Penetrasi Jaringan

2,288 views

Published on

Penetrasi Jaringan,
seminar Security Day with Jasakomers pada tanggal 27 Februari 2010 di PoltekPos Indonesia, Bandung.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,288
On SlideShare
0
From Embeds
0
Number of Embeds
134
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Penetrasi Jaringan

  1. 1. Security Day with Jasakomers 07:38 AM
  2. 2. <ul><li>Tom Gregory </li></ul><ul><li>Jasakom Moderator </li></ul>07:38 AM
  3. 3. Penetrasi Jaringan 07:38 AM
  4. 4. Penetrasi? 07:38 AM
  5. 5. <ul><li>Legal atau Illegal </li></ul>07:38 AM
  6. 6. legal <ul><li>Security Professional </li></ul><ul><li>Professional Penetration Tester </li></ul><ul><li>Target ditentukan </li></ul><ul><li>Aturan main </li></ul>07:38 AM
  7. 7. illegal <ul><li>Google - Cari dan serang </li></ul><ul><li>Cenderung hobby </li></ul>07:38 AM
  8. 8. Tipe-Tipe Penetration Test 07:38 AM
  9. 9. Black Box <ul><li>Test penetrasi tanpa informasi tentang target </li></ul>07:38 AM
  10. 10. White Box <ul><li>Test penetrasi dengan informasi tentang target </li></ul>Infrastruktur jaringan, alamat website, dll 07:38 AM
  11. 11. metodologi <ul><li>Information gathering </li></ul><ul><li>Scanning </li></ul><ul><li>Enumeration </li></ul><ul><li>Gaining Access / Exploitation </li></ul><ul><li>Enumerating Further </li></ul><ul><li>Covering Track </li></ul><ul><li>Backdooring </li></ul>07:38 AM
  12. 12. 1. gather info on the target host hello system, how are you? 07:38 AM
  13. 13. Domain Information Domain Name : kampus.ac.id Type : Education Organization : Kampus Universitas Technical Contact Name : Budi M NIC Handle : budi34 Name Server : ns1.kampus.ac.id                               IP Address : 202.58.2.129 Name Server : kampus.ac.id              IP Address : 202.58.2.130 whois 07:38 AM
  14. 14. Googleisyourbestfriend password username vulnerabilities information servers credit card error messages Googling CCTV webcam database http://j0hnny.ihackstuff.com 07:38 AM
  15. 15. 2. scan / sniff to find a way in map – learn – let the packets guide you 07:38 AM
  16. 16. The Matrix: Reloaded 07:38 AM
  17. 17. Die Hard 4: Live free or Die hard 07:38 AM
  18. 18. 3. exploit vulnerabilities got root or admin? 07:38 AM
  19. 19. 07:38 AM
  20. 20. 4. covering track lose your feet anywhere 07:38 AM
  21. 21. 5. backdoor the system knock..knock..anybody home? 07:38 AM
  22. 22. Tools <ul><li>Scanner </li></ul><ul><ul><li>Nmap </li></ul></ul><ul><ul><li>Superscan </li></ul></ul><ul><li>Vulnerability Scanner </li></ul><ul><ul><li>Nessus </li></ul></ul><ul><ul><li>NeXpose </li></ul></ul><ul><li>Eksploitasi </li></ul><ul><ul><li>Metasploit </li></ul></ul>07:38 AM
  23. 23. 07:38 AM
  24. 24. Metasploit <ul><li>Fungsi </li></ul><ul><li>Tool Eksploitasi </li></ul><ul><li>Fitur </li></ul><ul><li>Auto exploit </li></ul><ul><li>Platform </li></ul><ul><li>Linux </li></ul><ul><li>Windows </li></ul><ul><li>*nix </li></ul><ul><li>Handheld (Nokia, Maemo, Android) </li></ul>07:38 AM
  25. 25. 07:38 AM
  26. 26. 07:38 AM
  27. 27. Introducing <ul><li>Social Engineering Toolkit </li></ul><ul><ul><li>Fake email generator </li></ul></ul><ul><ul><li>Fake Website generator </li></ul></ul><ul><ul><li>Combine with metasploit </li></ul></ul><ul><li>http://www.social-engineering.org </li></ul>07:38 AM
  28. 28. demo client side attack 07:38 AM
  29. 29. skenario 07:38 AM
  30. 30. 07:38 AM
  31. 31. EoP end of presentation tom[at]jasakom[dot]com http://tom.postnix.org 07:38 AM

×