SlideShare a Scribd company logo

Vulnerability assessment on cyber security

R
rb5ylf93do

Cybersecurity: vuln assessment

Technology
1 of 50
Download to read offline
CBS4306 Systems Vulnerability Assessment and Testing Introduction to Ethical Hacking
Introduction • A penetration tester is a professional who has the skills of a hacker. • They are hired by an organization to perform simulations of real world attacks on their network infrastructure with the objective of discovering security vulnerabilities before a real attack occurs.
Introduction • The penetration tester does this task with written legal permission from the target organization. • To become a highly skilled hacker, it's vital to have a strong understanding of computers, networking, and programming, as well as how they work together. • Most importantly, however, you need creativity.
Overview of Ethics • Most of the companies do not take vulnerability into account • Hackers may have tried to notify a company only to have that company ignore the contact.
Overview of Ethical Hacking • Ethical hacking can be done under many different names. • Penetration testing or Pentest It’s essentially the same thing. • The idea of a penetration test is to attempt to penetrate the defenses of an organization.
Overview of Ethical Hacking • Red teaming, which is generally considered a specific type of penetration test where the testers are adversarial to the organization and network under test. • A red teamer would actually act like an attacker, meaning they would try to be stealthy so as not to be detected.
Methodologies • As with so many things, using a methodology is valuable when it comes to ethical hacking or security testing. • Methodologies can help with consistency, repeatability, and process improvement. • Consistency is important because you want to run the same sets of tests or probes no matter who you are testing against.
Methodologies • Cyber Kill Chain • Attacker Lifecycle • Methodology of Ethical Hacking
Cyber Kill Chain • A commonly referred-to framework in the information security space is the cyber kill chain. • A kill chain is a military concept of the structure of an attack. • The idea of a kill chain is that you can identify where the attacker is in their process so you can adapt your own response tactics. • Lockheed Martin, a defense contractor, adapted the military concept of a kill chain to the information security (or cybersecurity) space.
Cyber Kill Chain
Reconnaissance • This is where the attacker identifies their target as well as potential points of attack. • This may include identifying vulnerabilities that could be exploited. • There may be a lot of information about the target gathered in this phase, which will be useful later in the attack process.
Weaponization • The attacker may create a custom piece of malware, for instance, that is specific to the target. • They may just use a piece of common off-the-Shelf (COTS) malware, though this has the potential to be discovered by antivirus software installed in the victim’s environment. • The attacker may decide this doesn’t matter by sending out more malicious software to more individuals.
Delivery • Delivery is how you get the weapon (the malware or the link to a rogue website) into the victim’s environment. • This could be a network-based attack, meaning there is an exposed service that may be vulnerable to exploit remotely. • This could be sending an attachment in via email, or it could be that the malicious software is hosted on a web server the victim is expected to visit and get infected when they hit the website.
Exploitation • Exploitation is when the malicious software infects the victim’s system.
Installation • Exploitation leads to installation. • The attacker will install additional software to maintain access to the system and perhaps give them remote access to the system.
Installation • Once installation is complete, the attacker moves to command and control. • The command-and-control phase gives attackers remote access to the infected system. • This may involve installation of additional software, or it may involve sending directives to the infected system. • The attacker may be trying to get information from the infected system or have the system perform actions like participating in a large-scale denial-of-service attack.
Actions on Objectives • These actions are called actions on objectives. • Each attacker may have different objectives they are trying to achieve. • Attackers who are criminally oriented are probably looking for ways to monetize the infected systems by stealing information that could be stolen or by selling off access to another organization.
Actions on Objectives • So-called nation-state actors may be looking to gain access to intellectual property. • No matter what the organization is, they have objectives they are trying to achieve. • They will keep going until they achieve those objectives, so there is a lot of activity that happens in this phase of the kill chain.
Attack Lifecycle • The security technology and consulting company FireEye Mandiant often refers to a different methodology called the attack lifecycle. • This is different from the cyber kill chain, though there are some similarities. • Rather than a theoretical exercise or one with a military focus, the attack lifecycle describes exactly how attackers have operated for as far back as there have been attacks against computing infrastructure.
Attack Lifecycle
Attack Lifecycle • One significant difference between the attack lifecycle is a recognition that the attack is not one and done. • There is a loop that happens in the middle. • Attackers don’t keep launching attacks from outside the network. • Once they get into the environment, they use the compromised systems as launch points for additional compromises within the environment.
Initial Recon • Attackers will gain access to a system and use that system and anything discovered there, like credentials, to move off to another system in the network. • Before we get there, though, an attacker identifies a victim and potential attack possibilities in the initial recon stage.
Initial Compromise • The attacker is doing reconnaissance, including identifying names and titles using open source intelligence, meaning they use public sources like social network sites, to generate attacks. • To gain access, they launch attacks commonly, these would be phishing attacks. • This is the initial compromise stage.
Footholds • Once they have compromised a system, the attacker will work to establish footholds. • This includes making sure they retain access to the system so they can get back in when they need to. • It’s perhaps important to recognize that these attacks don’t happen in a bang-bang fashion.
Footholds • It may take days or weeks or even months to move from one phase of the attack lifecycle to another. • This depends on the organization performing the attacks. • These are not individuals. • They are organizations, so there may be different employees working on different stages.
Escalate Privileges • To do much else, the attacker will need to escalate privileges. • They need to have administrative privileges to move into the loop that happens as they continue to move through the environment, gathering additional systems along the way.
Internal Recon • They will probably be gathering credentials from memory or disk here. • They will also be investigating connections the system is known to have had with other systems in the network. • This is a form of internal recon. • They may also be trying to identify other credentials that are known to the system.
