SlideShare une entreprise Scribd logo

DerbyCon - APT2

Télécharger en tant que PPTX, PDF
A
Adam Compton

DerbyCon - APT2

Internet
1  sur  39
Automated PenTest Toolkit Adam Compton, Senior Security Consultant Austin Lane, Security Consultant
Who Am I? • Adam in 5 words: • Father 5 years • Husband 16 years • Hillbilly 39 years • Pentester 15+ years • Programmer 20+ years Automated Pentest Toolkit
Who Am I? • Austin Lane: • Developer 7 years • Security 4 years • Metalhead for life Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. Recon & Discovery Test Simple Services Test Default Creds Common Exploits Dump Creds/Info Pivot & Continue Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. • So we wrote a tool to help with the automation. Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … • … • Take over the DC/database/etc.. Automated Pentest Toolkit
If it is not broken… • Repeatability • Consistency • Can be tedious and slow • Manually parsing through data can be prone to error • Automation can help Automated Pentest Toolkit
Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource / cheap Automated Pentest Toolkit
Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource CONS • Can be fairly resource intensive • Can be expensive • How easy to add a new check/tool? Automated Pentest Toolkit
Automation via Scripting • Kali already has LOTS of popular tools and scripts • Automation methods: • Bash • Python (or scripting language of choice) • Metasploit RPC Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events • Runs until event queue is empty Automated Pentest Toolkit
How Does This Help? • Multi-threaded event queue is fast. • Simple to create new modules for nearly any tool/script. • Ready to go: • Get Kali (or your favorite distro & tools) • Clone the repo Automated Pentest Toolkit
So, What Can It Do? • Identify services & operating systems • Screenshot web applications, X11, VNC, … • Analyze FTP and file shares • Brute force accounts • Run Metasploit modules • Compile hashes -> John the Ripper/HashCat • “ls /usr/share” – If it is listed here, a module can probably be made for it Automated Pentest Toolkit
Anatomy of a Module • Inherit from base module (typically ActionModule) • Has standard properties: • Name • Description • Requirements – Which tools need to be installed? • Trigger – Which event does this module listen for? • Safety Level – Scale of 1 – 5 (5 = safe, 1 = dangerous) • ”process()” is the primary method Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend • Nonstandard ports and service names may throw off modules Automated Pentest Toolkit
Some numbers… • 30 servers with FTP Automated Pentest Toolkit
Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server Automated Pentest Toolkit
Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server • 5 minutes to check all of them Automated Pentest Toolkit
Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server • 5 minutes to check all of them • APT2 – ~1 second per server, done in 40* seconds • *Assuming ideal conditions Automated Pentest Toolkit
Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” Automated Pentest Toolkit
Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu Automated Pentest Toolkit
Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu • Now repeat for each service! Automated Pentest Toolkit
Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu • Now repeat for each service! • APT2 removes the baseline time Automated Pentest Toolkit
Demo Time Automated Pentest Toolkit
Development • Open source – Available on the Rapid7 Github account at https://www.github.com/MooseDojo/apt2 • Future plans • Import from more than just NMAP • Responder -> John the Ripper -> secretsdump.py (**partially there now**) • Lots more modules • Python 3 ? • Pretty Reports • ? Automated Pentest Toolkit
411 & Questions • Adam Compton • @tatanus • adam_compton@rapid7.com • adam.compton@gmail.com • Austin Lane • @capndan • austin_lane@rapid7.com • austin@coffeesec.com • https://www.github.com/MooseDojo/apt2 • QUESTIONS??? Automated Pentest Toolkit

Recommandé

SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2Adam Compton
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2Adam Compton
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashinfodox
 
BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheelsinfodox
 
Training – Going Async
Training – Going AsyncTraining – Going Async
Training – Going AsyncBetclic Everest Group Tech Team
 
PAC 2019 virtual Christoph NEUMÜLLER
PAC 2019 virtual Christoph NEUMÜLLERPAC 2019 virtual Christoph NEUMÜLLER
PAC 2019 virtual Christoph NEUMÜLLERNeotys
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 

Recommandé

SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2Adam Compton
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2Adam Compton
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Steelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashSteelcon 2015 - 0wning the internet of trash
Steelcon 2015 - 0wning the internet of trashinfodox
 
BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheelsinfodox
 
Training – Going Async
Training – Going AsyncTraining – Going Async
Training – Going AsyncBetclic Everest Group Tech Team
 
