SlideShare une entreprise Scribd logo

3-Tier Approach for a True Penetration Test

J
JoAnna Cheshire

Presented at InnoTech Oklahoma 2016. All rights reserved.

Technologie
1  sur  7
Télécharger pour lire hors ligne
WHY HAVE A PENETRATION TEST? • Get a Baseline for Security? • Discovery of a Vulnerability? • Secure your Environment? • 3rd Party Perspective? • Make the Auditors Leave you ALONE!? • Want to Get More?
DISCOVERY, RECOVERY AND INTELLIGENCE • LINKEDIN • CISO’S BACKGROUND, CEO BACKGROUND, SECURITY PERSONAL AND THEIR TALENT SKILLS • GOOGLE • FIND IP RANGES, NET WORTH, BUSINESS PARTNERS, KNOWN VULNERABILITIES • PASTE SITES • LEAKED USERNAMES AND PASSWORDS, VULNERABILITY CODE, LEAKED INTERNAL NETWORK INFORMATION • DARKWEB • RAT FOR SALE, LEAKED USERNAME AND PASSWORDS, BLACKMAIL MATERIAL, DARKWEB INTEL OF COMPANY • FORUM / LISTERV • DISCOVER / PURCHASE DATA TO SEE WHAT IS KNOWN ABOUT A COMPANY WITH SOCK PUPPET TECHNOLOGY TIER-1
SCANNING AND VULNERABILITIES Bad 58% Good 23% Okay 10% EH? 9% Awesome Pie Chart Bad Good Okay EH? • Why do We Scan the Environment? • Is one Scanner Good Enough? • Vulnerability is Found. Now What? • Not Practical. Single Scan Next Steps? • 30 Day - Return of the Hack. TIER-2
GETTING EXPOSED, EDUCATED WITH A TOUCH OF INICIDENT RESPONSE • Live Scenario! • We have Identified the Vulnerabilities. • How does a Vulnerability Translate into a Breach? • Does Your Team even known what the Breach would look like? • How do we Stop the Breach!? TIER-3
TAKEAWAYS • Why have a Penetration Test? • Discovery, Recovery and Intelligence. • Scanning and Vulnerabilities. • Exposed, Educate and Incident Response. • Get More from a Penetration Test.
THANK YOU Presented By: Donovan Farrow

Recommandé

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Avoid Rolling a Critical Fail
Avoid Rolling a Critical FailAvoid Rolling a Critical Fail
Avoid Rolling a Critical FailDomainTools
 
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialGoing LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialDr. Josie Ahlquist
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 
Beyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceBeyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceMike Reed
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat IntelligenceIndonesia Network Operators Group
 

Recommandé

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Avoid Rolling a Critical Fail
Avoid Rolling a Critical FailAvoid Rolling a Critical Fail
Avoid Rolling a Critical FailDomainTools
 
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialGoing LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialDr. Josie Ahlquist
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 
Beyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceBeyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceMike Reed
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat IntelligenceIndonesia Network Operators Group
 
tempat tidur termahal
tempat tidur termahaltempat tidur termahal
tempat tidur termahalsurabaya spring
 
Bibliografia
Bibliografia Bibliografia
Bibliografia rkemer_8
 
tempat tidur 2 in 1
tempat tidur 2 in 1tempat tidur 2 in 1
tempat tidur 2 in 1surabaya spring
 
EL SUEÑO
EL SUEÑOEL SUEÑO
EL SUEÑOrkemer_8
 
tempat tidur 5 kaki
tempat tidur 5 kakitempat tidur 5 kaki
tempat tidur 5 kakisurabaya spring
 
tempat tidur simple
tempat tidur simpletempat tidur simple
tempat tidur simplesurabaya spring
 
Integris speech telepractice november 2016
Integris speech telepractice november 2016Integris speech telepractice november 2016
Integris speech telepractice november 2016JoAnna Cheshire
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitariarkemer_8
 
tempat tidur quantum
tempat tidur quantumtempat tidur quantum
tempat tidur quantumsurabaya spring
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebralesrkemer_8
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)rkemer_8
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitaryarkemer_8
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonrkemer_8
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
2020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 92020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 9FRSecure
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Security audit
Security auditSecurity audit
Security auditNicholas Davis
 
Security Audit
Security AuditSecurity Audit
Security AuditNicholas Davis
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingEguardian Global Services
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 

Contenu connexe

En vedette

Bibliografia
Bibliografia Bibliografia
Bibliografia rkemer_8
 
Integris speech telepractice november 2016
Integris speech telepractice november 2016Integris speech telepractice november 2016
Integris speech telepractice november 2016JoAnna Cheshire
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitariarkemer_8
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebralesrkemer_8
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)rkemer_8
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitaryarkemer_8
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonrkemer_8
 