Move Laterally • The reconnaissance is necessary to be able to move laterally. • To make those lateral movements, attackers need to know what systems they have. • It may be servers, since individual systems are likely to know a lot of servers they communicate with, but it may also be individual workstations. • In an enterprise network, it may be possible to authenticate using captured credentials against other workstations, which may have access to different sets of servers.
Maintain Presence • With every system the attacker gets access to, they need to maintain presence. • This means some form of persistence, so any malware that is allowing the attacker access remains running. • You might use the Windows registry, scheduled tasks, or other types of persistence to keep any malware running so the attacker can keep getting back in when they want.
Complete Mission • The last phase of the attack lifecycle, though leaving it until the end is misleading, is complete mission. • Again, attacks tend not to be one and done. • Once an attacker is in your environment, they will likely be continuing to revisit to see if there is anything else you need. • The complete mission phase is where data may be exfiltrated from the environment.
Methodology of Ethical Hacking • The basic methodology is meant to reproduce what real-life attackers would do. • You will see similarities here to both the cyber kill chain and the attack lifecycle. • Companies can shore up their security postures using information that comes from each stage covered here. • One thing to keep in mind when it comes to information security is that not everything is about protection or prevention.
Methodology of Ethical Hacking 1. Reconnaissance and Footprinting 2. Scanning and Enumeration 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
Reconnaissance and Footprinting • Reconnaissance is where you gather information about your target. • You want to understand the scope of your endeavor up front, of course. • This will help you narrow your actions so you aren’t engaging in anything that could be unethical. • You’ll have some sense of who your target is, but you may not have all the details.
Reconnaissance and Footprinting • The objective of reconnaissance and footprinting is determining the size and scope of your test. • Footprinting is just getting an idea of the “footprint” of the organization, meaning the size and appearance. • This means trying to identify network blocks, hosts, locations, and people. • The information gathered here will be used later as you progress through additional stages.
Reconnaissance and Footprinting • Gathering the details of your target is one of the reasons for performing reconnaissance. • Another reason is that while there is a lot of information that has to be public just because of the nature of the Internet. • You may find information leaked to the rest of the world that the organization you are working for would do better to lock down.
Reconnaissance and Footprinting • The following are techniques used in the reconnaissance phase: 1. Using search engines to gather information 2. Using social networking platforms 3. Performing Google hacking 4. Performing DNS interrogation 5. Social engineering
Scanning and Enumeration • Once you have network blocks identified, you will want to identify systems that are accessible within those network blocks • More important, however, you will want to identify services running on any available host. • Ultimately, these services will be used as entry points. • The objective is to gain access, and that may be possible through exposed network services.
Scanning and Enumeration • This includes list of all open ports, which will be useful information, but also the identity of the service and software running behind each open port. • This may also result in gathering information that different services provide. • This includes the software providing the service, such as nginx, Apache, or IIS for a web server.
Scanning and Enumeration • The following are techniques used in the Scanning and Enumeration phase: 1. Checking for any live systems 2. Checking for firewalls and their rules 3. Checking for open network ports 4. Checking for running services 5. Checking for security vulnerabilities 6. Creating a network topology of the target network
Gaining Access • Gaining access is what many people consider to be the most important part of a penetration test, and for many, it’s the most interesting. • This is where you can demonstrate that some services are potentially vulnerable. • You do that by exploiting the service. • There are no theoretical or false positives when you have compromised a system or stolen data and you can prove it.
Gaining Access • This highlights one of the important aspects of any ethical hacking: documentation. • Just saying, “Hey, I did this” isn’t going to be sufficient. • You will need to demonstrate or prove in some way that you did manage to compromise the system.
Gaining Access • The following can occur once access is gained: 1. Password cracking 2. Exploiting vulnerabilities 3. Escalating privileges 4. Hiding files 5. Lateral movement
Maintaining Access • Once you are in, emulating common attack patterns means that you should maintain access. • If you’ve managed to compromise a user’s system, when the user shuts the system down, you will lose access. • This may mean that you will need to recompromise the system.
Maintaining Access • Since exploits are not always guaranteed to be effective, you may well not get in the next time you attempt the compromise. • Beyond that, you may have used a compromise that relied on a vulnerability that was fixed. • Your next attempt may fail because the vulnerability is no longer there.
Maintaining Access • You need to give yourself other means to get into the system so you can make sure you retain the ability to see what is happening on that system and potentially the enterprise network overall. • Maintaining access is often called persistence. • This is where any access mechanism is installed to persist on a system. • No matter whether a user logs out or reboots a system, the attacker can continue to get in.
Maintaining Access • This is commonly done by installing software that reaches out, or beacons, to systems on the Internet somewhere. • The reason for this is because inbound access is often blocked by a firewall. • Outbound access is often allowed from the inside of a network in a completely unrestricted manner.
Maintaining Access • The objectives of maintaining access are as follows: 1. Lateral movement 2. Exfiltration of data 3. Creating backdoor and persistent connections
Covering Tracks • Covering your tracks is where you hide or delete any evidence to which you managed to get access. • Additionally, you should cover up your continued access. • This can be accomplished with malware that ensures that your actions aren’t logged or perhaps misreports system information, like network connections. • One thing to keep in mind when you are trying to cover your tracks is that sometimes your actions may also provide evidence of your work.
Questions ?
Quiz 1. With the aid of suitable examples differentiate between Penetration Testing and Red Teaming. 2. Differentiate between initial recon and internal recon with real life scenario. 3. Explain why you need to spend most of your time on reconnaissance stage. 4. Explain cyber kill chain, attack lifecycle, and ethical hacking methodology.

