SlideShare a Scribd company logo
WTF is Penetration Testing?
An Overview of Who, What, Where, When, and Why
Scott Sutherland
Ryan Wakeham
• Scott Sutherland
Principle Security Consultant
NetSPI
• Ryan Wakeham
Director of Consulting
NetSPI
Who are we?
Presentation Overview
• What is a “pen test”?
• Why do companies “pen test”?
• Who does “pen testing”?
• What skills are required?
‒ Non Technical Skillset
‒ Basic Technical Skillset
‒ Offensive and Defensive Knowledge
• What are some Common Tools?
• Pen Testing as a Career
• Attack Demo: SQL Inject World
• Questions
What is Penetration Testing?
Our Definition:
“The process of evaluating systems,
applications, and protocols with the intent
of identifying vulnerabilities from the
perspective of an unprivileged or
anonymous user to determine the real
world impact…”
“…legally and under contract”
Why do Companies Pen Test?
• Compliance Requirements
• Validate Existing Controls
• Identify Unknown Security Gaps
• Prioritize Existing Security Initiatives
• Prevent Data Breaches
• Test IDS / IPS / IRP
What are the Technical Objectives?
• Client specific objectives first
• Identify and verify all entry points
• Identify critical escalation points
• Gain unauthorized access to:
‒ Application functionality
‒ Critical systems
‒ Sensitive data
Assessment VS. Penetration
• Vulnerability Assessment and
Penetration Testing Answer:
‒ What are my system layer vulnerabilities?
‒ Where are my system layer vulnerabilities?
‒ How wide spread are my system layer
vulnerabilities?
‒ Can I identify attacks?
‒ How do I fix my vulnerabilities?
Assessment VS. Penetration
• Penetration Testing Answers:
‒ What are my high impact network layer issues?
‒ What are my high impact application layer
issues?
‒ Can an attacker gain unauthorized access to:
• critical infrastructure that provides
privileged access or cause service disruptions
• critical application functionality that the
business depends on
• sensitive data that the business would be
required to report on if a breach occurs
‒ Can an attacker bypass our IPS / WAF?
‒ Can an attacker pivot from environment A to
environment B?
Common Penetration Test Approach
• Kickoff: Scope, cost, testing windows, risks etc
• Information Gathering
• Vulnerability Enumeration
• Penetration
• Escalation
• Evidence Gathering (Pilfering)
• Clean up
• Report Creation
• Report Delivery and Review
• Remediation
Who Conducts Pen Testing?
• Internal Employees
• Security Analyst
• Security Consultant
• Third Parties
• Audit Firms
• Security Consultants
Rules of Engagement
• Have fun, but…Hack Responsibly!
• Written permission
• Stay in scope
• No DoS
• Don’t change major state
• Restore state
• Clear communication
What Skills are Needed?
• Non Technical
• Basic Technical
• Offensive
• Defensive
• Common Tools
Non Technical Skillset
• Written and Verbal Communications
• Emails/phone calls
• Report development
• Small and large group presentations
• Professionalism
• Respecting others, setting, and
meeting expectations
• Troubleshooting Mindset
• Never give up, never surrender
• Where there is a will, there is a way
• Ethics
• Don’t do bad things
• Pros (career) vs. Cons (jail)
• Hack responsibly
Basic Technical Skillset
• Windows Desktop Administration
• Windows Domain Administration
• Linux and Unix Administration
• Network Infrastructure Administration
• Application Development
• Scripting (Ruby, Python, PHP, Bash, PS, Batch)
• Managed languages (.Net, Java, Davlik)
• Unmanaged languages (C, C++)
Offensive and Defensive Knowledge
• System enumeration and service
fingerprinting
• Linux system exploitation and escalation
• Windows system exploitation and escalation
• Network system exploitation and escalation
• Protocol exploitation
• Web application exploitation (OWASP)
• Reverse engineering client-server
applications + AV Evasion
• Social engineering techniques (onsite,
phone, email)
Common Tools
There are hundreds of “hacker” tools.
Generally, you need to have enough
knowledge to know what tool or tool(s) is
right for the task at hand….
…and if one doesn’t exist, then create it.
Common Tools
That being said…
Common Tools
• Knowledge > Tools
• Understand the core technologies
• Understand the core offensive techniques
• Understand the core defensive techniques
• Network Penetration Testing
• BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS,
NEXPOSE, WCE, MIMIKATZ, AirCrack-ng,
METASPLOIT… and NATIVE TOOLS!
• Application Penetration Testing
• BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQL
Ninja, and BEEF…. and commercial tools
Pen Testing as a Career: Common Paths
• Internal Paths
• Help Desk
• IT Support
• IT Admin
• Security Analyst
• Senior Security Analyst
• Internal Consultant
• CISO
• Security Consulting Paths
• Internship
• Consultant
• Senior Consultant
• Principle Consultant
• Team Lead
• Director
Security consultants
often end up in
malware research or
exploit
development, but
some go corporate.
Internal employees
often stay internal.
Pen Testing as a Career: How to Start
• Read and learn! – There is no “end”
• Tap into the community!
• Research and Development
• Contribute to open source projects
• Present research at conferences
• Training and Certifications
• Community: DC612, OWASP, Conferences, etc
• Professional ($): SANS, OffSec, CISSP, etc
• Volunteer
• Internships
BE SAFE and
HACK RESPONSIBLY
Questions
Questions,
comments, curses?

