Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Demystifying Penetration Testing for the Enterprise

advertisement 
Demystifying Penetration
Testing for the Enterprise
Presented by
Pravesh Gaonjur
Pravesh Gaonjur
Founder and Executive Director of TYLERS
Information Security Consultant
Certified Ethical Hacker (CEHv8Beta)
Certified ISO27001 Lead Auditor
Certified Information Security Manager (CISM)
CISM Director at ISACA Mauritius Chapter
Part Time Academic at UTM & CDAC
Publisher of IEEE papers in Information Security
AGENDA
What is a Penetration Test
Overview of how it works
Defining the Pentest Scope
Types of Penetration Tests
Difference between Penetration Test and
Vulnerability Assessment
What should the final report contain?
Tools
What is a Penetration Test
Penetration test is an evaluation method to
asses computers, systems or networks
vulnerabilities and exploit them in order to
measure the impact of the flaws to the system
under testing
Know ‘the enemy’ before identifying the ‘evil’
Think like ‘the evil’
Overview of how it works
1. Planning and Preparation
2. Information Gathering and Analysis
3. Vulnerability Detection
4. Penetration Attempt
5. Analysis and Reporting
1. Planning and Preparation
Defining Pentest Scope
Non-Destructive Test
Destructive Test
Types of Environment
Wireless
DMZ
Dial-in etc..
Types of Pentest
Black Box Approach
Pen tester has no previous knowledge of the
remote network
Only the company name or the IP address is
known
Simulation of a real world hacking by a hacker
Types of Pentest
White Box Approach
Pen tester provided with significant knowledge of
the remote network
Type of network devices (i.e. Cisco gear, TCP/IP),
WebServer details (i.e., Apache/*nix or
Apache/Win2k),
Grey Box Approach
Partial knowledge of the network
2. Information Gathering and
Analysis
Information Gathering
This is the first step for any remote host
Penetration Testing.
Expected Results:
Zone Transfer Information
Domain Registration Information
Email IDs
IP Addresses Range
Footprinting/Fingerprinting
In this step, information like WebServer and OS
type running on remote host are gathered to
further precise the attack.
Expected Results:
Remote server OS type
Remote server web-server type
Applications running on remote server
Network Surveying/Mapping
A network survey serves often as an introduction to
the systems to be tested. It is best defined as a
combination of data collection, information
gathering, and policy control.
Expected Results:
Firewall / Routers / IDS Discovery
Possible Local Network / Subnet Discovery
IP Addresses Range
Network Topology Mapping
ISP information
Port Scanning and
Services Identification
Port scanning is the invasive probing of system
ports on the transport and network level.
Expected Results:
Open, closed or filtered ports
Services Identification
Evading Firewall rules
In this phase, firewall evasion techniques are
used to bypass firewall rules. This can further
help in port scanning, remote host detection
and remote network discovery.
Expected Results:
Mapping of firewall configuration rules
Partial Access to devices behind the firewall
3. Vulnerability Detection
Vulnerability Scanning
Identifying, understanding, and verifying the
weaknesses, misconfigurations and
vulnerabilities associated with remote host.
Expected Results:
List of vulnerabilities associated with each remote
services
List of possible denial of service vulnerabilities
Possible misconfiguration on the remote server
4. Penetration Attempt
Exploiting Vulnerabilities
This is the most important phase of penetration
testing.
Expected Results:
Gaining Access to the system
Retrieving hidden information
Domain Hijacking
Spamming Mail Servers
Access to restricted / confidential information
Control over web configuration
Can also leads to gaining access over other servers
Brute Force/Password Cracking
Password cracking is the process of validating
password strength through brute force
attempts.
Expected Results:
List of user login IDs or passwords
List of authentication PINs or Password
Denial of Service (DoS)
Denial of Service (DoS) is a situation where the
applications or services running over the remote
system stops functioning and prevents
authenticated network users or devices to
access it.
Expected Results:
Disruption of Services
List of other possible DoS
Privilege Escalation
It is the final stage of the remote host hacking
where the attacker gains complete control over
the remote system.
Expected Results:
Gain administrator / Super User rights
Gain privilege to retrieve or modify confidential
data
Gain control over server configuration
Gain Control over other servers attached to it
5. Analysis and Reporting
Contents of the Report
Executive Summary
Briefing on the type of test performed
A pie graph displaying the vulnerabilities in terms of
percentage of high, low & medium
Risk Matrix
Quantifying the vulnerabilities and showing the high,
low & medium in a tabular format
Giving a brief of the vulnerabilities found
Proof of Concepts (POC)
Giving a detail description with the screenshots and
logs of the vulnerabilities found and exploited.
Contents of the Report
Remedies and Workarounds
Providing customized remedies and workarounds
for the vulnerabilities found
Best practices
Suggesting best practices for the configurations
for the device or services
Final Summary
Must contain a brief on the overall vulnerability
factor found for the remote device
Difference between Pentest and VA
Vulnerability Assessment
Only scan for Vulnerabilities
Using Automated tools
Penetration Test
Scan for Vulnerabilities
Automated and manual Analysis
Exploits
Technical and Non-Technical Attacks
Some tools for Pentesting
Automated Exploiting Tools
Metasploit Framework, Core Impact, Canvas
Password Cracking / Brute Forcing Tools
John the ripper, L0phtcrack, MD5 Crack, SQL
Bruteforce, CISCO Password
decryptor, SolarWinds Network Password Decryptor,
Cain & Abel, THC-Hydra, BRUTUS etc.
Sniffers
Ethereal, Ettercap, Dsniff, Hunt
Some tools for Pentesting
Denial of Service (DoS) Tools
HPING & openly available DoS exploits (Zero-Day and
Others)
Exploits Used
Both customized and publicly available exploits (ZeroDays and Others) and
sometimes exploits are coded depending upon the
requirements
Tools Kit
Knoppix-STD, PHLAK, Auditor Security Collection etc.
Questions?
Thank you for your
attention!
Related documents
Web Security: Deep Dive
Web Security: Deep Dive
Penetration Testing
Penetration Testing
10 General Security Rules
10 General Security Rules
Vendor security questions
Vendor security questions
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Lecture0 INT245
Lecture0 INT245
Executive Level Security Caliber Security Partners is a different kind
Executive Level Security Caliber Security Partners is a different kind
John Wallace MegaCorp Pen Test Report
John Wallace MegaCorp Pen Test Report
Penetration Testing and Forensic Audits
Penetration Testing and Forensic Audits
An extended misuse case notation
An extended misuse case notation
Abstract
Abstract
The Art of Penetration Testing
The Art of Penetration Testing
Download
advertisement