Security Penetration Testing and Ethical Hacking
Download
Report
Transcript Security Penetration Testing and Ethical Hacking
User groups
o Cisco, SQL, Virtualization
Conferences
o GrrCON, SQL Saturday
RSS
Content on
Hands-On
Security Street
o Capture the Flag
o Forensics
Exploit-DB updates
SecurityFocus Vuln..
Twitter
@markrussinovich
@Wh1t3Rabbit
@EggDropX
@msftsecurity
Network communication vital
Proxies
Corporate/Windows Firewalls
Problem: Hackers don’t care about Authorization
BackTrack (bt)
• Bootable, vm, phone
o Zenmap
o Metasploit framework
• 927+ exploits
• 251+ payloads
• Meterpreter
o Social Engineering Toolkit
o Netdiscover
o Fasttrack & autopwn
Kali Linux
• Bootable, vm, phone
o Metasploit framework
• 927+ exploits
• 251+ payloads
• Meterpreter
o Social Engineering Toolkit
o nmap
o BBQSQL (sql injection)
o Hydra
o Top 10 List
o AND MORE!
Interesting Commands
o Getuid
o GetSystem
o Ps
o kill
o Migrate
o Shell
o Hashdump
o Webcam_snap
o clearev
If you are not patching, no reason for pen testing
Don’t forget 3rd party utilities
Peer review servers
Cleanup!
Reversing patches is common practice
o Midi file buffer overflow exploited in wild 16 days after the patch
Common msf exploits used MSYY- naming convention
CVE – common vulnerabilities and exposures
Know unsupported dates
WSUS
SCCM
Orchestrator
WMI qfe
True or False: When using SQL Server Authentication in
version 11 (2012), the password is encrypted over the
network.
True or False: When using SQL Server Authentication in
version 11 (2012), the password is encrypted over the
network. IT DEPENDS
Default of 0 allows for brute force
10 proves to be sufficient in this case
Bonus!
Default 3rd party passwords
Accidental administrators(Dev)
Extra un-used services(Writer)
Weak DBA Windows passwords
Layers that still work
o Firewalls
o Strong Passwords
o Antivirus
o Patches
o Group Policy
o Log Monitoring
o Least privilege
o Audits and Testing
DR
o Did someone say zombies?
Don’t be a disabler for business.
Other hacks?
o ‘ OR 1=1; -- Create table, insert web.config
o Browser based attacks
o The next MS08_067
Review whiteboarding
https://www.owasp.org/index.php/Top_10_2010-Main
http://msdn.microsoft.com/en-us/library/ms189067.aspx
https://community.rapid7.com/welcome
http://www.kali.org/
http://www.metasploit.com/modules/
http://www.youtube.com/
http://grrcon.org/
http://nujakcities.wordpress.com
[email protected]