More Related Content

What's hot

The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
jasonhaddix
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testing
devanshdubey7
 
Ethical Hacking & Penetration Testing
Ethical  Hacking &  Penetration  TestingEthical  Hacking &  Penetration  Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
Priyanka Aash
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
EC-Council
 
Web attacks
Web attacksWeb attacks
Web attacks
husnara mohammad
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
jstnkndy
 
Addios!
Addios!Addios!
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
Chong-Kuan Chen
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
Priyanka Aash
 
The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George Dobrea
EC-Council
 
Myths and Misperceptions of Open Source Security
Myths and Misperceptions of Open Source Security Myths and Misperceptions of Open Source Security
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 

What's hot (20)

The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testing
 
Ethical Hacking & Penetration Testing
Ethical  Hacking &  Penetration  TestingEthical  Hacking &  Penetration  Testing
Ethical Hacking & Penetration Testing
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
 
Addios!
Addios!Addios!
Addios!
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
 
The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George Dobrea
 
Myths and Misperceptions of Open Source Security
Myths and Misperceptions of Open Source Security Myths and Misperceptions of Open Source Security
Myths and Misperceptions of Open Source Security
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 

Viewers also liked

Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
NetSPI
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One -  A ClickOnce Love Story - Secure360 2015All You Need is One -  A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the Cheap
NetSPI
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Open Source Tools & Data Science Competitions
Open Source Tools & Data Science Competitions Open Source Tools & Data Science Competitions
Open Source Tools & Data Science Competitions
odsc
 
1114 sasaki-metadata
1114 sasaki-metadata1114 sasaki-metadata
1114 sasaki-metadata
Felix Sasaki
 
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
Drughe .it
 
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
Memory Promotional Enterprise
 

Viewers also liked (18)

Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One -  A ClickOnce Love Story - Secure360 2015All You Need is One -  A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the Cheap
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Open Source Tools & Data Science Competitions
Open Source Tools & Data Science Competitions Open Source Tools & Data Science Competitions
Open Source Tools & Data Science Competitions
 
1114 sasaki-metadata
1114 sasaki-metadata1114 sasaki-metadata
1114 sasaki-metadata
 
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
Convegno “ Stress, molestie lavorative e organizzative del lavoro: aspetti pr...
 
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
Como Planejar sua Campanha Promocional com Brindes | Apresentação 2 de 3
 

Similar to WTF is Penetration Testing

WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
Scott Sutherland
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
Anant Shrivastava
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...
Jason Broz, CIPP/US
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
Security Innovation
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
Lalit Kale
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
apidays
 
The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
gcara4
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
Ahmed Sayed-
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
ImXaib
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
Black Duck by Synopsys
 

Similar to WTF is Penetration Testing (20)

WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...
 
