Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (18)
Similaire à What is pentest
Similaire à What is pentest (20)
Dernier
Dernier (20)
What is pentest
- 1. WTF IS PENETRATION TESTING? AN OVERVIEW OF WHO, WHAT, WHERE, WHEN, AND WHY AKHIL..
- 2. Presentation Overview • WHAT IS A “PEN TEST”? • WHY DO COMPANIES “PEN TEST”? • WHO DOES “PEN TESTING”? • WHAT SKILLS ARE REQUIRED? ‒NON TECHNICAL SKILLSET ‒BASIC TECHNICAL SKILLSET ‒OFFENSIVE AND DEFENSIVE KNOWLEDGE • WHAT ARE SOME COMMON TOOLS? • PEN TESTING AS A CAREER• ATTACK DEMO: SQL INJECT WORLD • QUESTIONS
- 3. What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocolswith the intent of identifying vulnerabilities from the perspective of an unprivileged or anonymous user to determine the real-world impact…” “…legally and under contract”
- 4. Why do Companies Pen Test?• Compliance Requirements Validate Existing Controls Identify Unknown Security Gaps Prioritize Existing Security Initiatives Prevent Data Breaches Test IDS / IPS / IRP
- 5. What are the Technical Objectives? Client specific objectives first Identify and verify all entry points Identify critical escalation points Gain unauthorized access to: ‒Application functionality ‒Critical systems ‒Sensitive data
- 6. Assessment VS. Penetration• : Vulnerability Assessment and Penetration Testing Answer: -What are my system layer vulnerabilities? ‒Where are my system layer vulnerabilities? ‒How wide spread are my system layer vulnerabilities? ‒Can I identify attacks? ‒How do I fix my vulnerabilities?
- 7. Assessment VS. Penetration Penetration Testing Answers: ‒What are my high impact network layer issues? ‒What are my high impact application layer issues? ‒Can an attacker gain unauthorized access to: • critical infrastructure that provides privileged access or cause service disruptions • critical application functionality that the business depends on • sensitive data that the business would be required to report on if a breach occurs ‒Can an attacker bypass our IPS / WAF?‒Can an attacker pivot from environment A to environment B?
- 8. Common Penetration Test Approach • Kickoff: Scope, cost, testing windows, risks etc • Information Gathering • Vulnerability Enumeration • Penetration • Escalation • Evidence Gathering (Pilfering) • Clean up • Report Creation • Report Delivery and Review • Remediation
- 9. Rules of Engagement Have fun, but…Hack Responsibly! Written permission Stay in scope No DoS Don’t change major state Restore state Clear communication
- 10. What Skills are Needed? Non Technical Basic Technical Offensive Defensive Common Tools
- 11. Non Technical Skillset Written and Verbal Communications Emails/phone calls Report development Small and large group presentations Professionalism Respecting others, setting, and meeting expectations Troubleshooting Mindset Never give up, never surrender Where there is a will, there is a way Ethics Don’t do bad things Pros (career) vs. Cons (jail) Hack responsibly
- 12. Basic Technical Skillset Windows Desktop Administration Windows Domain Administration Linux and Unix Administration Network Infrastructure Administration Application Development Scripting (Ruby, Python, PHP, Bash, PS, Batch) Managed languages (.Net, Java, Davlik) Unmanaged languages (C, C++)
- 13. Offensive and Defensive Knowledge System enumeration and service fingerprinting Linux system exploitation and escalation Windows system exploitation and escalation Network system exploitation and escalation Protocol exploitation Web application exploitation (OWASP) Reverse engineering client-server applications + AV Evasion Social engineering techniques (onsite, phone, email)
- 14. Common Tools• Knowledge > Tools Understand the core technologies Understand the core offensive techniques Understand the core defensive techniques Network Penetration Testing BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS,NEXPOSE, WCE, MIMIKATZ, AirCrack-ng,METASPLOIT… and NATIVE TOOLS! Application Penetration Testing BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQLNinja, and BEEF…. and commercial tools
- 15. Pen Testing as a Career: Common Paths Internal Paths Help Desk IT Support IT Admin Security Analyst Senior Security Analyst Internal Consultant CISO Security Consulting Paths Internship Consultant• Senior Consultant Principle Consultant Team Lead Director Security >Consultants often end up in malware research or exploit development, but some go corporate. >Internal employees often stay internal.
- 16. BE SAFE and HACK RESPONSIBLYQuestions,comments, curses?