39
40. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Active Vulnerability Testing - II
• Specific Protocols or Network Vulnerability
Scanners
– Some special protocol scanners are available for
figuring out the running protocols and services
because general scanners can’t detect these
services.
• VPN Scanner: If VPN is running, then simple tools can’t
perform correct protocol negotiations, so special tools for
VPN are used.
• Voice Network Scanners: VoIP special tools are used to find
out vulnerabilities for VoIP services. These vulnerabilities can
be leveraged to gain access to infrastructure systems or
record phone conversation on target network.
40
41. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Passive Vulnerability Testing
• Metadata Analysis
– Metadata about files or directories is analyzed.
– This metadata can provide information about author,
company, internal IP addresses, paths to servers etc.
• Traffic Monitoring
– It is monitoring the internal network and collected
traffic data to analyze offline.
– Different approached can be used for this purpose.
41
42. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Validation (Vulnerability Testing)
• Correlation Between Tools
– When working with multiple tools, the need for
correlation between findings can become
complicated.
• Styles and/or Categorical relations.
– In most cases, testers focus on micro issues
of specific vulnerabilities found in redundancy
between multiple hosts.
– So, relation should be found to target to
launch the attack.
42
43. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Manual Vulnerability Testing
• More advanced analysis of target is
performed to found vulnerability.
– VPN Fingerprinting:
• Device information and correct version of VPN
code released and installed can be obtained from
fingerprints which be analyzed manually.
– Attack Avenues:
• As vulnerabilities are found, attack tree should be
developed and regularly updated.
43
44. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Research about Vulnerability
• The found vulnerabilities should be validated
from:
– Vulnerability Databases: Many security vendors or
companies maintain big database of found
vulnerabilities.
• The results of tools should be validated from these
databases.
– Vendor Advisories: Many services, products vendors
update their tools information on their websites.
• To tell customers about capabilities of their tool or recent
developments happening in versions.
• Vulnerabilities can be identified from such information as
well.
44
45. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
EXPLOITATION
Penetration Testing Execution Phases
45
46. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Purpose of Exploitation Phase
• Exploitation executes the attacks actually.
– The purpose is to establish “Access to a system or
resource” by bypassing security restrictions.
– Vulnerability analysis can provide the list of available
vulnerabilities in the system.
– Attack vectors can be decided for known
vulnerabilities and available payloads and then
attacks can be launched.
– Main focus of attacks is on:
• Main entry points in the organization.
• Attacking high valued assets to show high impact.
46
47. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Planning Attacks Execution - I
• Consider Countermeasures (Already in Place in Organizations).
• The security measures applied by organizations should be
considered for successful launch of attack.
– The sole purpose is to remain in stealth mode.
• Different kind of security technologies can be in place:
– Anti Virus (Protect deployment of malicious softwares).
– Intrusion Detection/Prevention System (Detect and prevent malicious
activity)
– Encoding (obfuscated data to confuse the reader).
– Encryption (converting the data to unintelligible form, similar to
encoding).
– Whitelist Bypass (Only identified traffic is allowed to pass)
– Data Execution Prevention (A technique implemented in OS to protect
against attacks by monitoring any overwrite in memory).
47
48. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Planning Attacks Execution - II
• Evasion Techniques Planning
• Evasion is technique to escape detection during
Penetration test.
– Circumventing camera system to be seen by guard or
– Obfuscating the payloads (attacking code) to by pass
the intrusion detection system or
– Encoding requests/responses (payloads in web
applications) to bypass web application firewalls.
• It is better to formulate evasion techniques
to be applied during launching of attack.
48
49. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Planning Attacks Execution - III
• Precision Strike
– Attacks should be planned to launch specific
attacks according to research on
vulnerabilities and available payloads.
– All available payloads should not be tried on
found vulnerability.
• It shows that attackers are not experienced.
• Also, Intrusion Detection systems can figure out
these kinds of approach with high chances.
49
50. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Planning Attacks Execution - IV
• Customized Exploitation Avenue
– Depending upon technology, location, proper
technology should be selected to launch attacks.
– All attacks and conditions are different. Not, same
attack be launched on all avenues.
• Tailored Exploits
– Most of times, the exploit payloads available on public
locations (like internet) are not 100% working for all
identified scenarios.
– These payloads should be modified to tailor for
specific needs of tester.
50
51. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Planning Attacks Execution - V
• Zero Day Angle
– Zero Day attacks are payloads not known in
public domains.
– Usually, high profile Pentest companies
maintain their own exploits (payloads) to
launch attacks for known vulnerabilities.
– But, before launching such attacks, it should
be assured that operating system, patches
and countermeasures are same as assumed
for designing these zero day payloads.
51
52. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
POST EXPLOITATION
Penetration Testing Execution Phases
52
53. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Purpose of Post Exploitation Phase
• This phase purposes are:
– Determine value of compromised machine and
maintain control for that machine:
• Machine is valuable if sensitive data is available on that
machine or it can be useful to compromise the network.
– Tester document the sensitive data, identify configuration
settings, communication channels and relationships with
network devices.
– Clean the fingerprints:
• Any mistakes done or information left about attacking
machine is wiped in this phase.
53
54. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
REPORTING
Penetration Testing Execution Phases
54
55. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Objectives of Reporting
• The objectives of this phase are:
– Report the identified vulnerabilities to the
hiring organization.
– Explain the procedure followed to hack their
targeted system.
– Provide the technical details to launch the
attacks.
– Propose the solutions to them to improve their
security measures to protect against future
attacks.
55
56. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Report Structure
• Every Pentester can has its own structure to describe its
work. But, usually following sections are recommended
to be there in report.
• Executive Summary
– Background
– Overall Posture
– Risk Ranking Profile
– General Findings
– Recommendation Summary
– Strategic Roadmap
– Technical Details of all phases/approaches used for testing
– Conclusion
56
57. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Samples for Different Report Sections
57
Overall Risk Ranking Profile of Organization General Findings
Security Strategy
Recommendations
58. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Assignment 2
• Plan an attack to “Hack a Linux Based
Server/Machine and Stealing critical
important documents from there”.
– Consider all knowledge gained today.
– Plan for each phase of Penetration Execution
Phases.
• Next workshop, we shall take this scenario
and launch attack using tools already
provided to you in Assignment 1.
58
59. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa59
Thanks for listening !
»Questions ?