8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

1/20

CODENAME: Samurai Skills

Course

Module 1: Solid Introduction to

Penetration TestingNinja-Sec.com

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

2/20

What is a Penetration Test?

A method of evaluating the security of a computer system or

network by simulating an attack from a malicious source that may

involve active exploitation of security vulnerabilities. The process

involves an active analysis of the system for any potentialvulnerabilities that may result from poor or improper system

configuration, known and/or unknown hardware or software flaws,

or operational weaknesses in process or technical

countermeasures.

Wow This Is a Nice Big Statement, but how do we define a serviceout of it?

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

3/20

Penetration Testing Services

Finding vulnerabilities in applications and protocols through custom

exploit development

A service where exploits and tools may need to be written on the fly

during the assessment.

Identifying and exploiting code and business logic insecurities in web

applications Tricking someone into divulging sensitive information

Testing the physical security protections of an organization

Cracking a network perimeter, exfiltration data and demonstrating

impact of successful penetrations.

Attempting to gain access to a system while evading securitymonitoring capabilities

Finding as many weaknesses in technical controls as quickly as possible

Simply validating findings identified during a vulnerability assessment

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

4/20

One CurrentApproach to Definitions

We sometimes define a penetration tests by

the level of knowledge the tester will have of

the infrastructure to be tested:

White Box: Full prior knowledge

Black Box: No knowledge

Grey Box or Crystal Box: Some variation inbetween

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

5/20

Another Current Approach to Definitions

A somewhat better approach is to define a penetration tests

by the technology and/or activity:

Network Services penetration test

Wireless Security penetration test Web Application penetration test

Social Engineering penetration test

Physical penetration test

Client Side penetration test Mobile Application Penetration test

etc.

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

6/20

Community Wide Efforts for Improving Competency

National Board of Information Security

Examiners (NBISE)

Council for Registered Ethical Security Testers

(CREST)

Penetration Testing Execution Standard (PTES)

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

7/20

Penetration Testing Overall Process

Reconnaissance

Scanning

Exploitation Reporting

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

8/20

What Are Penetration Testing Goals ?

Independently assess a system from the viewpoint of a

malicious attacker, whether a malicious insider or an

uninformed outsider.

determining business impact from a successful attack. Test information security detection and responsecapabilities in ways only an actual cyber-attack can.

Test a system with active exploitation tools and

techniques, validating both technical and non-technicalvulnerabilities.

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

9/20

What are Goals of this course?

we made our course to provide you with theability to conduct an effective hands on penetrationtest

we are focusing on medium level penetration test(NS|PT)

we have another course that focusing onAdvanced level penetration test (NS|APT)

we have a dedicated online penetration testinglabs that mimic REAL WORLD Penetration TestingScenarios

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

10/20

Vulnerability Assessment Vs. Penetration Testing

Both Are Different dont Mix!

Vulnerability Assessment : just find and report

Vulnerabilities in a system network with outtrying to exploit these vulnerabilities

Penetration Testing : Finding and Exploiting these

vulnerabilities and take advantage of them togoing deeper on system or network and gainmore power on system

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

11/20

Vulnerability Vs. Exploit

Vulnerabilityis a flaw or weakness in a system

that an attacker can exploit it to gain more

power on the system

Exploitis a piece of code or a technique that

can be used by an attacker to take advantage

of a vulnerability

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

12/20

Types of Vulnerabilities and Exploits

Vulnerabilities types :

Network Service Vulnerabilities

Web Application Vulnerabilities

Mobile Application Vulnerabilities

Local Service Vulnerabilities System Vulnerabilities

Human Vulnerabilities

Physical Vulnerabilities

Exploits Types :

Remote Exploit

Local Exploit

Dos Exploit

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

13/20

Exploits and tools sources for Penetration Testers

http://www.exploit-db.com

http://www.securityfocus.com

http://packetstormsecurity.org

http://www.exploit-db.com/http://www.securityfocus.com/http://packetstormsecurity.org/http://packetstormsecurity.org/http://packetstormsecurity.org/http://www.securityfocus.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

14/20

Vulnerability Research Sources for Penetration Testers

us-cert.gov

cve.mitre.org

secunia.com vupen.com

http://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/cve.mitre.orghttp://localhost/var/www/apps/conversion/tmp/scratch_5/secunia.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/vupen.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/vupen.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/secunia.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/cve.mitre.orghttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.gov

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

15/20

Commercial Tools for Penetration Testers

Metasploit pro

NeXpose

SAINT

IBM Rational Appscan

Immunity canvas

Core impact

Nessus professional feed

HP Web Inspect

Acunetix WVS

And many others .

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

16/20

Penetration Testing Methodologies

NIST 800-115 (Technical Guide for Information Security

Testing)

OSSTMM (Open Source Security Testing Methodology

Manual)

OWASP Testing Guide

ISSAF (Information Systems Security Assessment

Framework)

Penetration Testing Framework PTES (Penetration Testing Execution Standard)

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

17/20

Penetration Test Report

This is The most important thing in penetrationtesting process

We show managers and technical guys atcompany what vulnerabilities they have in eithertheir Network ,systems ,web apps , mobile apps ,wireless and how they can secure them withdetailed and clear explanation

You can download and view a very goodpenetration testing reports :

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

18/20

Introduction : References -1

Vulnerability Types

http://nvd.nist.gov/cwe.cfm

Top Vulnerabilities

http://secunia.com/resources/reports/

Exploit Availability Repositories

http://www.exploit-db.com/

http://packetstormsecurity.org/

http://securityreason.com/

http://nvd.nist.gov/cwe.cfmhttp://secunia.com/resources/reports/http://www.exploit-db.com/http://packetstormsecurity.org/http://securityreason.com/http://securityreason.com/http://packetstormsecurity.org/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://secunia.com/resources/reports/http://secunia.com/resources/reports/http://nvd.nist.gov/cwe.cfm

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

19/20

Introduction : References -2

NIST 800-115: http://csrc.nist.gov/publications/nistpubs/800-

115/SP800-115.pdf

OSSTM: http://www.isecom.org/osstmm/

OWASP Testing Project:

https://www.owasp.org/index.php/OWASP_Testing_Project

ISSAF: http://www.oissg.org/issaf

Penetration Testing Framework:

http://www.vulnerabilityassessment.co.uk/Penetration%20Tes

t.html

PTES: http://www.pentest-standard.org/index.php/Main_Page Interesting discussion on the use of standards:

http://resources.infosecinstitute.com/standards-for-

penetration-testing/

http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://www.isecom.org/osstmm/https://www.owasp.org/index.php/OWASP_Testing_Projecthttp://www.oissg.org/issafhttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.pentest-standard.org/index.php/Main_Pagehttp://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.oissg.org/issafhttps://www.owasp.org/index.php/OWASP_Testing_Projecthttps://www.owasp.org/index.php/OWASP_Testing_Projecthttp://www.isecom.org/osstmm/http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-

8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf

20/20

Introduction : References -3

http://www.vulnerabilityassessment.co.uk/rep

ort%20template.html

Penetration test reports

http://www.mediafire.com/?wl969qbtptzfp13

http://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.html