User groups o Cisco, SQL, Virtualization Conferences o GrrCON, SQL Saturday RSS Content on Hands-On Security Street o Capture the Flag o Forensics Exploit-DB updates SecurityFocus Vuln.. Twitter @markrussinovich @Wh1t3Rabbit @EggDropX @msftsecurity Network communication vital Proxies Corporate/Windows Firewalls Problem: Hackers don’t care about Authorization BackTrack (bt) • Bootable, vm, phone o Zenmap o Metasploit framework • 927+ exploits • 251+ payloads • Meterpreter o Social Engineering Toolkit o Netdiscover o Fasttrack & autopwn Kali Linux • Bootable, vm, phone o Metasploit framework • 927+ exploits • 251+ payloads • Meterpreter o Social Engineering Toolkit o nmap o BBQSQL (sql injection) o Hydra o Top 10 List o AND MORE! Interesting Commands o Getuid o GetSystem o Ps o kill o Migrate o Shell o Hashdump o Webcam_snap o clearev If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers Cleanup! Reversing patches is common practice o Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates WSUS SCCM Orchestrator WMI qfe True or False: When using SQL Server Authentication in version 11 (2012), the password is encrypted over the network. True or False: When using SQL Server Authentication in version 11 (2012), the password is encrypted over the network. IT DEPENDS Default of 0 allows for brute force 10 proves to be sufficient in this case Bonus! Default 3rd party passwords Accidental administrators(Dev) Extra un-used services(Writer) Weak DBA Windows passwords Layers that still work o Firewalls o Strong Passwords o Antivirus o Patches o Group Policy o Log Monitoring o Least privilege o Audits and Testing DR o Did someone say zombies? Don’t be a disabler for business. Other hacks? o ‘ OR 1=1; -- Create table, insert web.config o Browser based attacks o The next MS08_067 Review whiteboarding https://www.owasp.org/index.php/Top_10_2010-Main http://msdn.microsoft.com/en-us/library/ms189067.aspx https://community.rapid7.com/welcome http://www.kali.org/ http://www.metasploit.com/modules/ http://www.youtube.com/ http://grrcon.org/ http://nujakcities.wordpress.com nujak3000@yahoo.com