The Business of
Penetration Testing
Jacolon Walker

Agenda
●
Introduction about me
●
Penetration testing
Methodology
●
Pentesting Frameworks
●
Customizing your tool set
●
Engagement Prep
Post Engagement

The about me stuff
●
6 years in InfoSec
●
My talk not sponsored by employers
●
Write code, exploits, reverse malware for fun and sometimes profit
●
Have Certs

Ethical Pentesting
●
Methodology?
No such thing if you want to be successful
●
You need to think like a hacker
●
Pentesting methodologies cover all grounds and help win assessments

Penetration Methodology
●
5 step process
●
Reconnaissance
●
Scanning & Enumeration
●
Gaining Access
●
Maintaining Access
●
Covering Tracks

Reconnaissance

Penetration Methodology
●
Cont.
Reconnaissance
– Gathering information passively
– Not actively scanning or exploiting anything
– Harvesting information
●
Bing, google, yahoo, yandex
Way back machine (archive)

Penetration Methodology
●
Cont.
Scanning & Enumeration
– Target discovery
– Enumerating
– Vulnerability mapping

DEMO
●
Maltego
●
Recon-ng
●
Theharvester
●
Nmap

OSINT ALL THE DATA

Penetration Methodology
●
Cont.
Gaining Access
– Mapped vulns
– Important to penetrate gaining user and escalating privs
– Try multiple vectors. This is actually a decently easy part
– Web application, wifi, social engineer.

Penetration Methodology
●
Cont.
Maintaining Access
– Keeping account access
– Privilege escalation
– Pivoting to own all
– ET phone home

DEMO
●
Metasploit
●
Post scripts

Broken? No luck?

Penetration Methodology
●
Cont.
Covering Tracks
– Removing tools
– Backdoors, ET phone homes
– Clearing logs
– Windows security, application and system logs
– Linux /var/log/*
– Remove audit logs

Penetration Frameworks
● vulnerabilityassessment.co.u
k
● pentest-standard.org
●
Open Source Security Testing
Methodology Manual
(OSSTMM)
●
Information Systems

Customizing your toolset
●
Kali Linux – The new backtrack
●
Use your methodology to help build this
●
Recon, Scanning,
Exploitation, Post exploitation

My toolset
●
A few things in my tool set
●
Recon-ng / Theharvester
●
Burpsuite
●
Nmap / p0f / ncat
●
Nessus / CoreImpact / Acunetix /
Saint

Toolset Demo
●
Demonstrating some of the tools I use

Finally the assessment is over? No http://nooooooooooooooo.com

Pre-engagement Prep
●
You are selling a Service so....
●
Sell something
●
Tools customization
●
Knowing what offers and market rates are

Engagement Sold!!!
●
Scope of work
●
Understand what the client wants
●
Black, gray, white box testing or red teaming
●
How long assessment will take
●
What to expect from the assessment
●
Client contacts from project manager

Post Engagement
●
Report writing
●
Any issues occur? Could they have been prevented? Can it be fixed?
●
Did you get what you wanted from the engagement? Profit?

Report Writing
●
It is the last thing the customer sees. Make it the best thing they see
●
Customers are paying for quality
●
Different reports for various teams
●
Executive Summary
●
Detailed Summary
●
I could write a whole presentation about this but I will not

Wrapping it all up
●
Pentesting has numerous components
●
Its not always about hacking its about research and business
●
Making sure you are NICHE at what you do. Know your target and field