Penetration testing slides

Download Report

Transcript Penetration testing slides

The Business of
Penetration Testing
Jacolon Walker
Agenda
Introduction about me
● Penetration testing
Methodology
● Pentesting Frameworks
● Customizing your tool set
● Engagement Prep
●
The about me stuff
6 years in InfoSec
● My talk not sponsored by
employers
● Write code, exploits, reverse
malware for fun and
sometimes profit
●
Ethical Pentesting
Methodology?
No such thing if you want to
be successful
● You need to think like a
hacker
● Pentesting methodologies
cover all grounds and help
●
Penetration Methodology
5 step process
● Reconnaissance
● Scanning & Enumeration
● Gaining Access
● Maintaining Access
● Covering Tracks
●
Reconnaissance
Penetration Methodology
Cont.
●
Reconnaissance
– Gathering
information
passively
– Not actively scanning or
exploiting anything
– Harvesting information
●
Bing, google, yahoo, yandex
Penetration Methodology
Cont.
●
Scanning & Enumeration
– Target
discovery
– Enumerating
– Vulnerability mapping
DEMO
Maltego
● Recon-ng
● Theharvester
● Nmap
●
OSINT ALL THE DATA
Penetration Methodology
Cont.
●
Gaining Access
– Mapped
vulns
– Important to penetrate gaining
user and escalating privs
– Try multiple vectors. This is
actually a decently easy part
– Web application, wifi, social
Penetration Methodology
Cont.
●
Maintaining Access
– Keeping
account access
– Privilege escalation
– Pivoting to own all
– ET phone home
DEMO
Metasploit
● Post scripts
●
Broken? No luck?
Penetration Methodology
Cont.
●
Covering Tracks
– Removing
tools
– Backdoors, ET phone homes
– Clearing logs
– Windows security, application
and system logs
– Linux /var/log/*
Penetration Frameworks
vulnerabilityassessment.co.u
k
● pentest-standard.org
● Open Source Security Testing
Methodology Manual
(OSSTMM)
●
Customizing your toolset
●
Kali Linux – The new
backtrack
Use your methodology to
help build this
●
Recon, Scanning,
Exploitation, Post
●
My toolset
●
A few things in my tool set
●
Recon-ng / Theharvester
●
Burpsuite
●
Nmap / p0f / ncat
●
Nessus / CoreImpact / Acunetix /
Saint
Toolset Demo
●
Demonstrating some of the
tools I use
Finally the assessment
is over? No
http://nooooooooooooooo.com
Pre-engagement Prep
●
●
●
●
You are selling a Service
so....
Sell something
Tools customization
Knowing what offers and market
rates are
Engagement Sold!!!
●
●
Scope of work
Understand what the client wants
●
Black, gray, white box testing or red
teaming
●
How long assessment will take
●
What to expect from the assessment
Post Engagement
●
●
●
Report writing
Any issues occur? Could they
have been prevented? Can it
be fixed?
Did you get what you wanted
from the engagement? Profit?
Report Writing
●
It is the last thing the customer sees. Make it the best thing they see
●
Customers are paying for quality
●
Different reports for various teams
●
●
Executive Summary
●
Detailed Summary
I could write a whole presentation about this but I will not
Wrapping it all up
●
●
●
Pentesting has numerous
components
Its not always about hacking its
about research and business
Making sure you are NICHE at
what you do. Know your target
and field