Recommended

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.pptShivaniSingha1
 
Ethical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationEthical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationJay Nagar
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 

Recommended

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.pptShivaniSingha1
 
Ethical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationEthical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationJay Nagar
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Ethical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptxEthical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptxSamridhiJain47
 
Types of attack -Part2
Types of attack -Part2Types of attack -Part2
Types of attack -Part2SHUBHA CHATURVEDI
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Ethical_Hacking
Ethical_HackingEthical_Hacking
Ethical_HackingShahnawaz Sarkar
 
HACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSHACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSUK Defence Cyber School
 
Session Slide
Session SlideSession Slide
Session SlideMuralidharan Radhakrishnan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAditya Vikram Singhania
 
M.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxM.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxpawandeoli1
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universitypheonix4
 
ethical hacking.pptx
ethical hacking.pptxethical hacking.pptx
ethical hacking.pptxdaxgame
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
ch08.ppt
ch08.pptch08.ppt
ch08.pptHaipengCai1
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusionKishor Datta Gupta
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNitheesh Adithyan
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

More Related Content

Similar to Vulnerability assessment on cyber security

Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Ethical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptxEthical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptxSamridhiJain47
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
M.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxM.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxpawandeoli1
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universitypheonix4
 
ethical hacking.pptx
ethical hacking.pptxethical hacking.pptx
ethical hacking.pptxdaxgame
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 

