BackTrack Penetration Testing Workshop

Transcript BackTrack Penetration Testing Workshop

BackTrack Penetration Testing
Workshop
Michael Holcomb, CISSP
Upstate ISSA Chapter
Agenda






Introductions
Schedule
Workshop Format
The Attacker Methodology
Penetration Testing Execution
Standard (PTES)
Pentester Job Requirements
Disclaimer

Do not try this at home… without
permission!
Introductions




Name
Company
Position
Previous Experience



Windows & Linux
Penetration Testing
BackTrack
Schedule

Hours (9:00AM to 4:30PM)



10:20 to 10:30 - Break
11:00 to 12:30 – ISSA Chapter Meeting
2:45 to 3:00 - Break
Workshop Format



Session Materials
Practice Exercises
Workshop Survey
The Hacker Methodology





Information Gathering
Vulnerability Assessment
Exploitation
Privilege Escalation
Maintaining Access
Penetration Testing Execution
Standard (PTES)







Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
Pentester Job Requirements






System and application scanning using
analysis tools
Validate automated testing results
Conduct manual analysis
Evaluate and communicate risk
Provide feedback and guidance
Certifications (CEH, CISA, CISSP,
OCSP)
Physical Security


Most overlooked area of Information
Security
If you can touch it, you can p0wn it!
www.securitywizardry.com/radar.htm
Bookmarks







VMware (vmware.com)
BackTrack 5 R3 (backtrack-linux.org)
Metasploitable (offensive-security.com)
Web Security Dojo (mavensecurity.com)
Pauldotcom (pauldotcom.com)
OCSP (offensive-security.com)
Katana (hackfromacave.com)

BackTrack Penetration Testing Workshop

Transcript BackTrack Penetration Testing Workshop

Directory