SlideShare une entreprise Scribd logo

Penetration testing, What’s this?

Télécharger en tant que PPT, PDF
Dmitry Evteev
Dmitry Evteev
Technologie
1  sur  25
Penetration testing What’s this? Dmitry Evteev ( Positive Technologies)
Penetration testing internals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Abilities Protection mechanism N … X Incident management Some activities were detected but not identified as an attack . 2 Protection mechanism N … X
Aims ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Approaches ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Real attack VS penetration testing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Instruments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
web application security problem ,[object Object]
Pentest example: web applications ,[object Object],web server auditor working station Check 1 Check N Vulnerability is detected ,[object Object],[object Object],Vulnerability is detected ,[object Object],[object Object],[object Object]
Weak password problem ,[object Object],[object Object],(coincide with login)
Pentest example: Password bruteforce ( defaults ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Pentest example: Hello, Pavlik :) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The problem of access control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The problem of access control ,[object Object],[object Object],[object Object],[object Object]
Pentest example: Use of vulnerabilities ,[object Object]
Pentest example: Privilege Extension in Active Directory ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Pentest example: Security analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Pentest example: Security analysis
Pentest example: Wireless networks
Pentest example: Assessment of awareness program efficiency ,[object Object],[object Object],[object Object],[object Object],[object Object]
Pentest example: Example of a set of checks Note description Attack Monitored events A note from authority with attached executable file . Spread of network worms . System infection with Trojan horse . Open the mailbox . Execute the attached file . A note from internal person with link to web site . The link points to an executable file . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Load file from w eb server . Execute the file . A note from authority with link to web site . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Follow the link .
Pentest example: Assessment of awareness program effeciency Users that follow the link (only 1 pentest) Users that follow the link (regular pentest)
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for your attention ! Any questions? [email_address] http://devteev.blogspot.com/

Recommandé

DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Priyanka Aash
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
DevOps.com
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
Sunny Neo
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application Security
Chong-Kuan Chen
 

Recommandé

DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Priyanka Aash
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
DevOps.com
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
Sunny Neo
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application Security
Chong-Kuan Chen
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
Andrew McNicol
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat Security Conference
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
Chong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Priyanka Aash
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
Andrew McNicol
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
Andrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
Andrew McNicol
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
NotSoSecure Global Services
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 

Contenu connexe

Tendances

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat Security Conference
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
Chong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 

Tendances (20)

THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 

En vedette

Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
Keith G. Tidball
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51
Doree Garcia, CCNA, OSWP
 

En vedette (20)

Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Segurança no Desenvolvimento de Software
Segurança no Desenvolvimento de SoftwareSegurança no Desenvolvimento de Software
Segurança no Desenvolvimento de Software
 
2016 10 pt kz качалин
2016 10 pt kz качалин2016 10 pt kz качалин
2016 10 pt kz качалин
 
Современные российские средства защиты информации
Современные российские средства защиты информацииСовременные российские средства защиты информации
Современные российские средства защиты информации
 
Биография сетевого периметра в картинках
Биография сетевого периметра в картинкахБиография сетевого периметра в картинках
Биография сетевого периметра в картинках
 
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
Positive Technologies. Григорий Тимофеев. "Позитивные технологии обеспечения ИБ"
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Сравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФСравнение ТОП 5 SIEM РФ
Сравнение ТОП 5 SIEM РФ
 
Oss tmm
Oss tmmOss tmm
Oss tmm
 
OSS TMM
OSS TMMOSS TMM
OSS TMM
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
 
11. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber5111. wireless-penetration-testing-training-cyber51
11. wireless-penetration-testing-training-cyber51
 

Similaire à Penetration testing, What’s this?

Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
Novetta
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
Todd Deshane
 

Similaire à Penetration testing, What’s this? (20)

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Windows network
Windows networkWindows network
Windows network
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 

Plus de Dmitry Evteev

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
Dmitry Evteev
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
Dmitry Evteev
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
Dmitry Evteev
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
Dmitry Evteev
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
Dmitry Evteev
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
Dmitry Evteev
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
Dmitry Evteev
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
Dmitry Evteev
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
Dmitry Evteev
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
Dmitry Evteev
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
Dmitry Evteev
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
Dmitry Evteev
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
Dmitry Evteev
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
Dmitry Evteev
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
Dmitry Evteev
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
Dmitry Evteev
 

Plus de Dmitry Evteev (20)

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
 
penetest VS. APT
penetest VS. APTpenetest VS. APT
penetest VS. APT
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложений
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Penetration testing, What’s this?

  • 1. Penetration testing What’s this? Dmitry Evteev ( Positive Technologies)
  • 2.
  • 3.
  • 4. Abilities Protection mechanism N … X Incident management Some activities were detected but not identified as an attack . 2 Protection mechanism N … X
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 20. Pentest example: Wireless networks
  • 21.
  • 22. Pentest example: Example of a set of checks Note description Attack Monitored events A note from authority with attached executable file . Spread of network worms . System infection with Trojan horse . Open the mailbox . Execute the attached file . A note from internal person with link to web site . The link points to an executable file . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Load file from w eb server . Execute the file . A note from authority with link to web site . Fishing attacks . Spread of network worms . System infection with Trojan horse . Attacks through software vulnerabilities . Open the mailbox . Follow the link .
  • 23. Pentest example: Assessment of awareness program effeciency Users that follow the link (only 1 pentest) Users that follow the link (regular pentest)
  • 24.
  • 25. Thank you for your attention ! Any questions? [email_address] http://devteev.blogspot.com/

Notes de l'éditeur

  1. Легенда: English alphabet characters in lower case, figures and special suymbols Other symbols