Similar to Vulnerability assessment on cyber security (20)

Penentration testing
Penentration testingPenentration testing
Penentration testing
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1
 
Ethical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptxEthical Hacking Course-PPT.pptx
Ethical Hacking Course-PPT.pptx
 
Types of attack -Part2
Types of attack -Part2Types of attack -Part2
Types of attack -Part2
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Ethical_Hacking
Ethical_HackingEthical_Hacking
Ethical_Hacking
 
HACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSHACKERS ATTACK PROCESS
HACKERS ATTACK PROCESS
 
Session Slide
Session SlideSession Slide
Session Slide
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
M.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxM.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptx
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era university
 
ethical hacking.pptx
ethical hacking.pptxethical hacking.pptx
ethical hacking.pptx
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakale
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
Cyber intrusion
Cyber intrusionCyber intrusion
Cyber intrusion
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Vulnerability assessment on cyber security

  • 1. CBS4306 Systems Vulnerability Assessment and Testing Introduction to Ethical Hacking
  • 2. Introduction • A penetration tester is a professional who has the skills of a hacker. • They are hired by an organization to perform simulations of real world attacks on their network infrastructure with the objective of discovering security vulnerabilities before a real attack occurs.
  • 3. Introduction • The penetration tester does this task with written legal permission from the target organization. • To become a highly skilled hacker, it's vital to have a strong understanding of computers, networking, and programming, as well as how they work together. • Most importantly, however, you need creativity.
  • 4. Overview of Ethics • Most of the companies do not take vulnerability into account • Hackers may have tried to notify a company only to have that company ignore the contact.
  • 5. Overview of Ethical Hacking • Ethical hacking can be done under many different names. • Penetration testing or Pentest It’s essentially the same thing. • The idea of a penetration test is to attempt to penetrate the defenses of an organization.
  • 6. Overview of Ethical Hacking • Red teaming, which is generally considered a specific type of penetration test where the testers are adversarial to the organization and network under test. • A red teamer would actually act like an attacker, meaning they would try to be stealthy so as not to be detected.
  • 7. Methodologies • As with so many things, using a methodology is valuable when it comes to ethical hacking or security testing. • Methodologies can help with consistency, repeatability, and process improvement. • Consistency is important because you want to run the same sets of tests or probes no matter who you are testing against.
  • 8. Methodologies • Cyber Kill Chain • Attacker Lifecycle • Methodology of Ethical Hacking
  • 9. Cyber Kill Chain • A commonly referred-to framework in the information security space is the cyber kill chain. • A kill chain is a military concept of the structure of an attack. • The idea of a kill chain is that you can identify where the attacker is in their process so you can adapt your own response tactics. • Lockheed Martin, a defense contractor, adapted the military concept of a kill chain to the information security (or cybersecurity) space.
  • 11. Reconnaissance • This is where the attacker identifies their target as well as potential points of attack. • This may include identifying vulnerabilities that could be exploited. • There may be a lot of information about the target gathered in this phase, which will be useful later in the attack process.
  • 12. Weaponization • The attacker may create a custom piece of malware, for instance, that is specific to the target. • They may just use a piece of common off-the-Shelf (COTS) malware, though this has the potential to be discovered by antivirus software installed in the victim’s environment. • The attacker may decide this doesn’t matter by sending out more malicious software to more individuals.
  • 13. Delivery • Delivery is how you get the weapon (the malware or the link to a rogue website) into the victim’s environment. • This could be a network-based attack, meaning there is an exposed service that may be vulnerable to exploit remotely. • This could be sending an attachment in via email, or it could be that the malicious software is hosted on a web server the victim is expected to visit and get infected when they hit the website.
  • 14. Exploitation • Exploitation is when the malicious software infects the victim’s system.
  • 15. Installation • Exploitation leads to installation. • The attacker will install additional software to maintain access to the system and perhaps give them remote access to the system.
  • 16. Installation • Once installation is complete, the attacker moves to command and control. • The command-and-control phase gives attackers remote access to the infected system. • This may involve installation of additional software, or it may involve sending directives to the infected system. • The attacker may be trying to get information from the infected system or have the system perform actions like participating in a large-scale denial-of-service attack.
