Module 1- Solid Introduction to Penetration Testing .pdf
Transcript of Module 1- Solid Introduction to Penetration Testing .pdf
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
1/20
CODENAME: Samurai Skills
Course
Module 1: Solid Introduction to
Penetration TestingNinja-Sec.com
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
2/20
What is a Penetration Test?
A method of evaluating the security of a computer system or
network by simulating an attack from a malicious source that may
involve active exploitation of security vulnerabilities. The process
involves an active analysis of the system for any potentialvulnerabilities that may result from poor or improper system
configuration, known and/or unknown hardware or software flaws,
or operational weaknesses in process or technical
countermeasures.
Wow This Is a Nice Big Statement, but how do we define a serviceout of it?
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
3/20
Penetration Testing Services
Finding vulnerabilities in applications and protocols through custom
exploit development
A service where exploits and tools may need to be written on the fly
during the assessment.
Identifying and exploiting code and business logic insecurities in web
applications Tricking someone into divulging sensitive information
Testing the physical security protections of an organization
Cracking a network perimeter, exfiltration data and demonstrating
impact of successful penetrations.
Attempting to gain access to a system while evading securitymonitoring capabilities
Finding as many weaknesses in technical controls as quickly as possible
Simply validating findings identified during a vulnerability assessment
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
4/20
One CurrentApproach to Definitions
We sometimes define a penetration tests by
the level of knowledge the tester will have of
the infrastructure to be tested:
White Box: Full prior knowledge
Black Box: No knowledge
Grey Box or Crystal Box: Some variation inbetween
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
5/20
Another Current Approach to Definitions
A somewhat better approach is to define a penetration tests
by the technology and/or activity:
Network Services penetration test
Wireless Security penetration test Web Application penetration test
Social Engineering penetration test
Physical penetration test
Client Side penetration test Mobile Application Penetration test
etc.
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
6/20
Community Wide Efforts for Improving Competency
National Board of Information Security
Examiners (NBISE)
Council for Registered Ethical Security Testers
(CREST)
Penetration Testing Execution Standard (PTES)
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
7/20
Penetration Testing Overall Process
Reconnaissance
Scanning
Exploitation Reporting
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
8/20
What Are Penetration Testing Goals ?
Independently assess a system from the viewpoint of a
malicious attacker, whether a malicious insider or an
uninformed outsider.
determining business impact from a successful attack. Test information security detection and responsecapabilities in ways only an actual cyber-attack can.
Test a system with active exploitation tools and
techniques, validating both technical and non-technicalvulnerabilities.
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
9/20
What are Goals of this course?
we made our course to provide you with theability to conduct an effective hands on penetrationtest
we are focusing on medium level penetration test(NS|PT)
we have another course that focusing onAdvanced level penetration test (NS|APT)
we have a dedicated online penetration testinglabs that mimic REAL WORLD Penetration TestingScenarios
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
10/20
Vulnerability Assessment Vs. Penetration Testing
Both Are Different dont Mix!
Vulnerability Assessment : just find and report
Vulnerabilities in a system network with outtrying to exploit these vulnerabilities
Penetration Testing : Finding and Exploiting these
vulnerabilities and take advantage of them togoing deeper on system or network and gainmore power on system
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
11/20
Vulnerability Vs. Exploit
Vulnerabilityis a flaw or weakness in a system
that an attacker can exploit it to gain more
power on the system
Exploitis a piece of code or a technique that
can be used by an attacker to take advantage
of a vulnerability
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
12/20
Types of Vulnerabilities and Exploits
Vulnerabilities types :
Network Service Vulnerabilities
Web Application Vulnerabilities
Mobile Application Vulnerabilities
Local Service Vulnerabilities System Vulnerabilities
Human Vulnerabilities
Physical Vulnerabilities
Exploits Types :
Remote Exploit
Local Exploit
Dos Exploit
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
13/20
Exploits and tools sources for Penetration Testers
http://www.exploit-db.com
http://www.securityfocus.com
http://packetstormsecurity.org
http://www.exploit-db.com/http://www.securityfocus.com/http://packetstormsecurity.org/http://packetstormsecurity.org/http://packetstormsecurity.org/http://www.securityfocus.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/ -
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
14/20
Vulnerability Research Sources for Penetration Testers
us-cert.gov
cve.mitre.org
secunia.com vupen.com
http://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/cve.mitre.orghttp://localhost/var/www/apps/conversion/tmp/scratch_5/secunia.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/vupen.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/vupen.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/secunia.comhttp://localhost/var/www/apps/conversion/tmp/scratch_5/cve.mitre.orghttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.govhttp://localhost/var/www/apps/conversion/tmp/scratch_5/us-cert.gov -
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
15/20
Commercial Tools for Penetration Testers
Metasploit pro
NeXpose
SAINT
IBM Rational Appscan
Immunity canvas
Core impact
Nessus professional feed
HP Web Inspect
Acunetix WVS
And many others .
