End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… ...

13
ANATOMY OF A WEB PEN TEST End-to-End Methodology

TAGS:

Transcript of End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… ...

Page 1: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

ANATOMY OF A WEB PEN TEST

End-to-End Methodology

Page 2: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Testing Phases

Reconnaissance Mapping Discovery Exploitation Repeat… Report

Page 3: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Reconnaissance

Whois records Architecture diagrams IPs and Hostnames DNS information Google Searches Social Networks Blogs and Other Web Sites

Page 4: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Whois[laa@lobo ~]$ whois generalstatics.com[Querying whois.verisign-grs.com]domain: generalstatics.comowner: Neale Pickettorganization: WoozleWorksemail: [email protected]: 2175 35th Stcity: Los Alamosstate: NMpostal-code: 87544country: USphone: +1.5055004666admin-c: CCOM-411473 [email protected]: CCOM-411473 [email protected]: CCOM-411473 [email protected]: ns1.afraid.org

contact-hdl: CCOM-411473person: Neale Pickettorganization: WoozleWorksemail: [email protected]: 2175 35th Stcity: Los Alamosstate: NMpostal-code: 87544country: USphone: +1.5055004666

source: joker.com live whois service

Page 5: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Architecture Diagram

Page 6: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Mapping Port scans Version Checking OS Fingerprinting Spidering Pieces/flow of the application

User/admin/public areasLogin screensConfiguration and ManagementSession identifiers

Learning the various components that make up a web application

Page 7: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Network Scan

Page 8: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Discovery

Focus is on finding issues User interfaces Information leakage Authentication systems Error messages Some exploitation will happen as part of

this stepDirectory browsing

Page 9: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Directory Browsing

Page 10: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Exploitation

Attacking the flaws in an applicationInjectionXSSAuthentication/Authorization bypass

Determine implications of an attackWhat can happen as a result…

What other parts of the application infrastructure are exposed through the attack?

Page 11: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Repeat…

Some knowledge of the application may be gained that wasn’t found in the Recon, Mapping, or Discovery phases

Jump back into the workflow, utilizing the newly discovered information

Page 12: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Reporting Documentation for Reporting is collected

during all phases Executive Summary

Appears first, but written lastAudience is management

IntroductionScope, objectives, personnel

MethodologyStep-by-step, including tools usedSufficient detail to allow verification and repeat of

test

Page 13: End-to-End Methodology. Testing Phases Reconnaissance Mapping Discovery Exploitation Repeat… Report.

Reporting (2)

FindingsCategorized according to riskInclude recommendations

ConclusionsShort summaryLike Executive Summary, but audience is

technical Appendix

Permission memo, data discovered, tools outputs


Reconnaissance vs. Enumeration - WordPress.com...Reconnaissance vs. Enumeration Both are involved in preliminary data collection, but each is unique Reconnaissance Passively engages

Reconnaissance vs. Enumeration - WordPress.com...Reconnaissance vs. Enumeration Both are involved in preliminary data collection, but each is unique Reconnaissance Passively engages

MENDON RECONNAISSANCE REPORT

MENDON RECONNAISSANCE REPORT

Location and reconnaissance

Location and reconnaissance

190312 Sergej Epp AI Ready Go submission...Reconnaissance Weaponization and Delivery Exploitation Command and Control Lateral Movement Installation Actions on the Objective Automated

190312 Sergej Epp AI Ready Go submission...Reconnaissance Weaponization and Delivery Exploitation Command and Control Lateral Movement Installation Actions on the Objective Automated

Reconnaissance Weaponization Delivery Exploitation Installation … · 2019-03-05 · 5 USE CASE Figure 4 – Suspicious Modules Running on ACER-PC RSA NetWitness Endpoint also provides

Reconnaissance Weaponization Delivery Exploitation Installation … · 2019-03-05 · 5 USE CASE Figure 4 – Suspicious Modules Running on ACER-PC RSA NetWitness Endpoint also provides

WP6 “Dissemination, Standards and Exploitation Konstantinos … · 2020-05-03 · End to End network slicing that include the ground and space segment offering Virtual Satellite

WP6 “Dissemination, Standards and Exploitation Konstantinos … · 2020-05-03 · End to End network slicing that include the ground and space segment offering Virtual Satellite