  • 17. Actions on Objectives • These actions are called actions on objectives. • Each attacker may have different objectives they are trying to achieve. • Attackers who are criminally oriented are probably looking for ways to monetize the infected systems by stealing information that could be stolen or by selling off access to another organization.
  • 18. Actions on Objectives • So-called nation-state actors may be looking to gain access to intellectual property. • No matter what the organization is, they have objectives they are trying to achieve. • They will keep going until they achieve those objectives, so there is a lot of activity that happens in this phase of the kill chain.
  • 19. Attack Lifecycle • The security technology and consulting company FireEye Mandiant often refers to a different methodology called the attack lifecycle. • This is different from the cyber kill chain, though there are some similarities. • Rather than a theoretical exercise or one with a military focus, the attack lifecycle describes exactly how attackers have operated for as far back as there have been attacks against computing infrastructure.
  • 21. Attack Lifecycle • One significant difference between the attack lifecycle is a recognition that the attack is not one and done. • There is a loop that happens in the middle. • Attackers don’t keep launching attacks from outside the network. • Once they get into the environment, they use the compromised systems as launch points for additional compromises within the environment.
  • 22. Initial Recon • Attackers will gain access to a system and use that system and anything discovered there, like credentials, to move off to another system in the network. • Before we get there, though, an attacker identifies a victim and potential attack possibilities in the initial recon stage.
  • 23. Initial Compromise • The attacker is doing reconnaissance, including identifying names and titles using open source intelligence, meaning they use public sources like social network sites, to generate attacks. • To gain access, they launch attacks commonly, these would be phishing attacks. • This is the initial compromise stage.
  • 24. Footholds • Once they have compromised a system, the attacker will work to establish footholds. • This includes making sure they retain access to the system so they can get back in when they need to. • It’s perhaps important to recognize that these attacks don’t happen in a bang-bang fashion.
  • 25. Footholds • It may take days or weeks or even months to move from one phase of the attack lifecycle to another. • This depends on the organization performing the attacks. • These are not individuals. • They are organizations, so there may be different employees working on different stages.
  • 26. Escalate Privileges • To do much else, the attacker will need to escalate privileges. • They need to have administrative privileges to move into the loop that happens as they continue to move through the environment, gathering additional systems along the way.
  • 27. Internal Recon • They will probably be gathering credentials from memory or disk here. • They will also be investigating connections the system is known to have had with other systems in the network. • This is a form of internal recon. • They may also be trying to identify other credentials that are known to the system.
  • 28. Move Laterally • The reconnaissance is necessary to be able to move laterally. • To make those lateral movements, attackers need to know what systems they have. • It may be servers, since individual systems are likely to know a lot of servers they communicate with, but it may also be individual workstations. • In an enterprise network, it may be possible to authenticate using captured credentials against other workstations, which may have access to different sets of servers.
  • 29. Maintain Presence • With every system the attacker gets access to, they need to maintain presence. • This means some form of persistence, so any malware that is allowing the attacker access remains running. • You might use the Windows registry, scheduled tasks, or other types of persistence to keep any malware running so the attacker can keep getting back in when they want.
  • 30. Complete Mission • The last phase of the attack lifecycle, though leaving it until the end is misleading, is complete mission. • Again, attacks tend not to be one and done. • Once an attacker is in your environment, they will likely be continuing to revisit to see if there is anything else you need. • The complete mission phase is where data may be exfiltrated from the environment.
  • 31. Methodology of Ethical Hacking • The basic methodology is meant to reproduce what real-life attackers would do. • You will see similarities here to both the cyber kill chain and the attack lifecycle. • Companies can shore up their security postures using information that comes from each stage covered here. • One thing to keep in mind when it comes to information security is that not everything is about protection or prevention.
  • 32. Methodology of Ethical Hacking 1. Reconnaissance and Footprinting 2. Scanning and Enumeration 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
  • 33. Reconnaissance and Footprinting • Reconnaissance is where you gather information about your target. • You want to understand the scope of your endeavor up front, of course. • This will help you narrow your actions so you aren’t engaging in anything that could be unethical. • You’ll have some sense of who your target is, but you may not have all the details.
