{ Kali Linux Pen testing to ensure your security.
-
Upload
edmund-singleton -
Category
Documents
-
view
225 -
download
0
Transcript of { Kali Linux Pen testing to ensure your security.
![Page 1: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/1.jpg)
{Kali Linux
Pen testing to ensure your security
![Page 2: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/2.jpg)
Penetration Testing Execution Standard (PTES)There are 7 stages of pen testing using the PTES. I
Pre-engagement Intelligence gathering Threat Modeling Vulnerability analysis Exploitation Post-Exploitation Reporting
Penetration Testing: The art of ethical hacking to find and fix vulnerabilities. http://www.pentest-standard.org/index.php/Main_Page
![Page 3: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/3.jpg)
The pre-engagement phase is a very important part of the Penetration test.
Neglecting to properly complete pre-engagement activities could potentially open the penetration tester to a number of issues including legal issues.
The objective of pre-engagement phase is to hash out the details of the testing, such as scope, priorities, how, what and when will the agreed upon systems be tested.
Pre-engagment phase
![Page 4: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/4.jpg)
Intelligence gathering is performing reconnaissance against a target.
There are different levels of information gathering
Level 1: compliance driven. Level 2: Best practice – using automated
tools to find physical location Level 3: Think state sponsored ;) More
advanced pen testing.
Information gathering
![Page 5: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/5.jpg)
Threat modeling is when you gather relevant documentation
Identify primary and secondary assets. Identify threats and categorize threats
and threat communities. Map the threats
Threat Modeling
![Page 6: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/6.jpg)
Vulnerability testing is the process of discovering flaws in systems and applications which can be leveraged by an attacker.
Flaws can range from host and service misconfiguration to insecure design.
Vulnerability Analysis
![Page 7: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/7.jpg)
The exploitation phase of penetration focuses solely on establishing access to a system or resource by bypassing security restrictions.
This should be completed successfully if the vulnerability analysis was properly completed.
Exploitation
![Page 8: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/8.jpg)
The purpose of post exploitation is to determine the value of the asset compromised and maintain control for later use.
Post Exploitation
![Page 9: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/9.jpg)
Reporting is typically broken down into two major sections in order to communicate the objectives, methods, and results of the testing conducted to various audiences.
Various reporting templates can be used. One of the most important parts of the
report is risk and ranking of vulnerabilities.
Reporting
![Page 10: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/10.jpg)
Kali Linux is a Debian-dervived Linux distribution specifically designed for penetration testing and digital forensics, it is a complete rebuild of backtrack.
Kali Linux comprises of more than 300 penetration tools that can be used advanced professionals for corporate security needs, it can also be used by new users individuals for personal network/computer security.
What is Kali
![Page 11: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/11.jpg)
It is maintained and financed by Offensive Security.
Offensive security offers certifications in Kali Linux which are held in high regard within the security community.
Kali Linux is developed in a secure environment, who use secure protocols.
Pen testers often need to do wireless assessments, Kali has the latest injection patches installed.
ALL Kali Linux packages are GPG signed by each individual developer who built and committed packages to the repositories.
Who made Kali? Can it be trusted?
![Page 12: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/12.jpg)
Kali Linux is FREE it will always be free!! Kali Linux has more than 300 penetration
testing tools; it is not a one trick pony. Kali Linux is customizable! Right down to
the kernel Kali Linux has a robust ARM support, this
makes it flexible in being able to install and run on devices such as raspberry pi, Galaxy note, and odroid u2/x2
Last and most certainly not least! It’s pretty awesome!
Why use Kali Linux
![Page 13: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/13.jpg)
In today’s ever connected world security breaches cost companies millions, and consumers their privacy through Identity theft.
It is everyone’s responsibility to be vigilant about security not just security professionals.
Kali Linux is a suite of security tools that can be utilized by professionals in corporate environments, as well as personal use for those proactive in cyber security.
So What?
![Page 14: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/14.jpg)
{
I’ve used Kali to exploit a faux corporations. I use a fully exploitable image containing SQL-Injection vulnerabilities, Web Application Vulnerabilities CGI-BIN File traversal and UNIX Buffer overflow vulnerability. I apply the 7 stages of penetration testing to find, exploit, fix and report using Kali Linux. The image was provided in a Deterlab environment.
Denise’s research
![Page 15: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/15.jpg)
When using Kali make sure to demonstrate and document.
My tool for finding, exploiting and documenting as if I were in a real corporate environment is Kali Linux.
The main vulnerabilities I will focus on are Buffer overflow – Kali offers reverse engineering
suite which I will use for this vulnerability. File traversal – I use different tools withhin Kali
Linux for the file traversal; finding, exploiting, documenting.
SQL Injection – finding the sql injection, I will also demonstrate transferring money to a moc account.
What I focused on in my Paper, and why Pen testing is so important
![Page 16: { Kali Linux Pen testing to ensure your security.](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e375503460f94b27061/html5/thumbnails/16.jpg)
Ali, S. Kali Linux: Assuring Security by Penetration Testing. S.l.: Packt Limited, 2014. Print.
Beggs, R. Mastering Kali Linux for Advanced Penetration Testing. S.I: Packt Limited, 2014.
"Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution." Kali Linux. N.p., n.d. Web. 11 Dec. 2014.
"Kali Linux." BlackMORE Ops. N.p., n.d. Web. 12 Dec. 2014.
"Behind the App: The Story of Kali Linux." Lifehacker. N.p., n.d. Web. 12 Dec. 2014.
References