Program Executive Officer (Acting)...Integrated Survey Program (ISP) Program Executive Office Special Reconnaissance, Surveillance, and Exploitation UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED

Program Executive Officer (Acting)...Integrated Survey Program (ISP) Program Executive Office Special Reconnaissance, Surveillance, and Exploitation UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED

32nd TACTICAL RECONNAISSANCE SQUADRON (PHOTOGRAPHIC) TACTICAL... · 32nd TACTICAL RECONNAISSANCE SQUADRON (PHOTOGRAPHIC) LINEAGE 45th Reconnaissance Squadron (Fighter) constituted,

32nd TACTICAL RECONNAISSANCE SQUADRON (PHOTOGRAPHIC) TACTICAL... · 32nd TACTICAL RECONNAISSANCE SQUADRON (PHOTOGRAPHIC) LINEAGE 45th Reconnaissance Squadron (Fighter) constituted,

RECONNAISSANCE pamphlet.pdfMARINE CORPS RECONNAISSANCE MARINE CORPS RECONNAISSANCE Entry level: ... The Basic Reconnaissance Preparation Workout Guide is one example of a 10

RECONNAISSANCE pamphlet.pdfMARINE CORPS RECONNAISSANCE MARINE CORPS RECONNAISSANCE Entry level: ... The Basic Reconnaissance Preparation Workout Guide is one example of a 10

The Lunar Reconnaissance Orbiter Diviner Lunar Radiometer ... · PDF fileThe Lunar Reconnaissance Orbiter Diviner Lunar Radiometer Experiment ... The Lunar Reconnaissance Orbiter Diviner

The Lunar Reconnaissance Orbiter Diviner Lunar Radiometer ... · PDF fileThe Lunar Reconnaissance Orbiter Diviner Lunar Radiometer Experiment ... The Lunar Reconnaissance Orbiter Diviner

Rome Research Corporation Richard R. Petroski · 2011. 5. 14. · RADC-TR-830-400Jnay91LEVELYZ -t, Final Technical Report January 1981I! RECONNAISSANCE SENSOR 0 SYSTEM EXPLOITATION

Rome Research Corporation Richard R. Petroski · 2011. 5. 14. · RADC-TR-830-400Jnay91LEVELYZ -t, Final Technical Report January 1981I! RECONNAISSANCE SENSOR 0 SYSTEM EXPLOITATION

DANVERS RECONNAISSANCE REPORT

DANVERS RECONNAISSANCE REPORT

Reconnaissance pp

Reconnaissance pp

PENTESTING - Kroll Inc....- Having Domain-Admin-level in the domain you are: - Not having Domain-Admin-level on the current domain: Reconnaissance + Exploitation (and always depending

PENTESTING - Kroll Inc....- Having Domain-Admin-level in the domain you are: - Not having Domain-Admin-level on the current domain: Reconnaissance + Exploitation (and always depending

RECONNAISSANCE FOR URANIUM-BEARING CARBONACEOUS MATERIALS ... · reconnaissance for uranium-bearing carbonaceous materials ... (2), and kolob terrace (3). reconnaissance for uranium-bearing

RECONNAISSANCE FOR URANIUM-BEARING CARBONACEOUS MATERIALS ... · reconnaissance for uranium-bearing carbonaceous materials ... (2), and kolob terrace (3). reconnaissance for uranium-bearing

Location reconnaissance

Location reconnaissance

Overexploitation Tokyo Tuna Market. Types of Overexploitation Commercial exploitation Subsistence exploitation Recreational exploitation Incidental exploitation.

Overexploitation Tokyo Tuna Market. Types of Overexploitation Commercial exploitation Subsistence exploitation Recreational exploitation Incidental exploitation.

HACKING UK TRIDENT - Cryptome · reconnaissance, enumeration and vulnerability scanning, weaponization (acquisition and preparation of tools), exploitation (including zero-day exploitation)

HACKING UK TRIDENT - Cryptome · reconnaissance, enumeration and vulnerability scanning, weaponization (acquisition and preparation of tools), exploitation (including zero-day exploitation)

MARBLEHEAD RECONNAISSANCE REPORT

MARBLEHEAD RECONNAISSANCE REPORT

Network Reconnaissance Infographic

Network Reconnaissance Infographic