PAC 2019 virtual Christoph NEUMÜLLER
PAC 2019 virtual Christoph NEUMÜLLERPAC 2019 virtual Christoph NEUMÜLLER
PAC 2019 virtual Christoph NEUMÜLLERNeotys
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010idsecconf
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
 
Packers
PackersPackers
PackersAnge Albertini
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - JourneyVandana Verma
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Daniel Czerwonk
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journeyM.Syarifudin, ST, OSCP, OSWP
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Networking Architecture of Warframe
Networking Architecture of WarframeNetworking Architecture of Warframe
Networking Architecture of WarframeMaciej Siniło
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Pythoninfodox
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
Practical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgPractical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgSam Bowne
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceAlexandre Moneger
 
Logstash and friends
Logstash and friendsLogstash and friends
Logstash and friendsJulien Pivotto
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptorsn|u - The Open Security Community
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_monTomas Doran
 

Contenu connexe

Tendances

BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010idsecconf
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disastersinfodox
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Daniel Czerwonk
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Networking Architecture of Warframe
Networking Architecture of WarframeNetworking Architecture of Warframe
Networking Architecture of WarframeMaciej Siniło
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Pythoninfodox
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer gamesMaciej Siniło
 
Practical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgPractical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgSam Bowne
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceAlexandre Moneger
 

Tendances (20)

BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
Micro control idsecconf2010
Micro control idsecconf2010Micro control idsecconf2010
Micro control idsecconf2010
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
 
Packers
PackersPackers
Packers
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - Journey
 
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration DisastersBSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
BSides Edinburgh 2017 - TR-06FAIL and other CPE Configuration Disasters
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still fun
 
Networking Architecture of Warframe
Networking Architecture of WarframeNetworking Architecture of Warframe
Networking Architecture of Warframe
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
Debugging multiplayer games
Debugging multiplayer gamesDebugging multiplayer games
Debugging multiplayer games
 
Practical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgPractical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbg
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
NBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then iceNBTC#2 - Why instrumentation is cooler then ice
NBTC#2 - Why instrumentation is cooler then ice
 
Logstash and friends
Logstash and friendsLogstash and friends
Logstash and friends
 

Similaire à DerbyCon - APT2

Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_monTomas Doran
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwonThe basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwonKenneth Kwon
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Jose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Cooking a rabbit pie
Cooking a rabbit pieCooking a rabbit pie
Cooking a rabbit pieTomas Doran
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisBrendan Gregg
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Danny Mulligan
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersAndrew McNicol
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 

Similaire à DerbyCon - APT2 (20)

Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_mon
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwonThe basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Jose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release Pipeline
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
Cooking a rabbit pie
Cooking a rabbit pieCooking a rabbit pie
Cooking a rabbit pie
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrime
 
Monitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance AnalysisMonitorama 2015 Netflix Instance Analysis
Monitorama 2015 Netflix Instance Analysis
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
ethical Hack
ethical Hackethical Hack
ethical Hack
 
Wm4
Wm4Wm4
Wm4
 
Wm4
Wm4Wm4
Wm4
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 

Plus de Adam Compton

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a PentesterAdam Compton
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatAdam Compton
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest FailsAdam Compton
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest FailsAdam Compton
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsAdam Compton
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFailsAdam Compton
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsAdam Compton
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFailsAdam Compton
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsAdam Compton
 

Plus de Adam Compton (13)

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a Pentester
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White Meat
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest Fails
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFails
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFails
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
DerbyCon - Legion
DerbyCon - LegionDerbyCon - Legion
DerbyCon - Legion
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFails
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFails
 

Dernier

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 

Dernier (20)

