Research Topic:Collaborative Penetration TestingCollaborative Penetration Testing

David HuemerDavid HuemerChristian Proschinger (Speaker) Severin Winkler

Introduction Raiffeisen InformatikDefinition Collaborative PenetrationDefinition Collaborative Penetration TestingMotivationP t tPrototypeFuture Work

Raiffeisen Informatik | 25.09.2008 | 2Collaborative Penetration Testing | public

Raiffeisen Informatik 2nd largest IT Service Provider in Austria

3000 S3000 Server20.000 Clients40.000 km NetworkIT Operations Software Solutions

520 TB Storage1 Mrd. Transactions/Year

Security Competence Center ZwettlDepartment of Raiffeisen InformatikWorking on security topicsResearch Cooperations

Outsourcing Client Management

Secure Business Austria

Raiffeisen Informatik | 25.09.2008 | 3Collaborative Penetration Testing | public

Security Services Output Services

Collaborative Penetration Testing[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Teambased Tests> 2 persons> 2 persons

Stronger specialisationLocal separation(partially) time separation(partially) time separationUsing timeshift of different timezones

Research AreasResearch AreasPenetration TestingComputer Supported Collaborative Work

Raiffeisen Informatik | 25.09.2008 | 4Collaborative Penetration Testing | public

Attack Cycle vs. Penetration Test[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

AttackInformation gatheringg gIdentification of vulnerabilitiesAttack itselfCovering tracksCovering tracks

DifferenceWorkshop with system ownerReporting

Raiffeisen Informatik | 25.09.2008 | 5Collaborative Penetration Testing | public

Quelle: ISSAF

Constraints of Penetration Testing[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

SnapshotM /Ti Li itMoney/Time LimitCollateral DamageAvailability

Test systemsOut of office hours

You are attacking to improve the defense

Raiffeisen Informatik | 25.09.2008 | 6Collaborative Penetration Testing | public

Development in Cybercrime[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Targeted AttacksDi i i f W kDivision of Work

Vulnerability ResearchBotnetsMalware as „Software as a Service“

Markets

Nearly no LimitationsMoneyTimeTime

Raiffeisen Informatik | 25.09.2008 | 7Collaborative Penetration Testing | public

Attack Vectors[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Possible Entry PointsSocial Engineeringphysical personal g gImplementation Errors in ApplicationsConfiguration Errors

p y pApplications

Configuration ErrorsDesign ErrorsAggregationInformation

Growing complexity of systems

T l i ti NetworkWireless

Telecommunication

Raiffeisen Informatik | 25.09.2008 | 8Collaborative Penetration Testing | public

Prototype[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Modular DesignIntegration of 3rd party open source toolsIntegration of 3rd party open source toolsFlexibilityP2P based

R ti E iReporting EngineSummary of the certain modul reports

Integrity CheckBetween results of modules

Basic workflow definition

Raiffeisen Informatik | 25.09.2008 | 9Collaborative Penetration Testing | public

Workflow Management[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Allocation of TasksFunctionalFunctional

SpecialistsInfrastructure

E IP RFinished

Planned Planned Planned

InProgressE.q. IP RangeProcess based

Reliability between modules

FinishedInProgress

Finished Finished InProgress Planned

Planned Planned Planned

Ad-Hoc WorkflowsStatic behaviour at macro level

Finished

Finished

InProgress

Finished Finished

InProgress Planned

New SubProcess

Dynamic aspects at micro levelLarge amount of small activities

Raiffeisen Informatik | 25.09.2008 | 10Collaborative Penetration Testing | public

Future Work[ ]SECUREBusiness Aust riaSecur ity Research for Business and Indust ry.

In Cooperation with

Implement support for different process modelsdifferent process modelsSupport for Ad-Hoc WorkflowsI l kImplement new attack patternsProof of efficiency and effectivity gain

Raiffeisen Informatik | 25.09.2008 | 11Collaborative Penetration Testing | public

Thank you for your attention!

Raiffeisen Informatik GmbHLilienbrunngasse 7-9 A-1020 Wien

T +43 1/99 3 99 - 0 F +43 1/99 3 99 - 1100 E info@r-it.at@

www.raiffeiseninformatik.at

Raiffeisen Informatik | 25.09.2008 | 12Collaborative Penetration Testing | public