En vedette (13)

tempat tidur termahal
tempat tidur termahaltempat tidur termahal
tempat tidur termahal
 
Bibliografia
Bibliografia Bibliografia
Bibliografia
 
tempat tidur 2 in 1
tempat tidur 2 in 1tempat tidur 2 in 1
tempat tidur 2 in 1
 
EL SUEÑO
EL SUEÑOEL SUEÑO
EL SUEÑO
 
tempat tidur 5 kaki
tempat tidur 5 kakitempat tidur 5 kaki
tempat tidur 5 kaki
 
tempat tidur simple
tempat tidur simpletempat tidur simple
tempat tidur simple
 
Integris speech telepractice november 2016
Integris speech telepractice november 2016Integris speech telepractice november 2016
Integris speech telepractice november 2016
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitaria
 
tempat tidur quantum
tempat tidur quantumtempat tidur quantum
tempat tidur quantum
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebrales
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejon
 

Similaire à 3-Tier Approach for a True Penetration Test

Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
2020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 92020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 9FRSecure
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profitFlorent Batard
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Global CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipGlobal CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipEC-Council
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveDNIF
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea conInnismir
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Security is not a feature
Security is not a featureSecurity is not a feature
Security is not a featureElizabeth Smith
 

Similaire à 3-Tier Approach for a True Penetration Test (20)

Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
2020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 92020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 9
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
Security audit
Security auditSecurity audit
Security audit
 
Security Audit
Security AuditSecurity Audit
Security Audit
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Global CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipGlobal CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy Partnership
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspective
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea con
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 
Security is not a feature
Security is not a featureSecurity is not a feature
Security is not a feature
 

Plus de JoAnna Cheshire

The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration PlaybookJoAnna Cheshire
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint FrameworkJoAnna Cheshire
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuideJoAnna Cheshire
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveJoAnna Cheshire
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management JoAnna Cheshire
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search JoAnna Cheshire
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsJoAnna Cheshire
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flowJoAnna Cheshire
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flowJoAnna Cheshire
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition DilemmaJoAnna Cheshire
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itJoAnna Cheshire
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageJoAnna Cheshire
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreJoAnna Cheshire
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...JoAnna Cheshire
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandJoAnna Cheshire
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 

Plus de JoAnna Cheshire (20)

The Future of Work
The Future of WorkThe Future of Work
The Future of Work
 
Catching the Next Train
Catching the Next TrainCatching the Next Train
Catching the Next Train
 
The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration Playbook
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint Framework
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flow
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flow
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition Dilemma
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 

Dernier

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Dernier (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

3-Tier Approach for a True Penetration Test

  • 1.
  • 2. WHY HAVE A PENETRATION TEST? • Get a Baseline for Security? • Discovery of a Vulnerability? • Secure your Environment? • 3rd Party Perspective? • Make the Auditors Leave you ALONE!? • Want to Get More?
  • 3. DISCOVERY, RECOVERY AND INTELLIGENCE • LINKEDIN • CISO’S BACKGROUND, CEO BACKGROUND, SECURITY PERSONAL AND THEIR TALENT SKILLS • GOOGLE • FIND IP RANGES, NET WORTH, BUSINESS PARTNERS, KNOWN VULNERABILITIES • PASTE SITES • LEAKED USERNAMES AND PASSWORDS, VULNERABILITY CODE, LEAKED INTERNAL NETWORK INFORMATION • DARKWEB • RAT FOR SALE, LEAKED USERNAME AND PASSWORDS, BLACKMAIL MATERIAL, DARKWEB INTEL OF COMPANY • FORUM / LISTERV • DISCOVER / PURCHASE DATA TO SEE WHAT IS KNOWN ABOUT A COMPANY WITH SOCK PUPPET TECHNOLOGY TIER-1
  • 4. SCANNING AND VULNERABILITIES Bad 58% Good 23% Okay 10% EH? 9% Awesome Pie Chart Bad Good Okay EH? • Why do We Scan the Environment? • Is one Scanner Good Enough? • Vulnerability is Found. Now What? • Not Practical. Single Scan Next Steps? • 30 Day - Return of the Hack. TIER-2
  • 5. GETTING EXPOSED, EDUCATED WITH A TOUCH OF INICIDENT RESPONSE • Live Scenario! • We have Identified the Vulnerabilities. • How does a Vulnerability Translate into a Breach? • Does Your Team even known what the Breach would look like? • How do we Stop the Breach!? TIER-3
  • 6. TAKEAWAYS • Why have a Penetration Test? • Discovery, Recovery and Intelligence. • Scanning and Vulnerabilities. • Exposed, Educate and Incident Response. • Get More from a Penetration Test.