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 

DerbyCon - APT2

  • 1. Automated PenTest Toolkit Adam Compton, Senior Security Consultant Austin Lane, Security Consultant
  • 2. Who Am I? • Adam in 5 words: • Father 5 years • Husband 16 years • Hillbilly 39 years • Pentester 15+ years • Programmer 20+ years Automated Pentest Toolkit
  • 3. Who Am I? • Austin Lane: • Developer 7 years • Security 4 years • Metalhead for life Automated Pentest Toolkit
  • 4. Overview • Penetration testing often begins with a simple routine. Recon & Discovery Test Simple Services Test Default Creds Common Exploits Dump Creds/Info Pivot & Continue Automated Pentest Toolkit
  • 5. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. Automated Pentest Toolkit
  • 6. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. Automated Pentest Toolkit
  • 7. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. • So we wrote a tool to help with the automation. Automated Pentest Toolkit
  • 8. Typical Pentest Routine • Run Nmap (or port scanner of choice) Automated Pentest Toolkit
  • 9. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... Automated Pentest Toolkit
  • 10. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … Automated Pentest Toolkit
  • 11. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … • … • Take over the DC/database/etc.. Automated Pentest Toolkit
  • 12. If it is not broken… • Repeatability • Consistency • Can be tedious and slow • Manually parsing through data can be prone to error • Automation can help Automated Pentest Toolkit
  • 13. Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource / cheap Automated Pentest Toolkit
  • 14. Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource CONS • Can be fairly resource intensive • Can be expensive • How easy to add a new check/tool? Automated Pentest Toolkit
  • 15. Automation via Scripting • Kali already has LOTS of popular tools and scripts • Automation methods: • Bash • Python (or scripting language of choice) • Metasploit RPC Automated Pentest Toolkit
  • 16. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase Automated Pentest Toolkit
  • 17. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output Automated Pentest Toolkit
  • 18. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services Automated Pentest Toolkit
  • 19. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks Automated Pentest Toolkit
  • 20. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events Automated Pentest Toolkit
  • 21. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events • Runs until event queue is empty Automated Pentest Toolkit
  • 22. How Does This Help? • Multi-threaded event queue is fast. • Simple to create new modules for nearly any tool/script. • Ready to go: • Get Kali (or your favorite distro & tools) • Clone the repo Automated Pentest Toolkit
  • 23. So, What Can It Do? • Identify services & operating systems • Screenshot web applications, X11, VNC, … • Analyze FTP and file shares • Brute force accounts • Run Metasploit modules • Compile hashes -> John the Ripper/HashCat • “ls /usr/share” – If it is listed here, a module can probably be made for it Automated Pentest Toolkit
  • 24. Anatomy of a Module • Inherit from base module (typically ActionModule) • Has standard properties: • Name • Description • Requirements – Which tools need to be installed? • Trigger – Which event does this module listen for? • Safety Level – Scale of 1 – 5 (5 = safe, 1 = dangerous) • ”process()” is the primary method Automated Pentest Toolkit
  • 25. Are There Limitations? • Tools need to be non-interactive Automated Pentest Toolkit
  • 26. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author Automated Pentest Toolkit
  • 27. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend Automated Pentest Toolkit
  • 28. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend • Nonstandard ports and service names may throw off modules Automated Pentest Toolkit
  • 29. Some numbers… • 30 servers with FTP Automated Pentest Toolkit
  • 30. Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server Automated Pentest Toolkit
  • 31. Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server • 5 minutes to check all of them Automated Pentest Toolkit
  • 32. Some numbers… • 30 servers with FTP • Manual testing: ~10 seconds per server • 5 minutes to check all of them • APT2 – ~1 second per server, done in 40* seconds • *Assuming ideal conditions Automated Pentest Toolkit
  • 33. Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” Automated Pentest Toolkit
  • 34. Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu Automated Pentest Toolkit
  • 35. Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu • Now repeat for each service! Automated Pentest Toolkit
  • 36. Let’s extrapolate! • Grab open ports from .gnmap, ~30 seconds • “grep 80/open scan.gnmap | cut –d ‘ ‘ –f 2 > iplist.txt” • Pick a tool for the service, ~30 seconds • EyeWitness, Nikto, SSLScan, etc. • Multiply if the tool only accepts 1 IP • +1 minute because you have to read the help menu • Now repeat for each service! • APT2 removes the baseline time Automated Pentest Toolkit
  • 38. Development • Open source – Available on the Rapid7 Github account at https://www.github.com/MooseDojo/apt2 • Future plans • Import from more than just NMAP • Responder -> John the Ripper -> secretsdump.py (**partially there now**) • Lots more modules • Python 3 ? • Pretty Reports • ? Automated Pentest Toolkit
  • 39. 411 & Questions • Adam Compton • @tatanus • adam_compton@rapid7.com • adam.compton@gmail.com • Austin Lane • @capndan • austin_lane@rapid7.com • austin@coffeesec.com • https://www.github.com/MooseDojo/apt2 • QUESTIONS??? Automated Pentest Toolkit