The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptxthreat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
threat_and_vulnerability_management_-_ryan_elmer_-_frsecure.pptx
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 

Recently uploaded

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 

Recently uploaded (20)

GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 

WTF is Penetration Testing

  • 1. WTF is Penetration Testing? An Overview of Who, What, Where, When, and Why Scott Sutherland Ryan Wakeham
  • 2. • Scott Sutherland Principle Security Consultant NetSPI • Ryan Wakeham Director of Consulting NetSPI Who are we?
  • 3. Presentation Overview • What is a “pen test”? • Why do companies “pen test”? • Who does “pen testing”? • What skills are required? ‒ Non Technical Skillset ‒ Basic Technical Skillset ‒ Offensive and Defensive Knowledge • What are some Common Tools? • Pen Testing as a Career • Attack Demo: SQL Inject World • Questions
  • 4. What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities from the perspective of an unprivileged or anonymous user to determine the real world impact…” “…legally and under contract”
  • 5. Why do Companies Pen Test? • Compliance Requirements • Validate Existing Controls • Identify Unknown Security Gaps • Prioritize Existing Security Initiatives • Prevent Data Breaches • Test IDS / IPS / IRP
  • 6. What are the Technical Objectives? • Client specific objectives first • Identify and verify all entry points • Identify critical escalation points • Gain unauthorized access to: ‒ Application functionality ‒ Critical systems ‒ Sensitive data
  • 7. Assessment VS. Penetration • Vulnerability Assessment and Penetration Testing Answer: ‒ What are my system layer vulnerabilities? ‒ Where are my system layer vulnerabilities? ‒ How wide spread are my system layer vulnerabilities? ‒ Can I identify attacks? ‒ How do I fix my vulnerabilities?
  • 8. Assessment VS. Penetration • Penetration Testing Answers: ‒ What are my high impact network layer issues? ‒ What are my high impact application layer issues? ‒ Can an attacker gain unauthorized access to: • critical infrastructure that provides privileged access or cause service disruptions • critical application functionality that the business depends on • sensitive data that the business would be required to report on if a breach occurs ‒ Can an attacker bypass our IPS / WAF? ‒ Can an attacker pivot from environment A to environment B?
  • 9. Common Penetration Test Approach • Kickoff: Scope, cost, testing windows, risks etc • Information Gathering • Vulnerability Enumeration • Penetration • Escalation • Evidence Gathering (Pilfering) • Clean up • Report Creation • Report Delivery and Review • Remediation
  • 10. Who Conducts Pen Testing? • Internal Employees • Security Analyst • Security Consultant • Third Parties • Audit Firms • Security Consultants
  • 11. Rules of Engagement • Have fun, but…Hack Responsibly! • Written permission • Stay in scope • No DoS • Don’t change major state • Restore state • Clear communication
  • 12. What Skills are Needed? • Non Technical • Basic Technical • Offensive • Defensive • Common Tools
  • 13. Non Technical Skillset • Written and Verbal Communications • Emails/phone calls • Report development • Small and large group presentations • Professionalism • Respecting others, setting, and meeting expectations • Troubleshooting Mindset • Never give up, never surrender • Where there is a will, there is a way • Ethics • Don’t do bad things • Pros (career) vs. Cons (jail) • Hack responsibly
  • 14. Basic Technical Skillset • Windows Desktop Administration • Windows Domain Administration • Linux and Unix Administration • Network Infrastructure Administration • Application Development • Scripting (Ruby, Python, PHP, Bash, PS, Batch) • Managed languages (.Net, Java, Davlik) • Unmanaged languages (C, C++)
  • 15. Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation (OWASP) • Reverse engineering client-server applications + AV Evasion • Social engineering techniques (onsite, phone, email)
  • 16. Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
  • 18. Common Tools • Knowledge > Tools • Understand the core technologies • Understand the core offensive techniques • Understand the core defensive techniques • Network Penetration Testing • BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS, NEXPOSE, WCE, MIMIKATZ, AirCrack-ng, METASPLOIT… and NATIVE TOOLS! • Application Penetration Testing • BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQL Ninja, and BEEF…. and commercial tools
  • 19. Pen Testing as a Career: Common Paths • Internal Paths • Help Desk • IT Support • IT Admin • Security Analyst • Senior Security Analyst • Internal Consultant • CISO • Security Consulting Paths • Internship • Consultant • Senior Consultant • Principle Consultant • Team Lead • Director Security consultants often end up in malware research or exploit development, but some go corporate. Internal employees often stay internal.
  • 20. Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and Development • Contribute to open source projects • Present research at conferences • Training and Certifications • Community: DC612, OWASP, Conferences, etc • Professional ($): SANS, OffSec, CISSP, etc • Volunteer • Internships
  • 21. BE SAFE and HACK RESPONSIBLY