SlideShare une entreprise Scribd logo

Pen test for sys admin

S
sussurro
Technologie
1  sur  14
Télécharger pour lire hors ligne
Penetration Testing for System Administrators Sept 13, 2010 ryan Linn NCSA Meeting Thursday, September 23, 2010
Agenda • Introduction • Description of Penetration Testing • Overview of Process • Walkthrough of Common Tasks • Questions/Closing Thursday, September 23, 2010
Introduction • Information Security Engineer at SAS • Columnist at EthicalHacker.net • Contributed code to Metasploit, Browser Exploitation Framework (BeEF), and Nikto • Spoken at numerous regional and national security conferences Thursday, September 23, 2010
Description of Pen Testing • Means different things to different people • Find vulnerabilities and stop • Find vulnerabilities and verify • Find vulnerabilities and see how far you can get • For today: Find vulnerabilities and verify Thursday, September 23, 2010
Overview of Process • Recon • Discovery/Scanning • Enumeration • Exploitation Thursday, September 23, 2010
Recon • Non Invasive • Whois • Google • Basic DNS Queries Thursday, September 23, 2010
Discovery/Scanning • Port Scans • In-depth DNS queries • Vulnerability Scanning • OS Identification Thursday, September 23, 2010
Enumeration • SMB enumeration • Oracle DB Enumeration • User enumeration Thursday, September 23, 2010
Exploitation • Leverage information gathered • Verify vulnerability information • Possibly go back to gather more information if successful Thursday, September 23, 2010
Walkthroughs • Recon • Scanning • Exploitation Thursday, September 23, 2010
Scanning • Nmap Scans • Port/Service/OS Identification • Nessus/OpenVAS • Vulnerability Scanner • Safe Checks/Unsafe Checks Thursday, September 23, 2010
Exploitation/ Verification • Metasploit • Penetration Testing Framework • Aids in Exploit Development • Exploitation of Vulnerability • Also has scanning capability Thursday, September 23, 2010
Docs/Training • SANS Sec504 : Incident Handling • SANS Sec580: Metasploit Kung Fu for Enterprise Pen Testing • http://www.offensive-security.com/ metasploit-unleashed • http://www.EthicalHacker.net Thursday, September 23, 2010
Questions? • Contact Info: • Twitter: @sussurro • Blog: blog.happypacket.net • http://www.ethicalhacker.net Thursday, September 23, 2010

Recommandé

OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发
leneli
 
SLT Times Single Stock Futures
SLT Times Single Stock FuturesSLT Times Single Stock Futures
SLT Times Single Stock Futures
nico9111
 
Ravi project
Ravi projectRavi project
Ravi project
gary6h
 
广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化
leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
Water molecules2
Water molecules2Water molecules2
Water molecules2
gary6h
 
D2-ETao-show
D2-ETao-showD2-ETao-show
D2-ETao-show
leneli
 
Conflict Management Style
Conflict Management StyleConflict Management Style
Conflict Management Style
Yvette Mong-Batar
 

Recommandé

OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发OPOA in Action -- 使用MagixJS简化WebAPP开发
OPOA in Action -- 使用MagixJS简化WebAPP开发
leneli
 
SLT Times Single Stock Futures
SLT Times Single Stock FuturesSLT Times Single Stock Futures
SLT Times Single Stock Futures
nico9111
 
Ravi project
Ravi projectRavi project
Ravi project
gary6h
 
广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化广告投放代码和创意代码持续优化
广告投放代码和创意代码持续优化
leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
Water molecules2
Water molecules2Water molecules2
Water molecules2
gary6h
 
D2-ETao-show
D2-ETao-showD2-ETao-show
D2-ETao-show
leneli
 
Conflict Management Style
Conflict Management StyleConflict Management Style
Conflict Management Style
Yvette Mong-Batar
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcement
cltipton
 
TBAD F2E 2010 review
TBAD F2E 2010 reviewTBAD F2E 2010 review
TBAD F2E 2010 review
leneli
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战
leneli
 
Zs social media
Zs social mediaZs social media
Zs social media
Wael Albassam
 
How ZI Created a Successful HR Framework
How ZI Created a Successful HR FrameworkHow ZI Created a Successful HR Framework
How ZI Created a Successful HR Framework
Wael Albassam
 
After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展
leneli
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发
leneli
 
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and ReportingMulti-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
sussurro
 
Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and process
Gábor Hojtsy
 
Oc Cloud Obscurity
Oc Cloud ObscurityOc Cloud Obscurity
Oc Cloud Obscurity
Skills Matter
 
Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everything
logicalstack
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & Touch
Tim Wright
 
Yet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRepYet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRep
Denish Patel
 
Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:
Development Seed
 
ScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs XboxScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs Xbox
davidsingleton
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
MongoDB is the new MySQL
MongoDB is the new MySQLMongoDB is the new MySQL
MongoDB is the new MySQL
radamanthus
 
20100423sage
20100423sage20100423sage
20100423sage
Jeff Hammerbacher
 
No sql findings
No sql findingsNo sql findings
No sql findings
Christian van der Leeden
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 