  • 34. Reconnaissance and Footprinting • The objective of reconnaissance and footprinting is determining the size and scope of your test. • Footprinting is just getting an idea of the “footprint” of the organization, meaning the size and appearance. • This means trying to identify network blocks, hosts, locations, and people. • The information gathered here will be used later as you progress through additional stages.
  • 35. Reconnaissance and Footprinting • Gathering the details of your target is one of the reasons for performing reconnaissance. • Another reason is that while there is a lot of information that has to be public just because of the nature of the Internet. • You may find information leaked to the rest of the world that the organization you are working for would do better to lock down.
  • 36. Reconnaissance and Footprinting • The following are techniques used in the reconnaissance phase: 1. Using search engines to gather information 2. Using social networking platforms 3. Performing Google hacking 4. Performing DNS interrogation 5. Social engineering
  • 37. Scanning and Enumeration • Once you have network blocks identified, you will want to identify systems that are accessible within those network blocks • More important, however, you will want to identify services running on any available host. • Ultimately, these services will be used as entry points. • The objective is to gain access, and that may be possible through exposed network services.
  • 38. Scanning and Enumeration • This includes list of all open ports, which will be useful information, but also the identity of the service and software running behind each open port. • This may also result in gathering information that different services provide. • This includes the software providing the service, such as nginx, Apache, or IIS for a web server.
  • 39. Scanning and Enumeration • The following are techniques used in the Scanning and Enumeration phase: 1. Checking for any live systems 2. Checking for firewalls and their rules 3. Checking for open network ports 4. Checking for running services 5. Checking for security vulnerabilities 6. Creating a network topology of the target network
  • 40. Gaining Access • Gaining access is what many people consider to be the most important part of a penetration test, and for many, it’s the most interesting. • This is where you can demonstrate that some services are potentially vulnerable. • You do that by exploiting the service. • There are no theoretical or false positives when you have compromised a system or stolen data and you can prove it.
  • 41. Gaining Access • This highlights one of the important aspects of any ethical hacking: documentation. • Just saying, “Hey, I did this” isn’t going to be sufficient. • You will need to demonstrate or prove in some way that you did manage to compromise the system.
  • 42. Gaining Access • The following can occur once access is gained: 1. Password cracking 2. Exploiting vulnerabilities 3. Escalating privileges 4. Hiding files 5. Lateral movement
  • 43. Maintaining Access • Once you are in, emulating common attack patterns means that you should maintain access. • If you’ve managed to compromise a user’s system, when the user shuts the system down, you will lose access. • This may mean that you will need to recompromise the system.
  • 44. Maintaining Access • Since exploits are not always guaranteed to be effective, you may well not get in the next time you attempt the compromise. • Beyond that, you may have used a compromise that relied on a vulnerability that was fixed. • Your next attempt may fail because the vulnerability is no longer there.
  • 45. Maintaining Access • You need to give yourself other means to get into the system so you can make sure you retain the ability to see what is happening on that system and potentially the enterprise network overall. • Maintaining access is often called persistence. • This is where any access mechanism is installed to persist on a system. • No matter whether a user logs out or reboots a system, the attacker can continue to get in.
  • 46. Maintaining Access • This is commonly done by installing software that reaches out, or beacons, to systems on the Internet somewhere. • The reason for this is because inbound access is often blocked by a firewall. • Outbound access is often allowed from the inside of a network in a completely unrestricted manner.
  • 47. Maintaining Access • The objectives of maintaining access are as follows: 1. Lateral movement 2. Exfiltration of data 3. Creating backdoor and persistent connections
  • 48. Covering Tracks • Covering your tracks is where you hide or delete any evidence to which you managed to get access. • Additionally, you should cover up your continued access. • This can be accomplished with malware that ensures that your actions aren’t logged or perhaps misreports system information, like network connections. • One thing to keep in mind when you are trying to cover your tracks is that sometimes your actions may also provide evidence of your work.
  • 50. Quiz 1. With the aid of suitable examples differentiate between Penetration Testing and Red Teaming. 2. Differentiate between initial recon and internal recon with real life scenario. 3. Explain why you need to spend most of your time on reconnaissance stage. 4. Explain cyber kill chain, attack lifecycle, and ethical hacking methodology.