Security Penetration Testing and Ethical Hacking




User groups
o Cisco, SQL, Virtualization



Conferences

o GrrCON, SQL Saturday

RSS
 Content on
Hands-On
Security Street
o Capture the Flag
o Forensics
Exploit-DB updates
SecurityFocus Vuln..

Twitter




@markrussinovich
@Wh1t3Rabbit
@EggDropX
@msftsecurity

Network communication vital
Proxies
Corporate/Windows Firewalls
Problem: Hackers don’t care about Authorization

BackTrack (bt)
• Bootable, vm, phone
o Zenmap
o Metasploit framework
• 927+ exploits
• 251+ payloads
• Meterpreter
o Social Engineering Toolkit
o Netdiscover
o Fasttrack & autopwn

Kali Linux
• Bootable, vm, phone
o Metasploit framework
• 927+ exploits
• 251+ payloads
• Meterpreter
o Social Engineering Toolkit
o nmap
o BBQSQL (sql injection)
o Hydra
o Top 10 List
o AND MORE!

Interesting Commands
o Getuid
o GetSystem
o Ps
o kill
o Migrate
o Shell
o Hashdump
o Webcam_snap
o clearev




If you are not patching, no reason for pen testing
Don’t forget 3rd party utilities
Peer review servers
Cleanup!

Reversing patches is common practice
o Midi file buffer overflow exploited in wild 16 days after the patch







Common msf exploits used MSYY- naming convention
CVE – common vulnerabilities and exposures
Know unsupported dates
WSUS
SCCM
Orchestrator
WMI qfe
True or False: When using SQL Server Authentication in
version 11 (2012), the password is encrypted over the
network.
True or False: When using SQL Server Authentication in
version 11 (2012), the password is encrypted over the
network. IT DEPENDS


Default of 0 allows for brute force
10 proves to be sufficient in this case
Bonus!




Default 3rd party passwords
Accidental administrators(Dev)
Extra un-used services(Writer)
Weak DBA Windows passwords

Layers that still work
o Firewalls
o Strong Passwords
o Antivirus
o Patches
o Group Policy
o Log Monitoring
o Least privilege
o Audits and Testing

DR
o Did someone say zombies?

Don’t be a disabler for business.

Other hacks?
o ‘ OR 1=1; -- Create table, insert web.config
o Browser based attacks
o The next MS08_067

Review whiteboarding









https://www.owasp.org/index.php/Top_10_2010-Main
http://msdn.microsoft.com/en-us/library/ms189067.aspx
https://community.rapid7.com/welcome
http://www.kali.org/
http://www.metasploit.com/modules/
http://www.youtube.com/
http://grrcon.org/
http://nujakcities.wordpress.com
nujak3000@yahoo.com