Contenu connexe

En vedette

Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcement
cltipton
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战
leneli
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发
leneli
 

En vedette (9)

Zs social media
Zs social mediaZs social media
Zs social media
 
Adoption Announcement
Adoption AnnouncementAdoption Announcement
Adoption Announcement
 
TBAD F2E 2010 review
TBAD F2E 2010 reviewTBAD F2E 2010 review
TBAD F2E 2010 review
 
第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战第三方广告代码稳定性和性能优化实战
第三方广告代码稳定性和性能优化实战
 
Zs social media
Zs social mediaZs social media
Zs social media
 
How ZI Created a Successful HR Framework
How ZI Created a Successful HR FrameworkHow ZI Created a Successful HR Framework
How ZI Created a Successful HR Framework
 
After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展After Yahoo 34 Rules -- 网站性能优化新进展
After Yahoo 34 Rules -- 网站性能优化新进展
 
使用kslite支持第三方内容开发
使用kslite支持第三方内容开发使用kslite支持第三方内容开发
使用kslite支持第三方内容开发
 
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and ReportingMulti-Player Metasploit: Tag Team Pen Testing and Reporting
Multi-Player Metasploit: Tag Team Pen Testing and Reporting
 

Similaire à Pen test for sys admin

Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everything
logicalstack
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & Touch
Tim Wright
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 

Similaire à Pen test for sys admin (11)

Drupal security - Configuration and process
Drupal security - Configuration and processDrupal security - Configuration and process
Drupal security - Configuration and process
 
Oc Cloud Obscurity
Oc Cloud ObscurityOc Cloud Obscurity
Oc Cloud Obscurity
 
Availability, the Cloud and Everything
Availability, the Cloud and EverythingAvailability, the Cloud and Everything
Availability, the Cloud and Everything
 
Mobile, Media & Touch
Mobile, Media & TouchMobile, Media & Touch
Mobile, Media & Touch
 
Yet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRepYet Another Replication Tool: RubyRep
Yet Another Replication Tool: RubyRep
 
Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:Drupal Distributions: The Dos and Don'ts:
Drupal Distributions: The Dos and Don'ts:
 
ScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs XboxScaleCamp 2009 - Last.fm vs Xbox
ScaleCamp 2009 - Last.fm vs Xbox
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
MongoDB is the new MySQL
MongoDB is the new MySQLMongoDB is the new MySQL
MongoDB is the new MySQL
 
20100423sage
20100423sage20100423sage
20100423sage
 
No sql findings
No sql findingsNo sql findings
No sql findings
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Pen test for sys admin

  • 1. Penetration Testing for System Administrators Sept 13, 2010 ryan Linn NCSA Meeting Thursday, September 23, 2010
  • 2. Agenda • Introduction • Description of Penetration Testing • Overview of Process • Walkthrough of Common Tasks • Questions/Closing Thursday, September 23, 2010
  • 3. Introduction • Information Security Engineer at SAS • Columnist at EthicalHacker.net • Contributed code to Metasploit, Browser Exploitation Framework (BeEF), and Nikto • Spoken at numerous regional and national security conferences Thursday, September 23, 2010
  • 4. Description of Pen Testing • Means different things to different people • Find vulnerabilities and stop • Find vulnerabilities and verify • Find vulnerabilities and see how far you can get • For today: Find vulnerabilities and verify Thursday, September 23, 2010
  • 5. Overview of Process • Recon • Discovery/Scanning • Enumeration • Exploitation Thursday, September 23, 2010
  • 6. Recon • Non Invasive • Whois • Google • Basic DNS Queries Thursday, September 23, 2010
  • 7. Discovery/Scanning • Port Scans • In-depth DNS queries • Vulnerability Scanning • OS Identification Thursday, September 23, 2010
  • 8. Enumeration • SMB enumeration • Oracle DB Enumeration • User enumeration Thursday, September 23, 2010
  • 9. Exploitation • Leverage information gathered • Verify vulnerability information • Possibly go back to gather more information if successful Thursday, September 23, 2010
  • 10. Walkthroughs • Recon • Scanning • Exploitation Thursday, September 23, 2010
  • 11. Scanning • Nmap Scans • Port/Service/OS Identification • Nessus/OpenVAS • Vulnerability Scanner • Safe Checks/Unsafe Checks Thursday, September 23, 2010
  • 12. Exploitation/ Verification • Metasploit • Penetration Testing Framework • Aids in Exploit Development • Exploitation of Vulnerability • Also has scanning capability Thursday, September 23, 2010
  • 13. Docs/Training • SANS Sec504 : Incident Handling • SANS Sec580: Metasploit Kung Fu for Enterprise Pen Testing • http://www.offensive-security.com/ metasploit-unleashed • http://www.EthicalHacker.net Thursday, September 23, 2010
  • 14. Questions? • Contact Info: • Twitter: @sussurro • Blog: blog.happypacket.net • http://www.ethicalhacker.net Thursday, September 23, 2010