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
16/20
Penetration Testing Methodologies
NIST 800-115 (Technical Guide for Information Security
Testing)
OSSTMM (Open Source Security Testing Methodology
Manual)
OWASP Testing Guide
ISSAF (Information Systems Security Assessment
Framework)
Penetration Testing Framework PTES (Penetration Testing Execution Standard)
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
17/20
Penetration Test Report
This is The most important thing in penetrationtesting process
We show managers and technical guys atcompany what vulnerabilities they have in eithertheir Network ,systems ,web apps , mobile apps ,wireless and how they can secure them withdetailed and clear explanation
You can download and view a very goodpenetration testing reports :
-
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
18/20
Introduction : References -1
Vulnerability Types
http://nvd.nist.gov/cwe.cfm
Top Vulnerabilities
http://secunia.com/resources/reports/
Exploit Availability Repositories
http://www.exploit-db.com/
http://packetstormsecurity.org/
http://securityreason.com/
http://nvd.nist.gov/cwe.cfmhttp://secunia.com/resources/reports/http://www.exploit-db.com/http://packetstormsecurity.org/http://securityreason.com/http://securityreason.com/http://packetstormsecurity.org/http://www.exploit-db.com/http://www.exploit-db.com/http://www.exploit-db.com/http://secunia.com/resources/reports/http://secunia.com/resources/reports/http://nvd.nist.gov/cwe.cfm -
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
19/20
Introduction : References -2
NIST 800-115: http://csrc.nist.gov/publications/nistpubs/800-
115/SP800-115.pdf
OSSTM: http://www.isecom.org/osstmm/
OWASP Testing Project:
https://www.owasp.org/index.php/OWASP_Testing_Project
ISSAF: http://www.oissg.org/issaf
Penetration Testing Framework:
http://www.vulnerabilityassessment.co.uk/Penetration%20Tes
t.html
PTES: http://www.pentest-standard.org/index.php/Main_Page Interesting discussion on the use of standards:
http://resources.infosecinstitute.com/standards-for-
penetration-testing/
http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://www.isecom.org/osstmm/https://www.owasp.org/index.php/OWASP_Testing_Projecthttp://www.oissg.org/issafhttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.pentest-standard.org/index.php/Main_Pagehttp://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://resources.infosecinstitute.com/standards-for-http://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.vulnerabilityassessment.co.uk/Penetration%20Teshttp://www.oissg.org/issafhttps://www.owasp.org/index.php/OWASP_Testing_Projecthttps://www.owasp.org/index.php/OWASP_Testing_Projecthttp://www.isecom.org/osstmm/http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800-http://csrc.nist.gov/publications/nistpubs/800- -
8/9/2019 Module 1- Solid Introduction to Penetration Testing .pdf
20/20
Introduction : References -3
http://www.vulnerabilityassessment.co.uk/rep
ort%20template.html
Penetration test reports
http://www.mediafire.com/?wl969qbtptzfp13
http://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.mediafire.com/?wl969qbtptzfp13http://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.htmlhttp://www.vulnerabilityassessment.co.uk/report%20template.html